[deadcowboy]

Is BB10 inherently more secure than Android because? BB10 is based upon a microkernel architecture that allows low-level hardware control. Whereas Android is based on a monolithic kernel, which I assume requires extensive use of API's to talk to hardware.

For smart folk out there, is this something that could make BB10 inherently more secure than Android?

Posted via CB10

[conite]

Certainly BB10 has some inherent properties that make it less vulnerable, although it's hard to put a number on it.

But, had BB10 become the dominant OS with 88% of the global market share (like Android is now), the NSA/CIA would have hacked it to bits too.

[anki7]

Exactly. With complex software, there's going to be holes somewhere. Most of the time, it's vulnerable via user stupidity. That stupid saying, "a secure system is a system not used", or connected to some network.

50 6F 73 74 65 64 20 76 69 61 20 43 42 31 30

[thurask]

Exactly. With complex software, there's going to be holes somewhere. Most of the time, it's vulnerable via user stupidity. That stupid saying, "a secure system is a system not used", or connected to some network.

50 6F 73 74 65 64 20 76 69 61 20 43 42 31 30

Some stuff inside Vault 7 shows that even air gaps can be foiled with enough effort.

[anki7]

Some stuff inside Vault 7 shows that even air gaps can be foiled with enough effort.

Oh yeah, I remember reading about that a while ago. It was Disk Filtration or something like that.

50 6F 73 74 65 64 20 76 69 61 20 43 42 31 30

[Thud Hardsmack]

QNX: Security Architecture Whitepaper

As related to its implementation in BB10. It has some advantages and disadvantages just like anything else; BlackBerry had to work to make it as secure as it is.

[DrBoomBotz]

BB10 is based upon a microkernel architecture that allows low-level hardware control.

In both cases only kernel space has direct access to the hardware.

Whereas Android is based on a monolithic kernel, which I assume requires extensive use of API's to talk to hardware.

You know what they say about assumptions.
Seriously I can't make much sense out of your post.

[AluminiumRims]

Security has nothing to do with microkernel vs monolithic kernel. It depends how well you have designed your operating system.

[app_Developer]

Security has nothing to do with microkernel vs monolithic kernel. It depends how well you have designed your operating system.

I'd argue that microkernel design can give you some advantages in securing the kernel. That doesn't mean, however, that microkernels are automatically more secure than monolithic.

As with all things, the devils are in the actual implementation. QNX is very solid work from a security perspective, IMO. However, as someone else pointed out already, that doesn't matter in phones since QNX is hardly used in phones anymore.

[deadcowboy]

I'd argue that microkernel design can give you some advantages in securing the kernel. That doesn't mean, however, that microkernels are automatically more secure than monolithic.

As with all things, the devils are in the actual implementation. QNX is very solid work from a security perspective, IMO. However, as someone else pointed out already, that doesn't matter in phones since QNX is hardly used in phones anymore.

Do microkernels have the potential to be more secure than monolithic kernels? I could see the opposite being true as well, due to low level access.

Thanks for all the replies, I find this subject fascinating, although I know very little besides some cursory vocabulary.

Posted via CB10

[app_Developer]

Do microkernels have the potential to be more secure than monolithic kernels?

I think so, and I think it's a factor in why QNX is so good in that respect. When you have less code running in privileged modes, you have less surface area open to attack (all else being equal), and you have a better chance of getting your testing/controls right as the kernel evolves (again, all else being equal).

I think QNX has used this to great advantage. I also think, more importantly, they've cared deeply about security from very early days and that culture of security is a bigger reason why QNX is so secure.

[EFats]

Do microkernels have the potential to be more secure than monolithic kernels? I could see the opposite being true as well, due to low level access.

No, you need to go do some homework. I don't think you quite understand the difference in OS architectures, but to be fair it is not a topic for most users!

At some point all OS needs to have low level access in order to control the hardware.
A microkernel approach can have advantages because the very privileged access is restricted to just the kernel itself. Everything else, user apps, even drivers, would be outside of this space.
At the opposite end of the spectrum, everything gets privileged access which of course is dangerous. In practice, the kernel, drivers & some other core stuff that no user would/should touch is given some level of access. Not user apps, of course.
Typically the tradeoff is microkernel is smaller, but the OS is slower because even drivers have to pass through the kernel to get access.

Of course you can easily make microkernel less secure than monolithic option and microkernel can be very fast & efficient too (as BB10 has shown).

Also, as BlackBerry well knows, security is more than the kernel, more than the OS, it is the entire system. (This is how CIA can hack the Samsung smart TV, according to latest Wikileaks. Same method wouldn't be so easy on a BlackBerry phone, 7 or 10. It's why boot time takes a bit longer too.)

While I'm at it, XDA Developers been around a while, Cyanogen, etc. Because the _system_ was open and relatively easy to hack. Even back in the BB7 days when it was the dominant device, not so easy to root. Not impossible as Dingleberry has shown. BB was probably sloppy with the PlayBook, maybe why they required Bridge at first.


Sent from my BlackBerry 9900 using Tapatalk

[Vistaus]

Certainly BB10 has some inherent properties that make it less vulnerable, although it's hard to put a number on it.

But, had BB10 become the dominant OS with 88% of the global market share (like Android is now), the NSA/CIA would have hacked it to bits too.

OTOT, BB10 is used by some governments like the German government for example. Plenty of great info to obtain for hackers/the CIA.

Posted via CB10 using my amazing  Passport (OG Red) <3

[Soulstream]

Do microkernels have the potential to be more secure than monolithic kernels? I could see the opposite being true as well, due to low level access.

Thanks for all the replies, I find this subject fascinating, although I know very little besides some cursory vocabulary.

Posted via CB10

Potential to be more secure? yes, but it's not a guarantee. It all depends on the actual implementation.

[deadcowboy]

OTOT, BB10 is used by some governments like the German government for example. Plenty of great info to obtain for hackers/the CIA.

Posted via CB10 using my amazing  Passport (OG Red) <3

Well Obama had wire-tapped Merkel.

Posted via CB10

[deadcowboy]

No, you need to go do some homework. I don't think you quite understand the difference in OS architectures, but to be fair it is not a topic for most users!

At some point all OS needs to have low level access in order to control the hardware.
A microkernel approach can have advantages because the very privileged access is restricted to just the kernel itself. Everything else, user apps, even drivers, would be outside of this space.
At the opposite end of the spectrum, everything gets privileged access which of course is dangerous. In practice, the kernel, drivers & some other core stuff that no user would/should touch is given some level of access. Not user apps, of course.
Typically the tradeoff is microkernel is smaller, but the OS is slower because even drivers have to pass through the kernel to get access.

Of course you can easily make microkernel less secure than monolithic option and microkernel can be very fast & efficient too (as BB10 has shown).

Also, as BlackBerry well knows, security is more than the kernel, more than the OS, it is the entire system. (This is how CIA can hack the Samsung smart TV, according to latest Wikileaks. Same method wouldn't be so easy on a BlackBerry phone, 7 or 10. It's why boot time takes a bit longer too.)

While I'm at it, XDA Developers been around a while, Cyanogen, etc. Because the _system_ was open and relatively easy to hack. Even back in the BB7 days when it was the dominant device, not so easy to root. Not impossible as Dingleberry has shown. BB was probably sloppy with the PlayBook, maybe why they required Bridge at first.


Sent from my BlackBerry 9900 using Tapatalk

Great explanation, just the kind of info I'd need to go off and do my own further research (as now I know what to look for), thank you.

Posted via CB10

[jd smithers]

Well Obama had wire-tapped Merkel.

Posted via CB10

Hi,

As far as it was/is publicly known it was one of her phones for political party business. Not the BB10+secusmart edition for governmental business.

[deadcowboy]

Hi,

As far as it was/is publicly known it was one of her phones for political party business. Not the BB10+secusmart edition for governmental business.

Very interesting, thanks for the correction. I was mostly being provocatvie, but I'm elated that there's even a chance that BB10 wasn't involved in that situation.

I wonder then, for non-superpower countries, was a fleet of managed BB10 handsets the best option for security? And now that Chen killed BB10, options are limited for large companies, influential companies, smaller countries, etc?

Posted via CB10