[Rayysai]

Hi all,

I tried searching for this but couldn't find anything directly related (even when it recommended 'similar threads' as I created this post). If there is then kindly point me to that post.

I'm just trying to understand the implications of BB10 not going through BIS anymore (as it seems to be the case).

1. Wasn't it BIS that made Blackberry's communication so encrypted and secure (outside of BES)? What happens now?
2. Wasn't it BIS that compressed the data used so that we were able to get more data use out of our phone plans than the rest? This was a big selling point for people that travelled and roamed using data a lot. What happens now? Is it compressed at all? any more or less than iphone/samsung?
3. Is BBM the only thing going through BIS on BB10, or is all of our data going through BIS on BB10, or is none of it? One of the reasons I enjoy doing mobile banking on my 9900 is because I know it's a secure connection through the BIS--as I understood. Is this no longer the case?
4. If BIS is out of the picture, what is Blackberry going to use it for (outside of BB7 devices)?

Thanks

[Rayysai]

Okay so i got the answer to #2 in the other thread re the following:

Synching won't use much data.

Compression isn't making as much of a difference to your data usage as you think it is because the only things that you would want to compress can't be compressed any further than they already are. For streamed audio and video (the real data consumers) there's simply no way that just running through BIS could be compressing it. The only way to compress that kind of data is by transcoding it on the fly, and thats very CPU intensive and radically reduces quality and fundamentally its not the same file that you get on the other end. If you don't believe me, pick yourself a short video and tell WinRAR to compress it with the highest level of compression. It'll spit out a RAR the same size as the video. That kind of data just can't be compressed like that; it is already compressed as well as it can be for the data that is there. If anything, the removal of BIS should improve your browsing experience because being routed through RIMs servers means the data takes longer to move because it has more hops to navigate. That's why blackberry browsers have always felt even less competitive than the competition, because it takes an extra second or two to even start loading. That's not a specs thing, thats a BIS thing.

As for the playbook, I can't imagine that it will make a significant difference to that. Certainly as they are upgrading the playbook to BB10, they can't have just forgotten it and will have ensured that one of the core features that sold it to a lot of us (the lack of a need for a separate data line) has stayed intact.

[willie44]

1. Most mail servers will used SSL/TLS to encrypted data that it sends to the phone. This was not the case many years ago. SSL certificates were very expensive.
2. You found your answer I see.
3. BBM messages would still use the Blackberry's BIS/NOC. No difference there. I am guessing you are using the 9900's web browser. The bank's website will encrypt the data to and from the phone.
4. They will us it for BBM Video Chat and many other services

I hope this helps.

[mc177]

Just a follow up question, i know maybe android is not so secure if someone decided to target you since its open source and if rooted is more vulnerable. But is the order of security now as follows: BB Legacy OS> BB10/iOS > Android?

[R1cowl]

My question is, if there are a lot of ported Android apps in BlackBerry World does that increase the risk to my phone? Is there a way to tell which apps are android ports so I know to stay away from them?

[Admorris]

My question is, if there are a lot of ported Android apps in BlackBerry World does that increase the risk to my phone? Is there a way to tell which apps are android ports so I know to stay away from them?

I honestly would not worry too much about security (or lack thereof). Of the millions and millions of Android phones sold, the actual documented security breaches where people have had data compromised is ridiculously small...infinitesimal actually. It's just the new buzzword that Android haters use now that they rule the mobile phone world...similar to people calling the iPhone stale or calling their devoted fans "fanboys".

There is no way to tell what apps are android within Blackberry World by the way.

Sent from my SAMSUNG-SGH-I317 using Tapatalk 2

[mrfreetruth]

I honestly would not worry too much about security (or lack thereof). Of the millions and millions of Android phones sold, the actual documented security breaches where people have had data compromised is ridiculously small...infinitesimal actually. It's just the new buzzword that Android haters use now that they rule the mobile phone world...similar to people calling the iPhone stale or calling their devoted fans "fanboys".

There is no way to tell what apps are android within Blackberry World by the way.

Sent from my SAMSUNG-SGH-I317 using Tapatalk 2

Not true. I wouldn't dare do any business on my SG3 which is why I still used a bold 9900. You have no idea how many actual security breaches are simply not documented. I know one company that had BYOD and then had a major security breach . You think they ran out to tell the world about it? It's amazing how the masses are in the dark.

[Admorris]

Not true. I wouldn't dare do any business on my SG3 which is why I still used a bold 9900. You have no idea how many actual security breaches are simply not documented. I know one company that had BYOD and then had a major security breach . You think they ran out to tell the world about it? It's amazing how the masses are in the dark.

It's a conspiracy against BB


And I totally agree about the masses being in the dark

Sent from my SAMSUNG-SGH-I317 using Tapatalk 2

[Rickroller]

Not true. I wouldn't dare do any business on my SG3 which is why I still used a bold 9900. You have no idea how many actual security breaches are simply not documented. I know one company that had BYOD and then had a major security breach . You think they ran out to tell the world about it? It's amazing how the masses are in the dark.

What was the "major" security breach?

[kbz1960]

I think the fips security on BB's has always been more on BES environment than the BIS environment. The one thing about bb is that it can't be rooted like the other systems. That doesn't mean that a browser attack can't happen either though, it just won't get to the OS.

[jackdagripper]

This Powerful Spy Software Is Being Abused By Governments Around The World
Read more: Countries With FinFisher Spying Software - Business Insider

[kbz1960]

This Powerful Spy Software Is Being Abused By Governments Around The World
Read more: Countries With FinFisher Spying Software - Business Insider

So how do we know your links are not infections?

[jackdagripper]

So how do we know your links are infections?

Did you mean, "not infections"? ?

[kbz1960]

Did you mean, "not infections"? ?

Yes, damn brain finger connection lol

[jackdagripper]

Yes, damn brain finger connection lol

Brain fingers...it happens....
No their NOT infections. Why would I do such a thing? Only trying to inform people of what is out there. Not saying it will happen to you or anyone else, but the possibilities do exist.

[kbz1960]

Brain fingers...it happens....
No their NOT infections. Why would I do such a thing? Only trying to inform people of what is out there. Not saying it will happen to you or anyone else, but the possibilities do exist.

I'm not saying they are. Just you're a new member, or don't post often. Tend to be the ones people don't trust.

[jackdagripper]

I understand that completely.
But like I said, I'm just informing people of what's out there. I too value my security and privacy as much as anyone else when it comes to mobile phones, whether it be Blackberry, Android or IOS.
I'm not forcing you or anyone to check the links. That is totally up you.

[naviwilliams]

I removed the Spy Files link(s). This article is so old, and I think we've probably moved on technology wise and security wise, too, since 2011...

[jackdagripper]

I removed the Spy Files link(s). This article is so old, and I think we've probably moved on technology wise and security wise, too, since 2011...

True...it's probably built into the BB10 software by now.

This has more up to date info.

There is an entire section of the report that covers FinSpy mobile, with technical details: https://citizenlab.org/storage/finfi...ireyesonly.pdf

[f_d]

BES is the product that made BlackBerry secure for business and government users.. BIS also used encryption, but it was "consumer grade", and not intended for high security (there is facility for law enforcement access in BIS that does not exist in BES).

Getting rid of BIS actually increases security in some instances: if your email service supports SSL/TLS, you're actually potentially more secure than with BIS transport..

There's actually lots of information about the security measures on the BlackBerry Web site..


Posted via CB10

[MarsupilamiX]

Answer:
Dear BES admins, I need some help...

Posted via CB10

[belfastdispatcher]

BES is the product that made BlackBerry secure for business and government users.. BIS also used encryption, but it was "consumer grade", and not intended for high security (there is facility for law enforcement access in BIS that does not exist in BES).

Getting rid of BIS actually increases security in some instances: if your email service supports SSL/TLS, you're actually potentially more secure than with BIS transport..

There's actually lots of information about the security measures on the BlackBerry Web site..


Posted via CB10

How is that more secure? BIS runs on top of the ssl/tls, it's not one or the other. n email setup I have the use ssl box ticked.


And when was the BIS network EVER hacked?

Posted via CB10

[MiSsY_]

My question is, if there are a lot of ported Android apps in BlackBerry World does that increase the risk to my phone? Is there a way to tell which apps are android ports so I know to stay away from them?

They use the Android runtime, so no there's no risk.
No real way to tell, you could always check the link to the Dev site which might say, but sometimes you can take a pretty good guess just by having a look at the details info etc

Posted via CB10 from my Z10

[gariac]

Unfortunately this thread wanders a bit. Specifically, if you want to see if you are on BIS, turn off your wifi. The enter IP Address Geolocation to Identify Website Visitor's Geographical Location on the browser. It should identify you being on a rim server. In my case on my 9780, it shows me in Farmington Michigan.

On my phone, when I am on wifi, BIS is bypassed on the browser. My own ISP shows up.

If you load a 3rd party browser other than Opera, you should see the network of your carrier. I used to have Bolt on my phone, and in my case it would show me being in Los Angeles. In realty, I'm in neither location.

There is something to be said for signing up for a VPN and just being secure no matter where you are.
proXPN VPN | Get your FREE proXPN VPN account now!
has been advertising on TWIT. The price drops to a bit over $5 if you use TWIT when you sign up. Note I have no first hand experience with this provider, but the price is right. ;-) You need a fast VPN for streaming.

BTW, I noticed there is a free open source Android implementation of openVPN from code.google.com. On my TODO list is to take the APK and do a BAR conversion. I can test it on my playbook.

[f_d]

How is that more secure? BIS runs on top of the ssl/tls, it's not one or the other. n email setup I have the use ssl box ticked.


And when was the BIS network EVER hacked?

Posted via CB10

With BIS, the email relationship is essentially proxied and you do NOT get both encryptions.. BIS talks to the various mail servers on your behalf, and this portion of the connection is protected using SSL/TLS where applicable, but then it has to transmit the emails to your phone, and this connection is protected via a weak mechanism, that BlackBerry themselves advise you to only consider as "scrambled".. You are also trusting the carrier/ BlackBerry with your email credentials so that the BIS can get your emails for you.. BIS was enjoyed because the proxy relationship allowed the BIS and BlackBerry infrastructure to do the heavy lifting and give you very fast push email, data compression and things like quick PDF rendering (the BIS would intercept the attachment, run it through Acrobat and extract the content on the fly and send down text or a compressed version), but this essentially meant that BlackBerry servers were "reading" your emails before delivering..

In the new BB10 model, there is no BIS "scrambling": your handset talks SSL/TLS directly with your email server.. Your credentials and passwords remain only on your device and are not shared with anyone.. This is a much more secure model but the email server must support push, and because BlackBerry cannot see past the encryption, they can no longer provide compression and attachment processing..

On BES though, you do get the extra BES encryption as well as SSL/TLS, but this is enterprise grade.

And I never said anything about BIS being hacked.. That system is monitored 24/7 by BlackBerry, but just because they're never been hacked doesn't mean that the protocols that they've chosen are secure..

Posted via CB10