[Chango_BB]

I want to share this news. Everyone know about the security vulnerabilities of Android but here is something that BB can take advantage of and go after the government agencies and tell them: "Hey you know the risks, if you don't please read here and by the way I am not saying it is your own government".

http://news.cnet.com/8301-1009_3-57600105-83/android-security-threats-concern-fbi-dhs/

Android security holes worry FBI, DHS
August 26, 2013 | Zack Whittaker
Federal government security experts are increasingly uneasy about the threats to law enforcement from using older versions of the mobile OS.


The FBI and the Department of Homeland Security are increasingly aware of the threats that law enforcement officers and officials face at a federal, state, and local level by using older versions of the Android mobile operating system, according to a document obtained by Public Intelligence, a group focused on releasing government information to the masses.

According to the document (PDF) -- marked as unclassified but "for official use only," and designed for police, fire, emergency medical services, and security personnel -- upwards of 44 percent of Android users worldwide are still using Android versions 2.3.3 to 2.3.7, which still contain security vulnerabilities fixed in later versions.

The document, which is a month old but was posted by Public Intelligence late last week, does not state how many US government agencies are using Android, let alone older versions of Android, on their networks.

Android continues to be a "primary target for malware attacks due to its market share and open source architecture," the document states, and an uptick in mobile device use by government staffers "makes it more important than ever to keep mobile [operating systems] patched and up-to-date."

Some highlights from the report:

79 percent of mobile malware threats affect Android, while 19 percent target Symbian. Windows Mobile, BlackBerry, iOS, and others all peg in at less than 1 percent each. (The source of the figures is not known.)
SMS text messages represent "nearly half" of the malicious applications circulating today on older Android operating systems. Users can mitigate by installing Android security suites on their devices.
Rootkits also pose a massive threat. The DHS/FBI document notes that in late 2011, popular rootkit Carrier IQ was installed on millions of devices, including Apple iPhones (though Apple later removed the software) and dozens of different types of Android devices. These rootkits often go undetected and can log usernames, passwords, and traffic without the user's knowledge -- a serious security risk in a government setting.
Fake Google Play domains are sites created by cybercriminals, the document notes, which replicate the Android application store to trick users into installing fake or malicious apps. DHS/FBI note that only IT-approved updates should be allowed, hinting that IT department should ensure secure IT policies from back-end mobile device management services.
This story originally posted as "Millions of Android users vulnerable to security threats, say feds" on ZDNet.

[raino]

http://forums.crackberry.com/android...y-feds-843077/

Join us here to discuss!

[bennelong]

More reading material.
http://arstechnica.com/tech-policy/2...es-on-android/
Without end-users and corporations playing safely the Internet ecosystem stands to become very muddied indeed. How many free Android App users realise that the presenters of in-app advertising (essentially links to websites) inherit by default - the same permissions as the app in which they are contained?
It's been said before. "If it's free, then YOU are the Product"

Z10 via CB 10

[badiyee]

just to be fair to them, i don't think devices that are 4.0 and above are THAT vulnerable. If memory serves me right, the ones pre-ICS are very vulnerable to malwares, but 4.0 and onwards are more resilient, no?

[JasW]

just to be fair to them, i don't think devices that are 4.0 and above are THAT vulnerable. If memory serves me right, the ones pre-ICS are very vulnerable to malwares, but 4.0 and onwards are more resilient, no?

They're not vulnerable, and most people harping on it are just reading badly written headlines. If you buy an Android-based device in 2013, this doesn't apply. It's like people still running Windows XP after MS stops supporting it in April -- you're going to be vulnerable to things because there are no longer security patches being issued. So let's see the headline "Windows security holes worry FBI, DHS."

[kbz1960]

The fbi and dhs wouldn't be using the Android that everyone else uses. There is a special version for these purposes. Now if the police are using consumer android then yep but they should also be limited in what they can put on it.

[qbnkelt]

The fbi and dhs wouldn't be using the Android that everyone else uses. There is a special version for these purposes. Now if the police are using consumer android then yep but they should also be limited in what they can put on it.

These would be locked Locked LOCKED down.




Sent from my iPhone using Tapatalk - now Free

[badiyee]

These would be locked Locked LOCKED down.

I would ask a fairly technical question (to which even I don't have answers, else why I'm asking?).

Will a BlackBerry, WP, or Apple be better option to this locked Locked LOCKED down Android?
Or rather
will a BlackBerry, WP, or Apple needs to be locked down just to pass the usage for the federal officers?



Sent from my iPhone using Tapatalk - now Free

[qbnkelt]

I would ask a fairly technical question (to which even I don't have answers, else why I'm asking?).

Will a BlackBerry, WP, or Apple be better option to this locked Locked LOCKED down Android?
Or rather
will a BlackBerry, WP, or Apple needs to be locked down just to pass the usage for the federal officers?

On your two questions -

1) First question - The definition of "better" is dependent upon the needs of an agency. Example - for an agency that needs security above everything else and needs little in terms of third party applications, or custom applications, BlackBerry on BES is the best possible solution. That said
a) There are instances where "good enough" security is secondary to the need for custom apps. Example - the ability to develop a tracking app for management the upkeep/maintenance of items at the Smithsonian museum.
b) There may be instances where a secure agency may need the best security that can be achieved along with custom apps. Example - DoD, where field apps are developed and used on Samsung and iOS devices. And no, I am not speaking of Top Secret level security. BlackBerry *is not* approved at the Top Secret level.
2) Second question - Related to my first response, all devices are locked down dependent upon the need of the agency. At the stringest level of BES, you cannot even use the browser, let alone load an app from BlackBerry World. There are configurations that fall below that extreme, such as my agency, where I cannot use BlackBerry World and where BBM had been blocked up until two years ago and where camera-less devices were needed. I have not seen WP devices deployed but any iPhone or Android would similarly be locked down depending on the need and requirement of the agency.

My personal preference in the workplace is BlackBerry on BES and I've done all I can to keep BlackBerry here. But the climate *is* changing. Samsung/Knox is receiving *a lot* of attention. I just fought down a Google Nexus suggestion. Because for my agency, BlackBerry on BES is the best possible solution. For my personal devices, I use all four platforms - BBOS, BB10, iOS and Android.

[badiyee]

interesting. I've heard of stories that Mr. President Obama is the only president not to use the special handphone made for them, I presume that's the ONLY device that has the *TOP SECRET* clearance. Thanks for the info.

Here's a follow up question though. Is Samsung Knox really that good compared to BES? (let's put aside the crappy Samsung lame tongue-in-cheek youtube video of "if i can't use BBM, there's always facebook messenger" fiasco of a mess)

[qbnkelt]

interesting. I've heard of stories that Mr. President Obama is the only president not to use the special handphone made for them, I presume that's the ONLY device that has the *TOP SECRET* clearance. Thanks for the info.

Here's a follow up question though. Is Samsung Knox really that good compared to BES? (let's put aside the crappy Samsung lame tongue-in-cheek youtube video of "if i can't use BBM, there's always facebook messenger" fiasco of a mess)

Ah I haven't seen Knox.

I haven't even seen BES10....that's my current battle, to keep us on BlackBerry.


Sent from my iPhone using Tapatalk - now Free

[marksthespot60]

FBI can remotely activate mics in android phones and listen into your illegal life. Wahoo

Posted via CB10

[darkehawke]

You want Blackberry to use the fact that their product is more secure then outdated Android software?
I notice it only related to GB and not ICS
This, is not anything to use here.

[Troy Tiscareno]

FBI can remotely activate mics in android phones and listen into your illegal life. Wahoo

...just like it can with every other brand of cell phone, even feature phones.

[Tre Lawrence]

You want Blackberry to use the fact that their product is more secure then outdated Android software?
I notice it only related to GB and not ICS
This, is not anything to use here.

Exactly. People think the management folks in Waterloo are crazy. Folks suggest these hilarious ad/awareness ideas, and don't stop to think how out of touch they'd make BBRY look.

[castano22]

just to be fair to them, i don't think devices that are 4.0 and above are THAT vulnerable. If memory serves me right, the ones pre-ICS are very vulnerable to malwares, but 4.0 and onwards are more resilient, no?

Yes but there are a lot of vulnerabilities within the apps that are being made

Posted via CB10

[badiyee]

Yes but there are a lot of vulnerabilities within the apps that are being made

Posted via CB10

I agree. Even with a legacy BBOS device, its hackable when the program opens up the door from within, not externally.

Still, if there's a market for BES, that means there's still room for BlackBerry to capitalize on to take advantage in their solutions. Its just that, I am led to believe, that a lot of people don't want to include BlackBerry devices into that equation of MDM end-to-end solution.

[darkehawke]

I feel most of the people are still unaware about the security vulnerabilities of Android, but the above information given is quite informative and will help the one to know more about the android and its various features.

Again for the majority of Android users this article is irrelevant!
It only focuses on old android versions.


Posted via CB10

[bennelong]

This is something unpatched which is or should be of some concern to Apple users:
http://nakedsecurity.sophos.com/2013...-from-a-crash/

Z10 via CB 10

[TgeekB]

Again for the majority of Android users this article is irrelevant!
It only focuses on old android versions.


Posted via CB10

You can keep stating this but they don't get it, or don't want to get it. Everything is vulnerable to a certain degree. It is the user that determines how vulnerable.

[darkehawke]

You can keep stating this but they don't get it, or don't want to get it. Everything is vulnerable to a certain degree. It is the user that determines how vulnerable.

I know right.
And they complain about BlackBerry being out of touch!

Posted via CB10

[castano22]

Android 4.2 and soon to be 4.3 is safe only to a certainly degree. Because of it being open source os is can easily be hacked with the right knowledge. But even with rooting (hacking) the device you begin to notice a lot of security wholes within the device(s).

If you ever go to xda-developers or any other Android site you will eventually see post on security wholes that are constantly being patched by the community and eventually Google or other OEMs- sometimes even using the patches created by the de community.

Now I'm not saying Android is completely vulnerable, but sometimes to even secure your Android device even more you have to root it and install security apps to protect yourself from others accessing your device through root and stealing all your information.

Posted via CB10