[anon(9607753)]

It's really hilarious reading some of the posts that speculate that BlackBerry security is only a marketing phrase now.

Here's a suggestion for you. BlackBerry security webinars are announced all the time, and the BlackBerry devs are usually there talking all about this stuff. If you're so interested like you claim to be, then take the time to watch some in order to have your questions answered. Seek and thou shalt find. You can't be lazy though.

Here's Just a tidbit on one piece of the security built into the BlackBerry android platform.

BlackBerry Chief Security Officer David Kleidmacher on BlackBerry Integrity Detection Engine

(On Google's Android) "But one of the things it does not do is runtime integrity protection, so [what it does now] is kind of a boot time check. Which is great, really useful, but if malware gets into the system, and it’s able to get a hook into the system at runtime, you’ve not modified the flash firmware, but you’ve changed the runtime image. That’s also bad -- arguably worse -- because you can’t detect that.
We have something we call the BlackBerry Integrity Detection Engine -- we call it internally “BIDE.” And it is a runtime validation of the system, so we’re essentially underneath Android, something Google really can’t do, because it’s done in the firmware of the device. We’re looking up at Android; while it’s running, we’re watching it and measuring it, and observing it, and saying, “Does everything look okay?” That’s a really good example of something we do that your standard platform doesn’t do."

Just as one example...since we are talking about BlackBerry Android 7 security implementation in particular...have a look at this link from Qualcomm and the security features of the 625 processor:
https://www.qualcomm.com/products/features/security

Specifically this:
------
Qualcomm® Snapdragon™ Smart Protect uses real-time, machine learning-based malware detection, as well as hardware-based security features to better protect data on your device against attacks.
------
In light of the documents cited above I'd be more inclined to say Kleidmacher's BIDE sounds a lot more like BS. The native security capabilities of the Qualcomm chipset sound remarkably similar not only to BlackBerry integrity detection, but every other security feature BlackBerry claims is key to its 'most secure' Android.

In fact...I'd even go as far as to question if the 'unrootability' of BlackBerry Android devices is not also an oem enabled feature, thanks wholly to Qualcomm's hardware...at which point we are basically left with zero in terms of anything truly unique with BlackBerry's security implementation on Android 7.

[bb10adopter111]

Just as one example...since we are talking about BlackBerry Android 7 security implementation in particular...have a look at this link from Qualcomm and the security features of the 625 processor:
https://www.qualcomm.com/products/features/security

Specifically this:
------
Qualcomm® Snapdragon™ Smart Protect uses real-time, machine learning-based malware detection, as well as hardware-based security features to better protect data on your device against attacks.
------
In light of the documents cited above I'd be more inclined to say Kleidmacher's BIDE sounds a lot more like BS. The native security capabilities of the Qualcomm chipset sound remarkably similar not only to BlackBerry integrity detection, but every other security feature BlackBerry claims is key to its 'most secure' Android.

In fact...I'd even go as far as to question if the 'unrootability' of BlackBerry Android devices is not also an oem enabled feature, thanks wholly to Qualcomm's hardware...at which point we are basically left with zero in terms of anything truly unique with BlackBerry's security implementation on Android 7.

You make assertions without evidence, citing the lack of evidence to the contrary of your straw man theory as proof of your assertion.

It's one thing to be skeptical, but you're bordering on a completely fallacious argument.

Your theory is that the BlackBerry security "emperor" has no clothes, and you base your theory on the fact that Android, Qualcomm, etc. have improved the security capabilities of their products. Well of course they have.

But engineering and implementing a comprehensive security model is more than simply enabling features in an SOC and OS. Considering the fact that the BlackBerry team is widely respected and holds numerous parents in that domain I would put a lot more stock in their claims than yours.

I'm not claiming that only Blackberry's Android implementation is secure, but there is every reason to believe that theirs is as or more secure than anyone else's.

Posted with my trusty Z10

[anon(9607753)]

You make assertions without evidence, citing the lack of evidence to the contrary of your straw man theory as proof of your assertion.

It's one thing to be skeptical, but you're bordering on a completely fallacious argument.

Your theory is that the BlackBerry security "emperor" has no clothes, and you base your theory on the fact that Android, Qualcomm, etc. have improved the security capabilities of their products. Well of course they have.

But engineering and implementing a comprehensive security model is more than simply enabling features in an SOC and OS. Considering the fact that the BlackBerry team is widely respected and holds numerous parents in that domain I would put a lot more stock in their claims than yours.

I'm not claiming that only Blackberry's Android implementation is secure, but there is every reason to believe that theirs is as or more secure than anyone else's.

Posted with my trusty Z10

It must be frustrating to defend the indefensible, and have nothing but assumptions and bias to counter the numerous facts laid before you by myself and others. That is exactly my point. Your emperor having no clothes is a good analogy. Except BlackBerry is not the emperor, we (the customer) are...and BlackBerry's security is the robe. We are being told something is there without even being told what it is, and let our imaginations and good will fill in the blanks while being asked to pay a premium.

There is good reason to question it. There is nothing wrong with trying to better understand our trust and motivation for buying the product and how it truly stands out (or not) from others in the field.

We have to remember the obvious - that Android is not BlackBerry's OS. Anything they do cannot be anything more than an implementation of Google security, of its pre-existing features, and perhaps a layering on of some additional ones by way of software; and hardware customizations that are 100% chipset based (and by others).

My claim from the beginning has never been that BlackBerry did nothing. It is that under Android 7, many of the features that were claimed as 'unique' to BlackBerry Android two years ago appear to have either been mostly absorbed into standard Android...or as my last post suggests, integrated into the protections afforded by the Qualcomm chipset. So what is truly unique as a security implementation has become considerably less clear and is, in my opinion, severely wanting of a more detailed explanation that neither BlackBerry, nor it's 3rd party licensees, seem too keen on providing.

[bh7171]

I don't think security features is a selling point for most people otherwise BlackBerry would have been number 1 now , security doesn't sell

Unfortunately true. The average person/user does not care until it impacts them. The keyboard is a difference maker and always has been. It's smart for BlackBerry Mobile to leverage it. I bought a S7 Edge on an unreal T-Mobile sale. It's got Knox and I purchased the BlackBerry suite. It's a very capable phone with a excellent camera. I use Nova Launcher and it's very all touch BlackBerry like. The availability of the HUB was key although it's not as good as BlackBerry 10 at this time. I am going to take a VERY good look at the KeyOne when available. I want to feel it in my hand.

The White Knight-BlackBerry Passport

[sorinv]

It must be frustrating to defend the indefensible, and have nothing but assumptions and bias to counter the numerous facts laid before you by myself and others. That is exactly my point. Your emperor having no clothes is a good analogy. Except BlackBerry is not the emperor, we (the customer) are...and BlackBerry's security is the robe. We are being told something is there without even being told what it is, and let our imaginations and good will fill in the blanks while being asked to pay a premium.

There is good reason to question it. There is nothing wrong with trying to better understand our trust and motivation for buying the product and how it truly stands out (or not) from others in the field.

We have to remember the obvious - that Android is not BlackBerry's OS. Anything they do cannot be anything more than an implementation of Google security, of its pre-existing features, and perhaps a layering on of some additional ones by way of software; and hardware customizations that are 100% chipset based (and by others).

My claim from the beginning has never been that BlackBerry did nothing. It is that under Android 7, many of the features that were claimed as 'unique' to BlackBerry Android two years ago appear to have either been mostly absorbed into standard Android...or as my last post suggests, integrated into the protections afforded by the Qualcomm chipset. So what is truly unique as a security implementation has become considerably less clear and is, in my opinion, severely wanting of a more detailed explanation that neither BlackBerry, nor it's 3rd party licensees, seem too keen on providing.

Yes. The Qualcomm chips now have all those security features in hardware.
The hardware manufacturer, not the software manufacturer, is ultimately controlling how secure the phone is. They can do things that neither Google nor BlackBerry can prevent with whatever software code they write to interface with and control the hardware.

Posted via CB10

[bb10adopter111]

Yes. The Qualcomm chips now have all those security features in hardware.
The hardware manufacturer, not the software manufacturer, is ultimately controlling how secure the phone is. They can do things that neither Google nor BlackBerry can prevent with whatever software code they write to interface with and control the hardware.

Posted via CB10

Awesome! So, the SOC can protect enterprises stupid users, phishing schemes, social engineering hacks, etc.? Wow! Hardware saves the day!

Do you seriously believe that security is that easy? Just because an SOC and/or an OS has some security features that can be enabled does not magically create bulletproof end-to-end enterprise security. That still has to be engineered, tested, and certified in detail.

Despite its obvious failings from a mobile hardware strategy perspective, BlackBerry is still an unquestioned leader in the enterprise security space, with more security certifications than any other mobile provider. The kind of security required to protect enterprise resources is simply not the kind of easily obtainable commodity you suggest.

If a security consultant came in to our office and proposed that any decent Android implementation on a Qualcomm chip is just as secure as any other, he or she would be laughed out of the building by even the greenest I.T. Security professional.

[sorinv]

Please read my last sentence. Of course you put software on top of hardware to control the hardware. Hardware alone is not sufficient but neither is software. The software engineer must know the hardware details inside out to be able to secure it. Not all the hardware details are disclosed by the hardware manufacturer to a software developer. Not even to BlackBerry.

Some (hopefully not all) of the security features that only BlackBerry implemented a few years ago can now also be used by other vendors because they are provided by the hardware.

Phishing is a totally different matter and relies on user ignorance, laziness and stupidity. It can happen on an office laptop or office computer, not only on a phone.
The Democratic Convention phishing event, if true, is proof of that.


Posted via CB10

[bb10adopter111]

Please read my last sentence. Of course you put software on top of hardware to control the hardware. Hardware alone is not sufficient but neither is software. The software engineer must know the hardware details inside out to be able to secure it. Not all the hardware details are disclosed by the hardware manufacturer to a software developer. Not even to BlackBerry.

Some (hopefully not all) of the security features that only BlackBerry implemented a few years ago can now also be used by other vendors because they are provided by the hardware.

Phishing is a totally different matter and relies on user ignorance, laziness and stupidity. It can happen on an office laptop or office computer, not only on a phone.
The Democratic Convention phishing event, if true, is proof of that.


Posted via CB10

End to End security needs to deal with user error, too. That's my only point and why I mentioned Phishing. Users are going to screw up, but it can't cost you your critical data or systems.

Posted with my trusty Z10

[sorinv]

End to End security needs to deal with user error, too. That's my only point and why I mentioned Phishing. Users are going to screw up, but it can't cost you your critical data or systems.

Posted with my trusty Z10

Unlikely to ever happen. The human is the weakest link. The NSA and CIA got hacked or betrayed by their own and leaked on wikileaks.
Do you expect the average user to fair better?

Facebook apparently uses thousands of people in India to monitor fake news and offensive postings!?
How much do you think those people get paid or care?
This entire industry is a joke.

Posted via CB10

[bb10adopter111]

Unlikely to ever happen. The human is the weakest link. The NSA and CIA got hacked or betrayed by their own and leaked on wikileaks.
Do you expect the average user to fair better?

Facebook apparently uses thousands of people in India to monitor fake news and offensive postings!?
How much do you think those people get paid or care?
This entire industry is a joke.

Posted via CB10

More accurately, it will never be 100%. But there are technology strategies that can prevent the kind of blanket theft you're talking about.

The government's reliance on contractors for mission critical support has been a security disaster.

Posted with my trusty Z10

[cgk]

Just as a minor aside - what is being discussed here was always the plan as explained by Chen in the original announcement from Chen (Q2 2017 Earnings call):

some of the hardware security features, we will either license and provide to the third party we talk about, some might not take it. So a lot of them are the injection, for example key injection, its going to be coming from the chips they got from Qualcomm or somebody else

So I have no idea if the Keyone has 'secret sauce' but the general principle that BBRY is cool with devices being no different to stock android was established at the outset.

[conite]

Just as a minor aside - what is being discussed here was always the plan as explained by Chen in the original announcement from Chen (Q2 2017 Earnings call):



So I have no idea if the Keyone has 'secret sauce' but the general principle that BBRY is cool with devices being no different to stock android was established at the outset.

That notion was quickly poo pooed by BlackBerry. They have said many times since that licencees get the fully baked, secured, BlackBerry Android package.

[cgk]

That notion was quickly poo pooed by BlackBerry. They have said many times since that licencees get the fully baked, secured, BlackBerry Android package.

Link? Source?

[conite]

Link? Source?

https://ca.blackberry.com/company/ne...ess?id=2121540

The same wording is used in the other two deals.

Highlights:

Under the terms of the agreement, BlackBerry will license its security software and services suite, as well as related brand assets to Optiemus Infracom Ltd. The partner will design, manufacture, sell, promote and provide customer support for BlackBerry-branded mobile devices that offer the full BlackBerry experience, including the trusted BlackBerry for Android secure software, in India, Sri Lanka, Nepal and Bangladesh. BlackBerry will continue to control and develop its security and software solutions and maintain trusted BlackBerry security software, including regular Android security updates to the platform.


Thurber: This is an important milestone in our strategy to put 'the smart in the phone', providing state-of-the-art security and device software on a platform relevant to mobile customers, with more localization. With its infrastructure and experience in manufacturing, and proven success as our distribution partner, Optiemus Infracom Ltd is the ideal partner to design and manufacture trusted BlackBerry secure Android handsets for customers in India and neighboring markets.


Optiemus Chairman: This agreement will help us expand mobility choices by designing, manufacturing and offering secure BlackBerry devices which are made in India, for customers in India, as well as Sri Lanka, Nepal and Bangladesh.

[cgk]

That doesn't actually say they have to employ it in every phone. I'll stick with the CEO's quote in a legally monitored communication.

[conite]

That doesn't actually say they have to employ it in every phone. I'll stick with the CEO's quote in a legally monitored communication.

There are many examples.

Perhaps BlackBerry was initially open to licencing the brand without the security software, but just as they were open to licencing BB10, that actually didn't happen.

All three licencees, covering the entire globe, will be using the full BlackBerry Android secure software.

[Invictus0]

So I have no idea if the Keyone has 'secret sauce' but the general principle that BBRY is cool with devices being no different to stock android was established at the outset.

It seems to,

What really sets a BlackBerry smartphone apart from any other Android device, are the enhanced security features built into every device, right from the start. From a hardened operating system to BlackBerry Limited's proprietary technique for establishing a hardware root of trust adding security keys to the processor,

BlackBerry KEYone Canadian carrier partners and availability announced | CrackBerry.com

[Originalloverman]

I think you think "software" means stuff for your phone as a consumer. You should check.out the BlackBerry Web site to see what their software offerings actually ARE.


Posted with my trusty Z10

Ditto on that

[anon(9607753)]

There are many examples.

Perhaps BlackBerry was initially open to licencing the brand without the security software, but just as they were open to licencing BB10, that actually didn't happen.

All three licencees, covering the entire globe, will be using the full BlackBerry Android secure software.

The issue is we do not really know what this means for Android 7 and under the new licensing arrangement. Yes, I fully expect BlackBerry to collect a royalty for their BlackBerry suite of apps. And I suppose, because it contains DTEK, they can refer to it as a 'security suite'. I just don't think that is going to cut if for most people, at least from a security point of view.

You would know I am not one to plug Samsung products...go ahead and check out Samsung's website and their security page for the new S8. They go into a lot more detail describing what they do to secure Android and even cite specific government security certifications for their product that are already in place. And everything else, such as app containers and root of trust etc sound remarkably similar to what BlackBerry used to say they were doing (PRIV, DTEKs) The only thing they do not call out specifically is monthly system updates (which as of Android 7.1.1 are pushed by Google anyway).

By contrast, BlackBerry's licensees give us little more than a handful of generalized bullet points and (I suppose) expect we will believe it is the 'most secure Android' just because BlackBerry says so.

[bb10adopter111]

Samsung licensed patents from BlackBerry for Knox, so it makes sense they are using a similar approach.

Posted with my trusty Z10

[JohnKCG]

I wonder what the next non PKB phone will be like.

Probably a sucessor to the Dtek 60 because we already have the mid rango covered by the K1, the low end market with Aurora, so the Last one should be a high end powered up by the 835 and 6GB of ram

[cgk]

Probably a sucessor to the Dtek 60 because we already have the mid rango covered by the K1, the low end market with Aurora, so the Last one should be a high end powered up by the 835 and 6GB of ram

The aurora is irrelevant to TCL/blackberry mobile - they don't sell it, it cannot be sold in their markets and they don't make a cent from it.

[krazyatom]

I have DTEK 60 and Samsung S7. Both have March security patch but s7 is on nougat. Which one is more secured?

[Invictus0]

I have DTEK 60 and Samsung S7. Both have March security patch but s7 is on nougat. Which one is more secured?

What type of security are you looking for? Root protection? Probably the DTEK. Against Stagefright? Possibly a Nougat device.

[krazyatom]

What type of security are you looking for? Root protection? Probably the DTEK. Stagefright? Possibly a Nougat device.

I paid premium for BlackBerry premium security and I am not sure if BlackBerry offers most secured phone in the world. I afraid to buy KEYone now because KEYone will also receive slow security patch and OS updates in the future.