[Dunt Dunt Dunt]

I think there is a lot of confusion about BlackBerry and security. Years ago a number of people felt pretty secure using a BlackBerry to avoid "officials" from monitoring them. BlackBerry was the device of choice for both criminals or those living under an oppressive government.

Today I wouldn't count on BlackBerry to protect you in either of these cases... even if you have an older BlackBerry that was still using BIS.

For business there is BES and the policies that will allow a highly trained and educated administrator to enforce... that will provide a business with a very secure means of security. (no personal use, no apps other than those chosen to be installed by BES, no browsing except via the company firewall and filters, full encryptions, full password you have to enter ever time the device goes into standby - which should be after 5 seconds of inactivity)

For consumers... out of the box a BlackBerry has more security features enabled. But most other brands can also have the same features as options that need to be enabled. But few of us bother with encryption (especially those of us that have had a device crash and lost everything), and based on my dealings with workmates, family and friends... using a password to lock a device isn't all the common either. I think for many consumers, security is important.... as long as it doesn't get in the way.

[ZayDub]

Plenty of people here have already written lengthy responses discrediting your posts -- lengthy responses that I was unwilling to write, since you can't comprehend words in an article. All you offer is conjecture to try to make a situation fit your predefined narrative. So since you apparently have an agenda and want to use semantics and conjecture to refute FACTS, I will not waste any more of my time entertaining your foolishness.

Tour 9630 > Bold 9650 > Q10 > Classic or Passport???

[Jimberry Storm]

I'm no expert, but I watched this video an it says eBBM is protected, three different ways, regular BBM two.your FAQ does not state that unless I missed something. During a difficult breakup my ex brother-in law was able to hack everything on my sister's phone (legacy OS no password) except BBM. Now I don't know if that was because he was a bad hacker or BBM is more secure, but it gave me confidence in the app.

[Smitty13]

I already stated that Apple could in theory be forced to compromise iMessage (like any closed source manufacturer). But... in contrast to Blackberrys BBM there are simply no cases known that they have done it. So yes at the moment we have to regard iMessage as more secure than BBM

If I understand your idea of security correctly, it is that, despite me giving you verifiable and concrete examples of how iMessage is not secure, you are still perpetuating the idea that it is secure because someone has not gone public with instances of that exploit being utilized? Wow...just...wow. I have a feeling you are trying your hand at the security game, but you are failing miserably. I can provide you many discussion groups within the security community if you would like to try that explanation with people who are vastly superior to even my skills?

Additionally, the attacks I have cited are surely not a comprehensive list and even the ones I have mentioned, there stands a chance that someone other than Apple could execute them (E.g. public key exchange).

The logic that one IM application is more secure than the other merely because there haven't been published instances of these exploits being used is simply ludicrous. Both BBM and iMessage have grave pitfalls; when selecting what type of communication platform, you must have a threat model in mind. Are you trying to keep the prying eyes of your roommates off your messages or are you trying to hide from intelligence agencies across the world?

Out of the box BBM surely is not an IM application that one should be reliant upon for extremely sensitive information being kept secret; where BBM does have a significant leg up on iMessage is that with the addition of BBM Protected, PFS can be employed with encryption keys being held on a private, self-hosted BES machine. Through the entire encryption process, I can see where and how my keys are being used, I can revoke those keys, etc. None of that is, nor will it ever be (under the framework build), possible on iMessage.

(Source information: http://docs.blackberry.com/en/admin/...ty_Note_en.pdf)

[Troy Tiscareno]

[QUOTE=Prem WatsApp;11251129]What about those funky Flashlight apps that are a couple of MB, instead of somewhere in the tiny kilobyte range... ?

A certain portion of free Android apps undeniably just exist for the purpose of data mining...

8-o /QUOTE]

Obviously that was a well-publicized exception (and it was a single app, not several). Lollipop has a built-in flashlight switch - no app needed.

The point is: much, much worse is available from 3rd-Party app stores, many of which are regularly recommended to BB users.

[MADBRADNYC]

[QUOTE=Troy Tiscareno;11252216]

Obviously that was a well-publicized exception (and it was a single app, not several). Lollipop has a built-in flashlight switch - no app needed.

The point is: much, much worse is available from 3rd-Party app stores, many of which are regularly recommended to BB users.

I think it was more than just one. I think the top ten were mentioned with a half a billion downloads. All too large in size to just turn the light on. Not that it can't happen on BlackBerry but in this case only Apple and Android were mentioned in the report.




Posted via CB10

[Smitty13]

a) BBM is known to be compromised

Correct, given that the Indian government wished to be able to decrypt messages on the fly.

iMessage could be compromised by Apple (in theory!). Like any other closed source product.

Completely and utterly incorrect .This is not a theory, this is verifiable fact given the encryption scheme that iMessage uses.

You are truly grasping at straws here. I would say you a splitting hairs, but the job you are doing cannot even be called that. What was it that one member said earlier on in this thread? Oh yes...ahem...

I really love the fanboys. It's so funny to destroy their little world where the sun always shines and their favourite brand has the best products that have no disadvantages

Pot, would you like to meet my friend Kettle?

Do you use only open source software?

On my personal computers, yes.

And what about backdoors in your hardware?

I have gone through great lengths to ensure I have sourced nearly all of my hardware certified/reviewed by the Open Source Hardware Association.

What about your home router?

All of my routers have been flashed with the open sourced DD-WRT firmware since day one.

Why are you using a smartphone that can be used by third parties to track you everyday?

If you would have read my earlier post more thoroughly, you would understand that each of us have a specific threat model. Mine is as such that while I try to take great strides (much above and beyond the average home user) to ensure my security, it is not as such that I do not wish to carry a smartphone. I merely make the best choices to mitigate security threats, and BlackBerry is in fact the best choice for me. If I were on the run from government agencies, I would not be carrying a smartphone, let alone be posting on a public forum.

And if you use only open source software: have you performed a full check?

To review each and every piece of software is far beyond my capabilities and resources. I do however use software that is community supported, thus, having numerous eyes on the code to review for any malicious additions (E.g. Linux Mint). Even you yourself say that 100% security is unattainable, but, this again comes back to your threat model. Mine is not at a level where I absolutely need to review every piece of software I use.

Btw: BB10 is closed source, you can trust Blackberry that there are no backdoors hidden or just take it as it is.

You are indeed correct that BlackBerry 10 is closed source. However, BlackBerry has allowed some agencies and government bodies (E.g. most recently the German government) to review the code themselves to conduct a security audit. Can you please detail to me the amount of times and the findings from audits of Apple's code?

And finally, Where did I say BlackBerry provided 100% security at any rate? No where. I am merely pointing out how BBM can provide vastly superior security to iMessage. iMessage pretends to do what BBM can actually do.

You cannot point to iMessage and say "someone could exploit these glaring security holes, but because no one has gone public with doing so, it makes it secure still". Yes, in theory any closed source product could be exploited, but there is a significant difference between those closed source products that have not had any identified security holes pointed out and ones that have had security holes pointed out. Apple is clearly of the latter camp here. Any denial of this is either trolling, blatant ignorance, or fanboyism (as you like to accuse others of).

[nhanken]

Do you have any valid claims to support your statement that iOS is more secure than BB10? Please not some link from Engadget or CNN...

Yup Gimmick. Without BES, BB10 is just like any other OS (definitely more secured than androids though). I think iOS is more secured than BB10.

Once you go black, you can't turn back! Posted via CB10

[filanto]

Yeah yeah cut and paste, sue me. http://www.ibtimes.com/hacker-demons...graphs-1769408

Posted via CB10

[donnation]

All these my messaging system is better than your messaging system arguments are great, but they don't stop a glaring fact for any smartphone. If a 3rd party service is used like say SnapChat, and SnapChat is hacked, then guess what, you have been hacked too. If PayPal gets hacked and they get ahold of user names and Passwords, I don't care if you use the app on iOS, Android, or Blackberry, your username or Password has also been hacked. We can all throw stones and say that my OS is more secure than your OS but when third party services are used its really out of control and we put the security of our information into the hands of others. Its a reality of life. I don't care what phone anyone is using, it isn't truly secure. I do think that BB preaches on this a little too much but like I said before, every company needs a tag line.

[kfh227]

Wrong. Totally wrong.
FAQ: BlackBerry Messenger & PIN Messages are NOT Encrypted - BerryReview

Actually, those are encrypted. It's just with a common key globally. When on BES, each server uses a unique key.

[will308]

For non-BES users, Blackberrys security is more or less just a marketing phrase, depending on what features you are looking for

iOS for example:
+iMessages are encrypted, whereas BBM messages are NOT encrypted, just scrambled
+iOS has comparable right management options for apps and users don't need to use Android apps without right management options like on BB10 as nearly all apps users need are available on iOS
+iOS devices support S/MIME whereas non-BES BB10 devices don't support this.
-iOS devices can be accessed via forensic software whereas BB10 device information can only be accessed with backup breaking software (BB10 devices can be accessed via bruteforce hack if the user choses to encrypt the SD card. As the SD card encryption uses the same key as the phone one can easily pull the SD card out, start brute force attacks on the SD and after gaining the password access the phone, which uses the same password, as there is no security against brute force attacks of SD cards pulled out of devices. So NEVER ENCRYPT YOUR SD CARD, only your BB10 device and make sure there is no relevant data stored on the SD card).

so are you saying that blackberry have been hacked and if so when and where is the proof.......................

[RubberChicken76]

However, BlackBerry has allowed some agencies and government bodies (E.g. most recently the German government) to review the code themselves to conduct a security audit. Can you please detail to me the amount of times and the findings from audits of Apple's code?

I really don't want to get into this pissing match about security, but the same question could be made of you on this. Can you detail the findings from the audits of BlackBerry's code? this is a bit of a pet peeve of mine because a lot of the security things that people act as though they are proven fact are "alleged".

Could they be true? Sure. But the way some posters tell the story, you'd swear John Chen invited them personally to top secret government meetings to personally provide feedback on his security roadmap as well as discussions with Obama, Harper and other world leaders. :-)

[Bbnivende]

http://docs.blackberry.com/en/admin/...y_Overview.pdf


Security overview by BlackBerry.

[Smitty13]

I really don't want to get into this pissing match about security, but the same question could be made of you on this. Can you detail the findings from the audits of BlackBerry's code? this is a bit of a pet peeve of mine because a lot of the security things that people act as though they are proven fact are "alleged".

Could they be true? Sure. But the way some posters tell the story, you'd swear John Chen invited them personally to top secret government meetings to personally provide feedback on his security roadmap as well as discussions with Obama, Harper and other world leaders. :-)

Not a bad question to ask at all, fair in my opinion. After BlackBerry's acquisition of SecuSmart, German news outlets wrote about concerns put forth by the German government in regards to the security of both; see the English translated version of one account here.

Perhaps you may have been posting while I posted my last post, but I ask the question, after a publicly noted audit by the German government, if severe security flaws were found in the very core of the BlackBerry 10 coding (E.g. remote backdoor access, intentially weakened encryption algorithms/hashes, etc.), why would the German government continue to use the platform? Sure, software engineers could be given the go ahead to modify some parts of the code at BlackBerry's consent, but I am referring to flaws which are of the catastrophic nature (E.g. ones that would require an essential rewrite of the entire code).

With Ubuntu open source smartphones making headway in the European market, it would not make any security sense for the German government to continue on with BlackBerry when other open source alternatives are available.

Could this entirely be made up? Sure. As could almost everything we have been told in the technology world. However, taking a Cartesian approach to every single shred of information is enough to ensure an individual would never touch a smartphone ever again. Should we blindly trust manufactures? Of course not. Should we try and make well informed decisions based upon peer reviewed research from multiple sources? Yes.

[Tim_treo]

For non-BES users, Blackberrys security is more or less just a marketing phrase, depending on what features you are looking for

iOS for example:
+iMessages are encrypted, whereas BBM messages are NOT encrypted, just scrambled
+iOS has comparable right management options for apps and users don't need to use Android apps without right management options like on BB10 as nearly all apps users need are available on iOS
+iOS devices support S/MIME whereas non-BES BB10 devices don't support this.
-iOS devices can be accessed via forensic software whereas BB10 device information can only be accessed with backup breaking software (BB10 devices can be accessed via bruteforce hack if the user choses to encrypt the SD card. As the SD card encryption uses the same key as the phone one can easily pull the SD card out, start brute force attacks on the SD and after gaining the password access the phone, which uses the same password, as there is no security against brute force attacks of SD cards pulled out of devices. So NEVER ENCRYPT YOUR SD CARD, only your BB10 device and make sure there is no relevant data stored on the SD card).

I am not sure if I understand this comment about the SD card. If the device has a strong password isn't the data still protected?

[Maxxxpower]

I am not sure if I understand this comment about the SD card. If the device has a strong password isn't the data still protected?

If "they" have your device including your SD:
Once "they" have access to the SD card through a brute force attack (which is possible as it can be popped out of your device) "they" have access to your phone as it uses the same password as the one they received from the SD no matter how long it is, it just uses more time to crack it if you use a long pw. However this is kind of a worst-case scenario and doesn't really apply to most "normal users". In most cases your phone will be stolen and the thief will simply try to wipe the phone to sell it.

[sleepngbear]

Closed for cleanup & review...




And after further review, the call on the field stands. Thread is closed for a much-needed cooling off.