[IEatBlackBerries]

BlackBerry has failed to provide any documentation about the security of devices including technical documentation on security features. All they provide is marketing words which are meaningless.

John Chen came out against encryption and stated he believes companies have a basic civil duty to assist law enforcement and governments.

The fact he came out against Apple when BlackBerry built their company around the claims of security is atrocious. It does not make me trust BlackBerry to not be collaborating with law enforcement and governments.

The Encryption Debate: A Way Forward | Inside BlackBerry

This whole blog entry by John Chen is repulsive and actually blows my mind.

Until BlackBerry can backup their security claims, there's no proof that BlackBerry devices are secure with no backdoors.

[Carjackd]

Well, I'm too sure if Chen needs to prove this to you. Some agree with Chen...apple in some people's opinion over stepped their boundaries with respect to the case against them and the lone wolf terrorist attack you are referring to.

[thurask]

That ain't nothing new.

Back when BBOS was relevant, BlackBerry was faced with bans unless they routed BIS traffic through servers located in particular countries so that the governments of said countries could peek into what their playthings citizens were doing; while the UAE and Saudi Arabia dropped their cases BlackBerry still built a NOC in India: RIM installs BlackBerry server in Mumbai | CrackBerry.com

We know that consumer BBM is vulnerable, since the whole thing is encrypted with the same key which BlackBerry has divulged to law enforcement: https://www.engadget.com/2016/04/14/...ncryption-key/

And their enthusiasm in dealing with law enforcement appears to be playing fast and loose with due process: BlackBerry hands over user data to help police 'kick ***,' insider says - Technology & Science - CBC News

As much as their security features (code signing, kernel improvements, total obscurity) are designed to thwart Russian script kiddies, if BlackBerry is this eager to do whatever governments tell them to do then calling it secure/private/whatever is just marketing. At least Apple and Google (REEEEEEEEEEEEEEEEEEE) bothered to stand up to the FBI.

[Bla1ze]

It's a debate that will be argued forever but really, I think it comes down to what you consider a backdoor. Lawful access doesn't always mean they can hand over everything without any encryption. They could hand over nothing but a garbled stack of info which will never make any sense and still be complying with lawful access.

Additionally, I think the lines have been a bit intentionally blurred as to what it means when it comes to BlackBerry security. Is your every day run off the shelf device 'secure' as it can be? Certainly not. But if you back it up with the software and services that BlackBerry offers then you certainly reach the level of security promised.

But as mentioned, that line is blurred in some folks eyes to the point where they think if the off the shelf device is as secure as if you were making use of ALL of BlackBerry's offerings, which is just downright wrong. To that extent, I don't think BlackBerry has done anything to stop that misunderstanding.. because, well, why would they? It sold handsets when they were in that business.

Also, as Thurask somewhat highlighted, mostly all of the cases in which BlackBerry devices have been accessed or BlackBerry complied with lawful access, the people on the other end arguably made the assumption that their devices were secure while using regular BIS enabled devices or PGP encrypted devices. Services which have been proven time and time again to be accessible. It's the common thread between the reports but what's harder to find is reports where people have been busted while using BES enabled devices. That's not to say they don't exist, but the scale is far smaller.

If I was out here doing some sketchy stuff, you better believe I would not being using a PGP encrypted device or some BIS enabled service or stock BBM. If using a BlackBerry was the route I would take, I would pony up the cash and have that sucker locked down with BES and everything else that comes along with it lol.

[bobshine]

Pretty much any OS can be backdoored... except maybe the most recent iPhones. But eventually someone would figure out a way to it.

The thing is to what extend the manufacturer is willing to change their code.

Apple has historically complied with LE a lot more than BB. They gave access to iCloud accounts, duplicated flash content so they can be brut force attacked.

So if you're worried enough that LE can access your smartphone... maybe you shouldn't be using one!

[bakron1]

As several folks have stated, no software is 100% secure and every day I read about some corporate sever and/or someone's personal account being hacked.

As time goes on and the more we depend and store our personal information on our smart devices and home PC's, the percentage grows that your data might be compromised in one forum or another.

I honestly believe that every OS has a backdoor that is only available to a select few and as governments want to see more and more of their constituents data, the number of the chosen few will only grow.

Unfortunately it's the price we pay for the technology we have in 2017. Just my two cents worth.

[thurask]

As several folks have stated, no software is 100% secure and every day I read about some corporate sever and/or someone's personal account being hacked.

As time goes on and the more we depend and store our personal information on our smart devices and home PC's, the percentage grows that your data might be compromised in one forum or another.

I honestly believe that every OS has a backdoor that is only available to a select few and as governments want to see more and more of their constituents data, the number of the chosen few will only grow.

Unfortunately it's the price we pay for the technology we have in 2017. Just my two cents worth.

Most security issues are because someone in the chain dropped the ***** ball (be it the user or the provider), but if the alphabet soup agencies are forcing their way into software from the design stage then even the best practices aren't going to stop it. The first ones can be mitigated by using a good password manager, or good old public shaming at least.

[bakron1]

Most security issues are because someone in the chain dropped the ***** ball (be it the user or the provider), but if the alphabet soup agencies are forcing their way into software from the design stage then even the best practices aren't going to stop it. The first ones can be mitigated by using a good password manager, or good old public shaming at least.

Very good point sir, I am also a believer in strong passwords and last but not least, the one most folks forget about, common sense.

[mrfreeze]

Of course I think it would have served Chen better to just keep his mouth shut on the subject, but he was trying to win back government contracts and reacting to a situation in which a terrorist went on a rampage and people we're looking for answers.

But don't kid yourself if you don't think Apple and Samsung won't go to the same extents as BlackBerry to help law enforcement. Your only as secure from law enforcement as you make it for yourself.

Where BlackBerry wins in security is against unauthorized entities.

[rt2567]

I wish somebody makes the boeing phone available to the public.... but what the hell. BB10 OS is the best public can reach

Posted via CB10

[skstrials]

If the authorities were looking for a mass murderer on the loose, I sure hope they could track blackberry phones to assist.

In that sense, the government having the access to the phones is not such a bad thing.

However, the government accessing the phones without a proper warrant is unacceptable.

At the end of the day, it is really not up to bb to abuse the power of technology. But it is up to the government to make sure the back door is not used improperly.

Posted via CB10

[byex]

Every phone OS has a backdoor.
What I find is amusing is people that will post their lives on social media and then be concerned about the security of their phone.

Posted via CB10

[Slash82]

I wouldn't call it backdoor.

It's how it's made up these days.

Example: Since BBM has no more end-to-end encryption, it's not a big deal to follow messages between the message goes out and it enters the provider.

It's the small things, but no real backdoors...

Posted via CB10

[bb10adopter111]

BlackBerry has failed to provide any documentation about the security of devices including technical documentation on security features. All they provide is marketing words which are meaningless.

John Chen came out against encryption and stated he believes companies have a basic civil duty to assist law enforcement and governments.

The fact he came out against Apple when BlackBerry built their company around the claims of security is atrocious. It does not make me trust BlackBerry to not be collaborating with law enforcement and governments.

The Encryption Debate: A Way Forward | Inside BlackBerry

This whole blog entry by John Chen is repulsive and actually blows my mind.

Until BlackBerry can backup their security claims, there's no proof that BlackBerry devices are secure with no backdoors.

Well, what BlackBerry actually said was, basically, that they don't build back doors (which would allow unlimited access to anyone with a key), but that they will open the front door to law enforcement agencies that follow due process.

So, if you don't trust your government, or believe that not even a properly obtained warrant entitles law enforcement to access your electronic records, then you should probably not use BlackBerry as a provider.

Personally, living in the US, I'm much more worried about persistent surveillance / data mining than I am legitimate law enforcement, so I prefer BB's position to Apple's.

Apple has basically told government that they need to open a back door on their own, even when they have a warrant. And that has led to multiple companies creating back doors to sell to governments worldwide.

Personally, I feel better about a system with no known back doors than one with known ones.

Posted with my trusty Z10

[DrBoomBotz]

Example: Since BBM has no more end-to-end encryption, it's not a big deal to follow messages between the message goes out and it enters the provider.

BBM without BES was never very secure and that has not changed.

[Adam Matlock]

Of course I think it would have served Chen better to just keep his mouth shut on the subject, but he was trying to win back government contracts and reacting to a situation in which a terrorist went on a rampage and people we're looking for answers.

But don't kid yourself if you don't think Apple and Samsung won't go to the same extents as BlackBerry to help law enforcement. Your only as secure from law enforcement as you make it for yourself.

Where BlackBerry wins in security is against unauthorized entities.

Yes. Security and right to privacy are two different things. If you go on a murderous rampage or commit terroristic activities, I think your reasonable expectation to privacy kind of goes out the window.

[Elephant_Canyon]

Apple has basically told government that they need to open a back door on their own, even when they have a warrant.

No, Apple has told the US Department of Justice that it won't expend resources to create software that compromises the security of all of its products in order to unlock one specific phone.

[cbvinh]

I wish somebody makes the boeing phone available to the public.... but what the hell. BB10 OS is the best public can reach

I don't think you would want a Boeing phone as a consumer. First, it's crazy expensive. Second, if someone plays with it, like your kid, it'll destroy itself hardware-wise, which brings us back to the first reason.

[cbvinh]

Complying with law enforcement, good or bad, in this case?

https://www.engadget.com/2017/03/21/...tter-attacker/

[rt2567]

I don't think you would want a Boeing phone as a consumer. First, it's crazy expensive. Second, if someone plays with it, like your kid, it'll destroy itself hardware-wise, which brings us back to the first reason.

I totally forgot their self destruct function. Thanks. But still hope there are more privacy orientated stuffs for public consumers. (I also seems to have forgotten that boeing black uses android, which is a big 'no' for people don't like it.)

Posted via CB10

[Aman Darred]

Well, what BlackBerry actually said was, basically, that they don't build back doors (which would allow unlimited access to anyone with a key), but that they will open the front door to law enforcement agencies that follow due process.

So, if you don't trust your government, or believe that not even a properly obtained warrant entitles law enforcement to access your electronic records, then you should probably not use BlackBerry as a provider.

Personally, living in the US, I'm much more worried about persistent surveillance / data mining than I am legitimate law enforcement, so I prefer BB's position to Apple's.

Apple has basically told government that they need to open a back door on their own, even when they have a warrant. And that has led to multiple companies creating back doors to sell to governments worldwide.

Personally, I feel better about a system with no known back doors than one with known ones.

Posted with my trusty Z10

well said!

Posted via CB10

[thurask]

Complying with law enforcement, good or bad, in this case?

https://www.engadget.com/2017/03/21/...tter-attacker/

That isn't a backdoor, though. Cops ask Twitter for account details, Twitter gives them a number. Cops ask AT&T for details on that number, they get evidence of an iPhone. Cops ask Apple about iCloud on that iPhone, they get the guy.

At no point did they have to pick any locks, not like the San Bernardino case that prompted the initial blog post.

[keyboardweeb]

The ones that run Android don't need backdoors, and the BB10 ones are so few that who cares.

[sinkingphoenix]

[...] mostly all of the cases in which BlackBerry devices have been accessed or BlackBerry complied with lawful access, the people on the other end arguably made the assumption that their devices were secure while using [...] PGP encrypted devices. Services which have been proven time and time again to be accessible.
[..]
If I was out here doing some sketchy stuff, you better believe I would not being using a PGP encrypted devices [..]

You either explained that in an unfortunate way, or you do not know what PGP is. PGP, when used correctly, is not feasible for anyone to crack. If you have other info please source it. This might seem like smart-assery, but I feel it's important to not circulate false information, especially when talking about encryption technology. If you mean that BlackBerry can circumvent their own PGP encryption, you should state that specifically, because PGP in general is secure to use (if used correctly) and people reading in this forum should not be misinformed about that.



Posted via CB10

[Adam Matlock]

I don't think you would want a Boeing phone as a consumer. First, it's crazy expensive. Second, if someone plays with it, like your kid, it'll destroy itself hardware-wise, which brings us back to the first reason.

Maybe they could work this angle to where it explodes if your wife or girlfriend messes with it. Lol.