[corbintechboy]

I am a Blackberry user and I love my 9810. The problem that I have had over the years is the carrier does not release updates for the devices when they are in charge.

My wife is an iPhone user and gets updates left and right and I have had 1 update for my 9810 in the time I have had it. Windows has just announced they are going to support devices for 18 months. If we let the carriers support the next Blackberry devices, they will suffer the same they do now.

Android I get ROMs to satisfy myself and get a new fix when I need, I can jailbreak and iPhone and even if I don't they push new features, Windows will change. The carriers with RIM will say "we got em now" and never update the device? At least this is the impression I get with my 9810.

So I was excited until I read RIM wants to give power to the carriers. Why?

[howarmat]

WIth BB10 this should happen. RIM will be able to change code in the OS and it will not have to go all the way through carrier testing again. Currently all updates have to go through testing since the entire OS is modified for every update.

[ajst222]

I think they should do it themselves too. Android also does it through the carrier. Of course with me being with Verizon and them all gung of Motorola and Droid, they are more likely to release updates for Android than BlackBerry. RIM should handle that themselves for BB10. I think it would work out much better for everyone

[playbookster]

One of the many issues that bb10 will solve. Dont worry.

[rdkempt]

RIM's updating policy has always struck me as a SERIOUS vulnerability and a gaping hole in their security.

Let's assume an exploit was found - and let's also assume that Apple and RIM resolve security issues in the same time frame. Who gets the patch first, the iOS or BB user? Well, the iOS user installs it right away and gets alerted about it and does it over the air. Meanwhile the BlackBerry user waits weeks or months+ for the carrier to approve, provision and upload the patched version... and then installs the update (and it's been my experience that BlackBerry users update their devices when there are updates far less often than anyone else).

I am hoping that BlackBerry 10 gets the updating process at least on par with it's competitors as that's a huge area of fail right now.

[Dunt Dunt Dunt]

Think the problem was that Carrier's didn't trust RIM to release a stable update. Back when I had my STORM I tried every update that came out from different carriers. For some of them it was laughable that it made it past RIM's quality control (they do have something like that right).

But I do hope that RIM has the power to force the carriers to "keep out" of the OS, and let RIM do all the updating. Just think carrier's are going to want to Brand and "bloat" the devices the way they want to.

[hornlovah]

RIM's updating policy has always struck me as a SERIOUS vulnerability and a gaping hole in their security.

Let's assume an exploit was found - and let's also assume that Apple and RIM resolve security issues in the same time frame. Who gets the patch first, the iOS or BB user? Well, the iOS user installs it right away and gets alerted about it and does it over the air. Meanwhile the BlackBerry user waits weeks or months+ for the carrier to approve, provision and upload the patched version... and then installs the update (and it's been my experience that BlackBerry users update their devices when there are updates far less often than anyone else).

I am hoping that BlackBerry 10 gets the updating process at least on par with it's competitors as that's a huge area of fail right now.

Yes, RIM definitely needs to correct their update process, and it sounds like they have a plan to do so.

If you would like to see actual examples of serious vulnerabilities demonstrated, look for Jonathan Zdziarski's upcoming Black Hat presentation, The Dark Art of iOS Application Hacking, on YouTube in a few weeks. He's going to demonstrate data theft techniques like: bypassing encryption and logic checks, application manipulation, exposing credit card data, breaching a password managers...etc. Interesting stuff if you're an iPhone user, and it will certainly help you put terms like "gaping hole" and "huge area of fail" in their proper perspective.

[amazinglygraceless]

Hasn't a little bit of this problem been the fact that while a new OS update may
work flawlessly on many networks it can / has break / broken things on others.

I would love it to see the updates controlled by RIM but I don't think placing the
blame for slowness at the feet of the carriers is altogether fair. Remember they
have to support any software they release so it is in their interest to not release
something that does not pass their testing.

[rdkempt]

Yes, RIM definitely needs to correct their update process, and it sounds like they have a plan to do so.

If you would like to see actual examples of serious vulnerabilities demonstrated, look for Jonathan Zdziarski's upcoming Black Hat presentation, The Dark Art of iOS Application Hacking, on YouTube in a few weeks. He's going to demonstrate data theft techniques like: bypassing encryption and logic checks, application manipulation, exposing credit card data, breaching a password managers...etc. Interesting stuff if you're an iPhone user, and it will certainly help you put terms like "gaping hole" and "huge area of fail" in their proper perspective.

Without even installing an app and granting it any privileges we know that BlackBerry OS was susceptible to having it's entire contact list stolen, image database stolen, and eventually evolved into executing other remote commands on the handset.

Quote:
"While the research team acknowledged that the BlackBerry benefits from obscurity, Iozzo said the absence of ASLR, DEP and code signing has put the device "way behind the iPhone" from a security perspective."

I think we can both agree that very few things are truly secure... not being able to even provide your users immediate access to your patches or updates is ludicrous.

[janeka]

Without even installing an app and granting it any privileges we know that BlackBerry OS was susceptible to having it's entire contact list stolen, image database stolen, and eventually evolved into executing other remote commands on the handset.

Quote:
"While the research team acknowledged that the BlackBerry benefits from obscurity, Iozzo said the absence of ASLR, DEP and code signing has put the device "way behind the iPhone" from a security perspective."

I think we can both agree that very few things are truly secure... not being able to even provide your users immediate access to your patches or updates is ludicrous.

Spoken like true iphone user. Btw when was the last time iozzo was correct on anything? We see 12 year old break through apples security in 2 hours after a new os release. Never has it took 2 hours to hack qnx. If you need links to prove this let me know

[rgorman]

Carriers want to control the features and the fees attached to them. eg. Verizon disabling GPS unless you used THEIR mapping program. Apple obviously has agreements with both carriers for release updates.

[FigureThisOut]

I am a Blackberry user and I love my 9810. The problem that I have had over the years is the carrier does not release updates for the devices when they are in charge.

My wife is an iPhone user and gets updates left and right and I have had 1 update for my 9810 in the time I have had it. Windows has just announced they are going to support devices for 18 months. If we let the carriers support the next Blackberry devices, they will suffer the same they do now.

Android I get ROMs to satisfy myself and get a new fix when I need, I can jailbreak and iPhone and even if I don't they push new features, Windows will change. The carriers with RIM will say "we got em now" and never update the device? At least this is the impression I get with my 9810.

So I was excited until I read RIM wants to give power to the carriers. Why?

I've been primarily an iPhone user for about 2 1/2 years now and I wouldn't classify the iPhone
updates as coming from "left and right." It's true that they have total control over it, though.
But most of the time when going from an 0.0 to 0.1 or 0.3 to x.1.1, there isn't this really big
difference.

I agree with you about the carriers. But as already said, it isn't fair to blame it all on them. When I
was a BB user, installing all these different betas was hogwash. It was just to do it because I was
convinced things would be different. Fact is, if your BB is working just fine for you then there's no
need for carrier updates to come from "left and right."

[Rooster99]

WIth BB10 this should happen. RIM will be able to change code in the OS and it will not have to go all the way through carrier testing again. Currently all updates have to go through testing since the entire OS is modified for every update.

Question - is this different for iOS?

- R.

[rdkempt]

Spoken like true iphone user. Btw when was the last time iozzo was correct on anything? We see 12 year old break through apples security in 2 hours after a new os release. Never has it took 2 hours to hack qnx. If you need links to prove this let me know

Please don't make me defend iOS (unless it's Cisco IOS!) or Apple... I've hated Apple for as long as I can remember and don't consider myself to be an exclusive iPhone user. If McDonald's released a smartphone that did the things my corporation requires I know people would start saying "Spoken like a true McFatty you want fries with your smartphone? har har har" whenever I said anything. I use what works for me and UNFORTUNATELY that is currently an iPhone. I try to be as vendor agnostic as I possibly can be (except for Apple - I don't like them). But if you have a company named CrappyPantsSmallDingDong, every employee is a member of the KKK and you make awesome stuff - sign me up, I'm grabbing it. I don't care (as long as it works perfectly!), and I certainly don't care about Apple.

I said nothing is always 100% secure... how long did it take the PlayBook to be rooted? RIM's newer operating systems are showing bigger security problems than their older ones and I'm actually looking forward to BlackBerry 10 as much as I am Windows Phone 8.

EDIT: I don't even understand the concept of blindly liking a product because of the name associated to it. I think that must be the problem, if I'm not defending the BlackBerry over everything else regardless of facts, I must support another camp whole-heartedly. This is completely untrue. I could care less about all of them equally as long as there's something out there that covers all of my needs and works great... don't care if it has a Microsoft stamp on the back of it, a Coca Cola logo or a BlackBerry logo on it.

[SK122387]

I agree with the OP but then again.. if RIM did control the updates, I doubt that we'd get to load the leaked OS. I always put the latest leaked OS on my phone, and RIM has a way with delaying and postponing...I'd hate for that to be affecting the way I load an OS onto my phone.

[hornlovah]

Without even installing an app and granting it any privileges we know that BlackBerry OS was susceptible to having it's entire contact list stolen, image database stolen, and eventually evolved into executing other remote commands on the handset.

Quote:
"While the research team acknowledged that the BlackBerry benefits from obscurity, Iozzo said the absence of ASLR, DEP and code signing has put the device "way behind the iPhone" from a security perspective."

I think we can both agree that very few things are truly secure... not being able to even provide your users immediate access to your patches or updates is ludicrous.

We can agree on many things, and I hope it didn't appear that I was trying to minimize the update problem. If you have a good understanding of how mobile phone exploits are commoditized by governments and security businesses, it is clear that all manufactures need to step up their game. Every time I read about an exploit being sold for thousands of dollars (250K for one iOS exploit), view a Defense Department contractor's job posting for a mobile phone exploit writer, or see a new mobile OS module being introduced into exploitation frameworks like Metasploit and BeEF, I worry more about consumer privacy and security.

We differ on perspective and terminology though. I would categorize the update issue as a deficiency on RIM's part and a potential security problem. I would use "SERIOUS vulnerability" and "gaping hole" to describe exploits like the iOS Objective-C runtime attacks that are making their way into the venues listed above. The vulnerability is present on every iOS device, the code is in the public domain, there is no reliable detection or removal method, the code can be delivered through drive-by browser exploits, and the attacks are generalized and devastating.

In their iOS 5.1 release, Apple fixed 71 unexpected application termination or arbitrary code execution WebKit vulnerabilities similar to the WebKit vulnerability used in the Pwn2Own attack you referenced. Iozzo's "way behind the iPhone" comment has proven to be a bad joke.

[tmelon]

I agree with the OP but then again.. if RIM did control the updates, I doubt that we'd get to load the leaked OS. I always put the latest leaked OS on my phone, and RIM has a way with delaying and postponing...I'd hate for that to be affecting the way I load an OS onto my phone.

They'll probably do it the way Apple does. OTA updates for the public on every BB10 phone for every carrier and then developer betas (from BlackBerry Beta Zone) that all the risk takers can try out. I doubt there will be any more leaked OS's.

[eve6er69]

not sure why they dont now but it stinks having to run a non att os to get the good battery life on a 7.1

[corbintechboy]

The thing is that every update my wife has got has changed something. May be small but something none the less. She also had a 2 year old 3GS that got updates till she got her 4S.

It's like I said, after you buy the device the carrier has you sucked in and no ambition to support you because they really don't have to.

I have time to think. I am very excited about BB10. I came from the Pearl flip>Curve>Tour>9800>9810 and I do love my BB. I just don't want to be be stuck with what I have had so far and that is no support after purchase. While other carriers (not in America it seems) has sent out updates for the 9810.

I had an iPhone for about a month. I hated it! But if I have to do that to get support I may just do that. I don't want to but I could. Or Android at least they have ROMS.

No, no... I will not do that! I will wait for BB10 and hope and wish and hope still.