- 01-23-13, 04:34 PM #101
No platform is 100% secure.
I dont get it, there's double standards to the arguments. whatsapp is insecure, android is insecure. blackberry is secure.
but if you use whatsapp on blackberry, you're insecure? surely that just points out it's the app that is providing the vulnerabilities, so if you manage your apps properly on Android you cut out those vulnerabilities?
- 01-23-13, 04:35 PM #102
Judicious and informed use mitigates those vulnerabilities
Irresponsible use of a BB renders a BB vulnerable
There is no impenetrable platform
......and the beat goes on......the beat goes on.....
What I find really hilarious is the absolute refusal to acknowledge that a BB can be made vulnerable through improper use.....
You would have so much more credence if you would step down from the white tower and simply say.....yes, it's true....no platform is impenetrable....
I would actually have respect for your position if there were even a hint of reason behind it instead of fierce close minded fundamentalist dogma.
- 01-23-13, 05:01 PM #103
- 01-23-13, 05:08 PM #104
So let me get this right, a BlackBerry can be as insecure as Android but an Android will never be secure enough to bank on it, Q wouldn't, she does it on a BlackBerry.
So if I want just one device(not 2 or 3 or 4) that I could do banking on it what does that leave me with?
According to Q that will be a BlackBerry, no matter how much she likes Android.
- 01-23-13, 05:12 PM #105
The second opening is by someone who has access to the stream of data coming from your phone. This could be a cellphone company, one of the upstream providers of a cellphone company, anyone who is listening in on the channel itself (possibly) or someone with a subpoena ordering the cellphone company to turn over or record your data stream. In this case, properly implemented encryption will protect you fairly well. This is the complaint I have with WhatsApp, or at least how WhatsApp's security is currently described (by third parties) as. The data is encrypted with a symmetric key that is communicated in an insecure way to the server. Anyone with the ability to listen in on the channel can recover that key and use it to decrypt the messages just as easily as the legitimate receiver and this seems to be an exceptionally naive way of encryption a communication stream given how much research has gone into secure key exchange. This is very weak on the part of WhatsApp and if true gives the impression that they don't know what they're doing - once again, if that is true. BlackBerry Messenger does not have this problem.
The third opening is by someone who has access to the server that is handling the messages - this could be an employee of the company that is handling the messages or some other observer. It seems that both WhatsApp and BBM on BIS have this vulnerability. The way to plug that hole is that a message should not exist in unencrypted form except on the transmitting and receiving UE and the message server directly passes the encrypted (cypher text) messages through itself. Key exchange, in addition, needs to be done in a secure way. Some desktop chat clients do this kind of thing (OTR over some Jabber clients, for example) and in some cases even allow for use of one-time pads. If you can communicate a one time pad in a secure way (meet and physical in person exchange for example), do not reuse the one time pad, and those one time pads only exist on the sending and receiving UE, there's no way to attack the message stream itself except perhaps by some kind of message length analysis. The only way to get at the message data is to recover the one time pad somehow.
My ideal mobile messaging client would offer all of this, perhaps a plug in system that would allow for the use of one time pads between some devices, or allow the use of public key crypted messages to other types of devices, or allow the use of a symmetric cypher that you exchange in person physically or through NFC, or optionally through DH key exchange over an otherwise insecure channel, and then keep going down the stack of security to offer even completely plaintext messages. (the problem with one time pads is you are limited in how many messages you can send by the length of the one time pad and how random the one time pad data actually is - so you'd want less secure but infinite length options to send photographs, for example).
The real question is how determined an attacker do you think might be after your data and how much do you want to protect it. Completely plaintext messages transmitted over coffee shop wifi can be sniffed out of the air almost casually. Whatsapp is a step above that, it would take more than a few minutes to set up an attack to recover data being sent by WhatsApp, but probably not more than a few hours or days for a determined, experienced attacker. BlackBerry Messenger is considerably more difficult than that, at least raising itself to the level of government agency or trusted-employee gaining the ability to get access to the data. I'd like an option for something even more secure, but for the most part WhatsApp is fine. I don't particularly care that people might know I'm meeting friends for dinner at 6, though it would be annoying that someone could just casually snoop that message traffic. WhatsApp does make it harder for casual snooping, which is an ok level of security for most people.
- 01-23-13, 05:22 PM #106
Re: Just a though about whatsapp !!
As a side note, these childish alts the trolls are using to stalk members here speak more to the BB fan base than the Android one, and they aren't making them look good. It must be quiet at other boards, or they feel the need to bully. It's really pathetic. How long until the IP bans start?
I had to get the red SGS3...garnet is my birthstone! Excuses sent via Tapatalk 2
- 01-23-13, 05:25 PM #107
- 01-23-13, 05:31 PM #108
- 01-23-13, 05:32 PM #109
trolling in defence of a phone......
- 01-23-13, 06:35 PM #110
There is a danger here of beating the topic to death more than it already is, but in general the take away is Yes, BBM is much more secure (in the way a bank vault is more secure than a screen door) than WhatsApp but that probably doesn't make up for the fact that WhatsApp is on many different platforms. Also, I can imagine that at some point WhatsApp will get serious about security and fix their problems which takes a lot of the advantage of BBM away. BBM should stay ahead of the game and add even more levels of security and multiple platform support.
- 01-23-13, 06:42 PM #111
And since my knowledge of BBM is very outdated I have a few questions in general for the group about BBM:
* Can anonymous messages be sent to an individual or to a group?
* How large can groups be?
* Can you anonymously subscribe to a group?
* Can you generate "throw away" PINs or block a user from sending you messages?
* How large can messages be?
One I think that was already answered was:
* Is it possible to send a message to all users in a geographic area, or the closest n number of users (e.g., message the closest 1000 people to ask if it's snowing where they are, as a totally random example, or if anyone is available to give you a ride somewhere). I think this would be kind of neat to have as a feature, as long as you had the ability to turn off those messages.
- 01-23-13, 06:49 PM #112
In the words of Crackberry.com, “although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic 'key' that is common to every BlackBerry device all over the world". “This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed.”
Uh - that takes a lot of the advantage away. PIN to PIN messages are encrypted with a single symmetric key that is common to every blackberry in the world? Unless I'm not understanding this correctly, that seems to mean that there's almost no value in the encryption at all. If you can intercept the message and that message isn't encrypted by a asymmetric session key, and moreover is a key the whole world must be aware of, what is the point?
Can someone explain exactly how BBM encryption works?
edit: it looks like this article: http://dawn.com/2012/02/22/is-blackb...saging-secure/ reinforces that.
(quoted) However, it should be understood that if you are not using BES, you should not consider PIN-to-PIN messages as ‘secure’ and/or encrypted. The messages are only scrambled to the point where a normal third party cannot view them.
No kidding. This is basically exactly the same level of security that WhatsApp has. You just have to go to a different but also easily available place to get ahold of the symmetric key.
Someone please tell me that these articles are wrong and I am not correctly understanding how the PIN to PIN encryption is being applied for BIS communications with BBM?
- 01-23-13, 07:08 PM #113
I for one hopes that WhatsApp comes to BB10. It is one of the most downloaded apps right now on ios, android and BB and there are many out there on who use it. If it is not there at launch, it will not affect my decision to get a BB10, but for many, it not being there is a dealbreaker.
- 01-23-13, 07:43 PM #114
Re: Just a though about whatsapp !!
Now I'm starting to think that BBM though BIS is slightly less secure than whatsapp in that since BBM over BIS uses the same key worldwide for all messages, you don't need to have captured the key exchange to be able to decrypt the messages between server and blackberry whereas you must have captured the key exchange part of a whatsapp conversation to decrypt it.
Calling BBM encrypted in the context of this conversation in comparison to the "just awful" whatsapp seems to be disingenuous. Naive and non technical users (such as myself which is quite obvious given the credit I was giving to BBM security earlier in the thread) can be easily mislead into thinking that BBM is secure, or given the relative derision shown to whatsapp I was lead to believe that BBM was much better. Shouldn't we as a community in general be a little more balanced and forthright when discussing this? Why didn't someone bring up the fact that BBM pin to pin communications are all encrypted with the same key?
Sent from my Droid DNA
- 01-23-13, 08:36 PM #118
- 01-23-13, 08:48 PM #119
You could increase security by rolling keys very frequently, but this still doesn't have a real "encrypted" feel.
- CrackBerry Genius
01-23-13, 10:29 PM #120
- 2,224 Posts
- 0 Post(s)
- 0 Thread(s)
Just a though about whatsapp !!
prompted to upgrade my whatsapp...
and hey.. the new upgrade (which was pushed yesterday, i think) is much less laggy...
group message is smoother and broadcasting made easy with the last few upgrades...
messaging to my clients has made it much more easier now..
Sent from my unsliding slider BlackBerry 9800 using Tapatalk
- CrackBerry Abuser
01-23-13, 11:18 PM #121
- 220 Posts
- 0 Post(s)
- 0 Thread(s)
BlackBerry Enterprise Server for MDS Applications Version: 4.1 | Service Pack: 7 Feature and Technical Overview. After reviewing the Wikipedia pages for Pretty Good Privacy (PGP), S/MIME, and Public-key cryptography, you shoud experience that "real encrypted" feeling.
- 01-23-13, 11:30 PM #122
Anyway, so, with that information, BES *if* configured with PGP and *if* you are only communicating with devices on your own enterprise is getting close to a comfortable level of security. It would be nice if that were BBM-on-BIS wide and configured by default on BES as well. As it stands now, if you are using BBM on BIS you should in no way expect your messages to be any more secure (and really, slightly less secure) than via WhatsApp, would you agree?
- 01-23-13, 11:37 PM #123
- 01-24-13, 02:46 AM #125
Just a though about whatsapp !!
- By gtpx02 in forum Storm OS DiscussionReplies: 30Last Post: 04-03-09, 07:57 AM
- By onlyonepost in forum Storm OS DiscussionReplies: 149Last Post: 03-08-09, 07:46 AM
- By zoi in forum T-MobileReplies: 7Last Post: 01-15-09, 06:09 PM
- By zaydaboss in forum BlackBerry 8830 WEReplies: 9Last Post: 06-25-08, 03:41 PM
- By btownsoccerstud in forum BlackBerry Curve 83xxReplies: 3Last Post: 03-17-08, 11:32 AM