1. johnb_xp's Avatar
    We got a KRACK update so idk, maybe we'll get a patch for KNOB?

    KNOB is a Bluetooth vulnerability, update has been released for KEY2 already afaik.
    08-17-19 12:22 AM
  2. howarmat's Avatar
    doubtful but they are not EOL til end of year so will see
    08-17-19 08:40 AM
  3. thurask's Avatar
    According to the researchers:

    The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.

    After we disclosed our attack to industry in late 2018, some vendors might have implemented workarounds for the vulnerability on their devices. So the short answer is: if your device was not updated after late 2018, it is likely vulnerable. Devices updated afterwards might be fixed.
    Since the last released update (10.3.3.3216) was built February 2018, it's definitely unfixed in current software. Even if the last ever spotted release (10.3.3.3333 from October 2018) comes out, it's still uncertain if whatever firmware fixes Qualcomm/Broadcom/Texas Instruments/whoever developed made it into BB10 that quickly, if the KRACK fix build came out six months after the public advisory. From the CVE, BlackBerry was notified about this in June with no response since then. Presumably, EOL ticking closer by the second and the build server being dormant since October means no response is necessary.
    08-17-19 08:42 AM
  4. Chuck Finley69's Avatar
    According to the researchers:



    Since the last released update (10.3.3.3216) was built February 2018, it's definitely unfixed in current software. Even if the last ever spotted release (10.3.3.3333 from October 2018) comes out, it's still uncertain if whatever firmware fixes Qualcomm/Broadcom/Texas Instruments/whoever developed made it into BB10 that quickly, if the KRACK fix build came out six months after the public advisory. From the CVE, BlackBerry was notified about this in June with no response since then. Presumably, EOL ticking closer by the second and the build server being dormant since October means no response is necessary.
    So their press release meant ________ ?
    08-18-19 02:08 PM

Similar Threads

  1. Replies: 19
    Last Post: 09-04-19, 02:37 PM
  2. CrackBerry Administrators, What the heck is happening?
    By John Albert in forum General BlackBerry Discussion
    Replies: 123
    Last Post: 08-26-19, 01:20 PM
  3. Why Google Play Services is not working?
    By ahmu in forum BlackBerry KEYone
    Replies: 6
    Last Post: 08-21-19, 08:11 PM
  4. Problem with BBM on BB10
    By MilanSk in forum BlackBerry Passport
    Replies: 11
    Last Post: 08-18-19, 01:47 PM
  5. Speakerphone Microphone is Blurry
    By SoxFan in forum BlackBerry KEY2
    Replies: 0
    Last Post: 08-15-19, 09:01 AM
LINK TO POST COPIED TO CLIPBOARD