BlackBerry CEO: We'll Try To Break Our Own Encryption If Feds Demand It
-
Well -- not since last week, anyway.
Sent from my BlackBerry 9900 using Tapatalki_plod_an_dr_void likes this.10-27-17 10:24 AMLike 1 - If that is BB’s position, then Chen should have come out and said that? This stupid statement of “well, we promise to try but we might not be able to do it” doesn’t make anyone happy. The people who want strong encryption will say wait a minute, why would you try if you know your crypto is secure?
And the people who want LE to have access are left wondering what Chen is actually saying. Can they or can’t they decrypt user content? The CEO of a tech company ought to have some better idea than saying he’s committed to trying but then shrugging his shoulders and saying he doesn’t even know if they can. Is your stuff secure or isn’t it? You should have some idea if you’re calling yourselves one of the top security companies in the world and that’s basically the bulk of your entire value add in life.
I sold half my position in BB again today after looking again at the very odd results and guidance for IP licensing and then being reminded again that Chen is sort of an ***** a lot of the time.
LeapSTR100-2/10.3.3.220510-27-17 03:42 PMLike 0 - Because he has to be talking about Android, nobody cares about BB10, which isn't "his stuff". And breaking cryptography isn't about being better at maths, it is about finding mistakes in implementation. Does anyone really know how many implementation mistakes there are in Android alone that could help expose data? On top of that there were three very significant cryptography implementation errors exposed this week.
Wouldn’t finding and patching holes in their own locked down secure version of Android be something they are doing every day? That’s their product!10-27-17 04:14 PMLike 3 -
https://twitter.com/EFF/status/923625275555856384
https://www.engadget.com/2017/10/27/...le-encryption/10-27-17 04:45 PMLike 0 - Blackberry has always been a great device, even if people have said it's had its day! But why Mr Chen would come out with such a stupid statement is beyond me! People that have a Blackberry know what they want and how to get things done in their Business and Personal life, with the added security they can rely on. But his statement is not going to help things and would probably lose him sales.
Blackberry users don't want their phone security messed with or broken.
If he is trying to get me to buy an iPhone he can forget it!!!anon(8679041) likes this.10-27-17 07:17 PMLike 1 - Chen...Smart man: Sure I'll try to break the BlackBerry bb10.....I'll need a boatload of engineers and software developers...several thousand maybe...oh and infastructure...yeah I'll need that....oh and since 64 bit arm is the standard these days...I guess I should start by writing a bb10 for 64 bit, and then I get those same people to try to crack it, once they finished building it...we'll have to go out and sell a bunch though....cause what would be the point of breaking it otherwise. How much are you going to put up for us to try that again? Hmmm. that sounds about right. No guarantees we can break it, but I'm sure all those engineers will be diligently working away at bb11...oops I mean bb10.anon(8719892) likes this.10-27-17 08:53 PMLike 1
- Why is forbes asking BlackBerry about wiretapping for the Feds?.....do they think that the Google/Android cartel was and is still using BlackBerry's secure phones to continue co-ordinating their Android monopolizing market cornering?anon(8679041) likes this.10-27-17 09:39 PMLike 1
-
Though my KeyOne will be for work only and not a single personal and sensitive data will be on it.
And I'll have the iphone for personal use. I'll keep it clean of all Google/Facebook and other junk apps (junk not because they're bad, well, you know).10-28-17 03:38 AMLike 0 - If that is BB’s position, then Chen should have come out and said that? This stupid statement of “well, we promise to try but we might not be able to do it” doesn’t make anyone happy. The people who want strong encryption will say wait a minute, why would you try if you know your crypto is secure?
And the people who want LE to have access are left wondering what Chen is actually saying. Can they or can’t they decrypt user content? The CEO of a tech company ought to have some better idea than saying he’s committed to trying but then shrugging his shoulders and saying he doesn’t even know if they can. Is your stuff secure or isn’t it? You should have some idea if you’re calling yourselves one of the top security companies in the world and that’s basically the bulk of your entire value add in life.
I sold half my position in BB again today after looking again at the very odd results and guidance for IP licensing and then being reminded again that Chen is sort of an ***** a lot of the time.
Posted via CB1010-28-17 03:47 AMLike 0 - In the end, they got someone else to do it anyway.
This whole discussion is senseless. Use end to end encryption or don't. Use Telegram to nuke private chats after a set time, or don't.
Anything BlackBerry CAN decrypt, countless other agencies can already.
Chen is just trying to contribute to the global discussion to stave off mandatory, legislated rules for backdoor keys.
Chen doesn't seem like a CEO of a company that says that security it's in their core
He shouldn't be making this type of statements
But hey he sells androids now so..........
Posted via CB1010-28-17 03:53 AMLike 0 - So the CEO of a self-proclaimed world leader in security just told the world that IF a court orders them to do so, THEN they will attempt to find holes in their own secure Android?
Wouldn’t finding and patching holes in their own locked down secure version of Android be something they are doing every day? That’s their product!
I'm not sure what all the fuss is about. A bank will go on at length how secure their vaults are; but will open a safe deposit box when presented with a valid court order.
Anyone who has looked at the Signal Protocol knows that any proper implementation (like just compiling the source without changes) would not be vulnerable to cryptographic attacks. Any systems that carry the data, particularly ones that handle key material or mixed plain and cypher text may be vulnerable to other types of attacks.
BlackBerry really doesn't have 'their own Android'. As a developer you should be able to make this connection on your own, BlackBerry should have been able to make the connection before they claimed they would make Android the equal to BB10 in security, but for those who can't here is the reason. There is only so much any development team can do to change a code base controlled by a different team. At some point the code bases become so different that what they have, whether they want it or not, are two forks of the code. Maintaining a fork of Android substantially different from the main trunk would be a huge undertaking. People keep saying BlackBerry doesn't have the resources to patch BB10, do they have the resources to maintain a fork of Android that would be secure and meet Google requirements? Even if they did, the financial advantage of using the Android code base would be wiped out. The simple fact is that it would be cheaper ti continue development of BB10 than it would be to patch all the problems that we can infer exist in Android.
Could they examine the code, find vulnerabilities and submit them to Google to be patched? Sure, and they probably do. But again there is the resource disparity. What is the total impact of BlackBerry vs Google on the Android code base. What are the business implications of BlackBerry trying to do more than Google. If they could wipe out all the Android security problems in a short time and still make a profit, what does that say about Google.
One of the features of the security landscape of large code bases like Android is that it is more profitable to cherry pick bugs where they are likely to be found, and likely to be valuable. If law enforcement is asking, there is going to be value.
LeapSTR100-2/10.3.3.2205anon(8679041) likes this.10-28-17 09:33 AMLike 1 - No, he said when a court orders them to do so they will try to help law enforcement access the data. I can't read Chen's mind, but it has always been BlackBerry policy to assist law enforcement. They have not made a secret of that.
I'm not sure what all the fuss is about. A bank will go on at length how secure their vaults are; but will open a safe deposit box when presented with a valid court order.
Anyone who has looked at the Signal Protocol knows that any proper implementation (like just compiling the source without changes) would not be vulnerable to cryptographic attacks. Any systems that carry the data, particularly ones that handle key material or mixed plain and cypher text may be vulnerable to other types of attacks.
BlackBerry really doesn't have 'their own Android'. As a developer you should be able to make this connection on your own, BlackBerry should have been able to make the connection before they claimed they would make Android the equal to BB10 in security, but for those who can't here is the reason. There is only so much any development team can do to change a code base controlled by a different team. At some point the code bases become so different that what they have, whether they want it or not, are two forks of the code. Maintaining a fork of Android substantially different from the main trunk would be a huge undertaking. People keep saying BlackBerry doesn't have the resources to patch BB10, do they have the resources to maintain a fork of Android that would be secure and meet Google requirements? Even if they did, the financial advantage of using the Android code base would be wiped out. The simple fact is that it would be cheaper ti continue development of BB10 than it would be to patch all the problems that we can infer exist in Android.
Could they examine the code, find vulnerabilities and submit them to Google to be patched? Sure, and they probably do. But again there is the resource disparity. What is the total impact of BlackBerry vs Google on the Android code base. What are the business implications of BlackBerry trying to do more than Google. If they could wipe out all the Android security problems in a short time and still make a profit, what does that say about Google.
One of the features of the security landscape of large code bases like Android is that it is more profitable to cherry pick bugs where they are likely to be found, and likely to be valuable. If law enforcement is asking, there is going to be value.
LeapSTR100-2/10.3.3.2205
BlackBerry is implementing their own take on Kernel hardening, implementing and expanding the Qualcomm root of trust, and providing Integrity Detection algorithms to detect changes to system files and monitor odd behaviour. Basically "we're going to make it harder to get in, but if you do get in, we're going to lock you out".
One can argue statistically that this approach would be no more risky to an enterprise than BB10, thus making the case that they are both equally secure.Last edited by conite; 10-28-17 at 12:17 PM.
10-28-17 10:06 AMLike 0 - No, he said when a court orders them to do so they will try to help law enforcement access the data. I can't read Chen's mind, but it has always been BlackBerry policy to assist law enforcement. They have not made a secret of that.
I'm not sure what all the fuss is about. A bank will go on at length how secure their vaults are; but will open a safe deposit box when presented with a valid court order.
https://www.theverge.com/2016/3/30/1...ne-court-order
Separate from this, the claims in this article (if true) that BlackBerry is bypassing Canadian officials to deal with court orders is worrying. How can BlackBerry know that they're helping catch criminals and not political activists or wrongfully detained people? And if they do have a way to determine that, how does it compare to what officials would do?
BlackBerry hands over user data to help police 'kick ***,' insider says - Technology & Science - CBC News10-28-17 10:21 AMLike 0 - Could they examine the code, find vulnerabilities and submit them to Google to be patched? Sure, and they probably do. But again there is the resource disparity. What is the total impact of BlackBerry vs Google on the Android code base. What are the business implications of BlackBerry trying to do more than Google. If they could wipe out all the Android security problems in a short time and still make a profit, what does that say about Google.
As I said in this thread, https://forums.crackberry.com/blackb...oogle-1126681/ "I really think google can do it's job to protect all of android smartphones itself" from outside risks and we need real value added from BlackBerry which would be a game changer. If they can't for whatever reason then I don't see why they'd label their android phones with "most secure" or "... privacy" tags.10-28-17 11:46 AMLike 0 - BlackBerry is not trying to maintain a forked version of Android, nor are they analyzing and patching vulnerabilities - that's up to Google and component suppliers.
BlackBerry is implementing their own take on Kernel hardening, implementing and expanding the Qualcomm root of trust, and providing Integrity Detection algorithms to detect changes to system files and monitor odd behaviour. Basically "we're going to make it harder to get in, but if you do get in, we're going to lock you out".
One can argue statistically that this approach would be no more risky to an enterprise than BB10, thus making the case that they are both equally secure.
As far as finding and reporting Android vulnerabilities, it is Google's jobs, but many other organisations are involved.
LeapSTR100-2/10.3.3.220510-28-17 12:27 PMLike 0 -
He's waffling. BB10 still rock hard. Its going to take many months and MANY thousands of pounds for a foreign police force to even unlock a phone.06-02-19 06:07 PMLike 0 -
-
-
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
BlackBerry CEO: We'll Try To Break Our Own Encryption If Feds Demand It
« Hey folks, anyone out there having a problem to update Signal app?
|
Iphone spyware. Anyone see this article ? Stick with BB10. »
Similar Threads
-
BlackBerry Passport replacement battery?
By matthias_h in forum BlackBerry PassportReplies: 3Last Post: 11-08-17, 04:12 PM -
When will the Motion be available in Canada?
By True Canadian in forum BlackBerry MotionReplies: 40Last Post: 11-07-17, 10:44 PM -
Advice - which device to get "off the grid" and exorcise all things Apple from my life?
By JoannaDanielle in forum General BlackBerry News, Discussion & RumorsReplies: 11Last Post: 10-28-17, 05:20 AM -
Hub only accepts invitations inside Blackberry Calendar?
By Fred Wu in forum BlackBerry HUB+ SuiteReplies: 0Last Post: 10-26-17, 09:48 PM -
is there a way to add a logo to email signature in the Hub?
By ray689 in forum Android AppsReplies: 1Last Post: 10-26-17, 08:29 PM
LINK TO POST COPIED TO CLIPBOARD