1. tipplex's Avatar
    11-24-16 04:19 PM
  2. Richard Buckley's Avatar
    Interesting but not surprising read. Anyone who believe disk encryption on mobile phones is any significant protection should read this.

    LeapSTR100-2/10.3.2.2876
    Vistaus likes this.
    11-24-16 04:47 PM
  3. conite's Avatar
    The fact is, especially working with an EMM solution, it is secure enough.

    Encryption is just one piece of the overall security package.

    Nothing is impenetrable. Even BB10 has been hacked:
    http://www.cellebrite.com/Pages/blac...kberry-devices
    11-24-16 05:37 PM
  4. Vistaus's Avatar
    The fact is, especially working with an EMM solution, it is secure enough.

    Encryption is just one piece of the overall security package.

    Nothing is impenetrable. Even BB10 has been hacked:
    http://www.cellebrite.com/Pages/blac...kberry-devices
    Almost nothing. OTP encrypted chats are impenetrable due to, well, the use of OTP.

    Posted via CB10 using my amazing  Passport (OG Red) <3
    11-24-16 05:47 PM
  5. Richard Buckley's Avatar
    The fact is, especially working with an EMM solution, it is secure enough.

    Encryption is just one piece of the overall security package.

    Nothing is impenetrable. Even BB10 has been hacked:
    http://www.cellebrite.com/Pages/blac...kberry-devices
    "Secure enough" is a value judgment which must be based on a threat risk analysis. Which is why anyone who believes smartphone encryption is secure enough needs to read that article. Notice I didn't claim BlackBerry encryption provides any better security.

    But since you posted the corporate glossy, if I have the BlackBerry ID credentials the only reason I need their device and software would be to maintain evidentiary chain of custody.
    Decoding together with decryption (with known BlackBerry ID credentials) is enabled via UFED Physical Analyzer *

    LeapSTR100-2/10.3.2.2876
    11-24-16 07:39 PM
  6. conite's Avatar
    "Secure enough" is a value judgment which must be based on a threat risk analysis. Which is why anyone who believes smartphone encryption is secure enough needs to read that article. Notice I didn't claim BlackBerry encryption provides any better security.

    But since you posted the corporate glossy, if I have the BlackBerry ID credentials the only reason I need their device and software would be to maintain evidentiary chain of custody.



    LeapSTR100-2/10.3.2.2876
    Your quote just refers to backup extraction. The other elements do not require BBID credentials.
    11-24-16 07:52 PM
  7. Richard Buckley's Avatar
    Your quote just refers to backup extraction. The other elements do not require BBID credentials.
    We could tit for tat all night, but I'm sure you aren't suggesting they don't have similar capability for other platforms as well.

    LeapSTR100-2/10.3.2.2876
    11-24-16 08:05 PM
  8. conite's Avatar
    We could tit for tat all night, but I'm sure you aren't suggesting they don't have similar capability for other platforms as well.

    LeapSTR100-2/10.3.2.2876
    Agree 100%. All platforms are vulnerable.

    DTEK60 / Z30
    11-24-16 08:44 PM
  9. ohaiguise's Avatar
    Encryption is meant to protect your stuff from common thieves, not to make your data inaccessible to governments.

    There are some legitimate uses of things that governments can't control like Tor etc (journalists, investigators, people in oppressive regimes) but 99% of people really have no need for it, and a lot of them abuse it to look at illegal and obscene websites.
    Vistaus likes this.
    11-25-16 08:50 AM
  10. Vistaus's Avatar
    Encryption is meant to protect your stuff from common thieves, not to make your data inaccessible to governments.

    There are some legitimate uses of things that governments can't control like Tor etc (journalists, investigators, people in oppressive regimes) but 99% of people really have no need for it, and a lot of them abuse it to look at illegal and obscene websites.
    Tor has or at least had been hacked by the NSA.

    Posted via CB10 using my amazing  Passport (OG Red)
    Last edited by Vistaus; 11-26-16 at 12:49 AM.
    11-25-16 05:15 PM
  11. Richard Buckley's Avatar
    Encryption is meant to protect your stuff from common thieves, not to make your data inaccessible to governments.
    Actually both, depending on what memory is encrypted. It may help to have a look at what memory encryption actually accomplishes in practice.

    First let's examine the memory that may be encrypted. Smartphones -- with the exceptiion of Apple and some others -- come with two types of permanent storage, internal and external usually in the form of an SDCard. The SDCard is easily removed. In a short time with access to your phone either a common thief or a government agent (even one of your friends) can remove your SDCard, insert it in another device and copy all your files. Encryption is an obvious solution to this problem.

    The internal memory is more difficult to access in this way. But an organization with sufficient technology can remove the system permanent storage and gain access to it. iPhone passcode bypassed with NAND mirroring attack | Ars Technica

    So by encrypting memory, either internal or SDCard, you can protect your data from those who have the time, access and technology to remove the memory. But that isn't the only way to get passed the encryption.

    When the phone is running the CPU has to be able to access data in storage. This may seem like an obvious statement, but many people seem to forget to consider this when evaluating what protection memory encryption provides. At a minimum in order to boot the CPU has to be able to read the operating system files, so they must be unencrypted or the CPU hast to be able to obtain the key without any interaction with the user. Any programs that you want to run before the first user login also have to be able to get access to their data files. Similarly anything you want to be able to run while the phone is locked, maybe after the user has logged in after a reboot, have to be able to access their data when the phone is locked and especially when unlocked. If you want the phone to check your email accounts and notify you of new mail, the phone has to be able to access your email account credentials. The same goes for Facebook, Twitter, WhatsApp, etc. Even though encryption is enabled various programs have to be able to read files. The operating system will helpfully decrypt these files for them. Any malicious software that happens to be on the phone and has obtained appropriate permissions could read data that is encrypted in the file system.

    But there are other ways to bypass the encryption. BlackBerry 10 allows developers to request permission for their applications to work through the lock screen. The clock application does this. This is how we have bedside mode. When your BB10 device is locked and in bedside mode you can still access all the features of the clock. A miscreant with access could change or delete all your alarms. This may not sound very dangerous, and probably isn't but if you extend this to a service that has more extensive access it could be. Here is a video showing how to use Siri to bypass the lock screen and access some data on the phone while it is still locked. That is an iPhone 7 which is encrypted. http://www.iclarified.com/57887/newl...tos-more-video

    So encryption is an important security feature that can help protect your data, but it can also be rendered useless by other features that you may enable.
    11-25-16 06:35 PM
  12. anon(9742832)'s Avatar
    Truth is any phone can be secure, the user calls the tune. Load up on apps and the phone becomes less secure.
    11-26-16 10:02 AM
  13. Ronindan's Avatar
    Truth is any phone can be secure, the user calls the tune. Load up on apps and the phone becomes less secure.
    Not really - simple phones can be wiretapped.
    Vistaus likes this.
    11-26-16 10:54 AM
  14. mh1983's Avatar
    Truth is any phone can be secure, the user calls the tune. Load up on apps and the phone becomes less secure.
    As soon as it's connected to the Internet in some way, it's not secure.

    Posted via CB10
    11-26-16 11:20 AM
  15. Halifax Guy's Avatar
    As soon as it's connected to the Internet in some way, it's not secure.

    Posted via CB10
    A "phone" does not need to be connected to the Internet.

    Posted using a Q10, 10.3.2.2474.
    11-26-16 11:38 AM
  16. thurask's Avatar
    As soon as it's connected to the Internet in some way, it's not secure.

    Posted via CB10
    It doesn't even need that, with things like cell tower spoofers. Of course, that's more a government thing, but still.
    11-26-16 11:43 AM
  17. mh1983's Avatar
    A "phone" does not need to be connected to the Internet.

    Posted using a Q10, 10.3.2.2474.
    Gee, really? That's understood; I was responding to someone else who suggested it was just about loading up apps.
    11-26-16 03:46 PM
  18. Halifax Guy's Avatar
    Gee, really? That's understood; I was responding to someone else who suggested it was just about loading up apps.
    It didn't sound that way.

    Posted using a Q10, 10.3.2.2474.
    Vistaus likes this.
    11-26-16 05:42 PM

Similar Threads

  1. shop blackberry taxes?
    By mike kootnikoff in forum BlackBerry DTEK60
    Replies: 11
    Last Post: 11-25-16, 04:19 PM
  2. how do I transfer contacts from Z10 to the Cloud?
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 11-24-16, 03:58 PM
  3. Dream league soccer
    By varshith kumar in forum Android Apps (Amazon Store & APK Files)
    Replies: 0
    Last Post: 11-24-16, 03:17 PM
  4. Don't miss this rare $50 savings on the Sonos Play:1 speaker!
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 11-24-16, 02:40 PM
  5. my blackberry10 is not reading sim card
    By CrackBerry Question in forum Ask a Question
    Replies: 0
    Last Post: 11-24-16, 02:04 PM
LINK TO POST COPIED TO CLIPBOARD