[diegonei]

Yes true, through the Images app. I was trying to set one using settings. I was using one of the stock wallpapers. Nothing I can't fix later.

So if your phone craps out, you can't just plug your SD card to a computer. It won't recognize it.

Posted via CB10

That's correct.

Posted via CB10

[gariac]

If you password protect your BlackBerry, the internal data is fairly secure. Not as good as encryption, but BlackBerry doesn't have a history of lock screen issues, unlike the iphone.

Nothing on the SDHC is private.

Incidentally you can back up your BlackBerry data on a linux box if you really want security.

Posted via CB10

[trsbbs]

Now if we could get a quick setting for the controls. That would be handy.

Posted via Verizon Z10!

[HotFix]

Now if we could get a quick setting for the controls. That would be handy.

Posted via Verizon Z10!

Quick settings to encrypt and decrypt your storage? That's not something you do often.

Posted via CB10 on my Z30STA100-5/10.2.1.3337

[trsbbs]

Quick settings to encrypt and decrypt your storage? That's not something you do often.

Posted via CB10 on my Z30STA100-5/10.2.1.3337

Was referring to the "Parental controls" as per my other posts. Not encryption.

Posted via Verizon Z10!

[vgorous]

Why not link the encryption with our BlackBerry ID, rather than the phone? That way if your phone gets damaged, you can still decrypt your sd card.

Posted via CB10

[HotFix]

Why not link the encryption with our BlackBerry ID, rather than the phone? That way if your phone gets damaged, you can still decrypt your sd card.

Posted via CB10

Traditional encryption, like the type BlackBerry uses, is performed using a "key", not an ID, to encrypt and decrypt the files. That key is stored in your device OS, and a copy always has to be on your device otherwise you can't access files on your encrypted storage system.

If you are suggesting that BlackBerry also store the key on a system that your BlackBerry ID can access, then that is possible. However that opens up BlackBerry from a liability aspect for being the ones who are responsible for maintaining the key. Imagine if they lost your key and you needed it to decrypt data, or even worse it was stolen and used to access a lot of data you had encrypted. And then there is a potential cost to maintaining your keys.

Don't get me wrong, it is possible to store the keys somewhere in the cloud, but there are a number of aspects that make it something that would require some serious planning on their part.

Posted via CB10 on my Z30STA100-5/10.2.1.3337

[Carjackd]

I use the encryption but not on the SD card and I don't keep anything on my SD card that I'm not afraid others to see.

Posted Pantlessly via My Kick @ss Z30!!!

[bakron1]

I also use encryption on my z30, but not the SD card. I like the idea of my personal data having a layer of protection, something my iPhone 5s didn't have.

Sent from my Lovely z30 on T Mobile USA (10.3.0.1154)

[gariac]

I should point out that it was possible to crack the encryption on the phone based on data on the encrypted SD card. So for a while, it was suggested not to encrypt the SD card, just the phone. I believe that issue no longer exists, but it would be worth an internet search if somebody is really paranoid.

Actually this coming back to me. Elcomsoft.

http://www.elcomsoft.com/

That should narrow your search.



Posted via CB10

[Richard Buckley]

I should point out that it was possible to crack the encryption on the phone based on data on the encrypted SD card. So for a while, it was suggested not to encrypt the SD card, just the phone. I believe that issue no longer exists, but it would be worth an internet search if somebody is really paranoid.

Actually this coming back to me. Elcomsoft.

http://www.elcomsoft.com/

That should narrow your search.



Posted via CB10

There was a vulnerability found that could use files encrypted on the SDCARD to determine the device password. That was in the BBOS days and was fixed years ago.

Posted via CB10

[fpjones3]

Will it make a difference if you use a password on the device and leave it unencrypted?

[Richard Buckley]

Will it make a difference if you use a password on the device and leave it unencrypted?

The TL;DR is yes it makes a big difference. Using a good password on the device gets you lots of protection without too much effort, especially if you use picture password.

I think a lot of people missunderstand what protection device encryption gives you. If an attacker can convince the device they are you by guessing your password, or by finding a vulnerability that gets them past the lock screen the device encryption will have no effect at all. If the device is running, then it has to be able to decrypt the internal storage.

What device encryption protects you from is someone getting your device and accessing the storage by technical means. Removing the memory and reading it out on another computer. Or booting a different OS where they have full access to the storage image.

That is a pretty high bar. So for most people a good device password is sufficient.

The SDCARD is different because it is easy to remove and read on a laptop, or other smartphone.

Posted via CB10

[gariac]

As long as the lock screen works, ad password should be enough security for most people. But it depends on the lock being secure. OK of BlackBerry, not so good on others phones.

IOS 7 had three lock screen bugs. One exploit will not be fixed in 7. The lock screen can be bypassed with Siri enabled. Samsung has lock screen bugs often.

There is some option in bb10 to have messages appear on the screen. I disabled that. Probably BlackBerry being BlackBerry, it is secure, but I see this as another attack vector.

Posted via CB10

[Richard Buckley]

As long as the lock screen works, ad password should be enough security for most people. But it depends on the lock being secure. OK of BlackBerry, not so good on others phones.

IOS 7 had three lock screen bugs. One exploit will not be fixed in 7. The lock screen can be bypassed with Siri enabled. Samsung has lock screen bugs often.

There is some option in bb10 to have messages appear on the screen. I disabled that. Probably BlackBerry being BlackBerry, it is secure, but I see this as another attack vector.

Posted via CB10

The point in the context of the current thread is that if the lock screen can be bypassed encryption of the device memory is useless. In fact all recent iOS devices have device encryption on all the time. But, as you pointed out, lock screen bypasses are a problem.

Posted via CB10

[gariac]

History is full of programmers that have screwed up lock screens. Remember, desk top PCs use lock screens too. The lock screen is one thing you don't mess with once you have it right.

http://www.itnews.com.au/News/384036...old-enter.aspx

We are talking lynch pin here.

Yet the US government buys iphones. Not so much at the DOS, but the DOJ are real fanbois. The DOD seems to have abandoned iphones, but use ipads.

BTW, BlackBerry World has lock screen apps. Seriously, who would trust a lock screen app? And why would BlackBerry approve such apps?

Android has them too.

http://android.appstorm.net/roundups...r-lock-screen/

But worst of all is Apple adding yes another attack vector in IOS8:

http://m.fastcompany.com/3031503/mos...based-on-locat



Posted via CB10

[diegonei]

I think a lot of people missunderstand what protection device encryption gives you. If an attacker can convince the device they are you by guessing your password, or by finding a vulnerability that gets them past the lock screen the device encryption will have no effect at all. If the device is running, then it has to be able to decrypt the internal storage.

Haflway right. If somebody is eavesdropping on your connection, having it enabled will mean he won't be able to see what's going on. No email, PIM, appointment, location data or attchment will be compromised.

People don't need to break your password to be grabbign info from an open WiFi hotspot.

There is some option in bb10 to have messages appear on the screen. I disabled that. Probably BlackBerry being BlackBerry, it is secure, but I see this as another attack vector.

Suit yourself, but it only opens after the right password is entered. 10 wrong attempts wipes the device as usual.

So far, no news of a way to bypass the BB10 lockscreen.

[trsbbs]

Haflway right. If somebody is eavesdropping on your connection, having it enabled will mean he won't be able to see what's going on. No email, PIM, appointment, location data or attchment will be compromised.

People don't need to break your password to be grabbign info from an open WiFi hotspot.

.

Thus I use a VPN.

Posted via Verizon Z10!

[akavbb]

Why not link the encryption with our BlackBerry ID, rather than the phone? That way if your phone gets damaged, you can still decrypt your sd card.

Posted via CB10

Could not agree more...

Posted via CB10 | STL100-2 | Waiting for the mighty Squircle to return.

[Richard Buckley]

Haflway right. If somebody is eavesdropping on your connection, having it enabled will mean he won't be able to see what's going on. No email, PIM, appointment, location data or attchment will be compromised.

People don't need to break your password to be grabbign info from an open WiFi hotspot.

Device encryption has nothing to do with securing communications. For that you want ubiquitous SSL, or better a VPN. Encrypting device storage won't protect you from eavesdropping on a Wi-Fi hotspot.


Posted via CB10

[gariac]

Haflway right. If somebody is eavesdropping on your connection, having it enabled will mean he won't be able to see what's going on. No email, PIM, appointment, location data or attchment will be compromised.

People don't need to break your password to be grabbign info from an open WiFi hotspot.



Suit yourself, but it only opens after the right password is entered. 10 wrong attempts wipes the device as usual.

So far, no news of a way to bypass the BB10 lockscreen.

No. Everything you put on the lock screen is an attack surface. This is zero to do with the number of password attemps, but rather you have added another vector.

http://en.m.wikipedia.org/wiki/Attack_surface

By putting crap on the lock screen, Apple has managed to screw up multiple times. Same for Samsung.

Secure lock screen programming is way harder than you think. Less is more, because less decreases the attack surface.


Posted via CB10

[diegonei]

Whatever you say, mate. Fact still remains that the lock screen on BlackBerry 10 still takes you to the password, no matter how you try to unlock the device.

Posted via CB10

[gariac]

Whatever you say, mate. Fact still remains that the lock screen on BlackBerry 10 still takes you to the password, no matter how you try to unlock the device.

Posted via CB10

You don't get it. Hackers need to exploit the attack surface. If there is a bug in the how the messages are displayed on the lock screen, they would hack it without having to enter the password.

Not to pick on Apple, but they suck at lock screen, so let me use them as an example of increasing the attack surface. You can use Siri on a locked iphone. But there us a lock screen bypass using Siri that isn't patched in IOS7. Apple increased the attack surface and made the lock screen less secure.

Look at this now patched Android lock screen bypass:

http://m.androidcentral.com/samsung-...ulous-trickery

You don't need the password. That is why you call it a hack. Every feature you put on the lock screen increases the attack surface, hence you want as few functions on the lock screen as possible.


Posted via CB10

[vrud]

Device memory encryption prevents an attacker from extracting flash memory chip from the device and reading information from it using some electronic tools. Personally I find likelihood of this happening to my Z10 small.

Properly implemented device encryption must also erase RAM memory blocks that keep private key to decrypt the data.
If this is not done, then an attacker can read RAM blocks and find the key to read photos from flash.
This was easily done on android phones with unlocked bootloader (search for frost) but I haven't seen similar cases for BB, perhaps due to locked bootloader or maybe due to wiping of the keys.

I don't encrypt my Z10 but I do have a strong password.

[diegonei]

You don't get it.
No, I did get your point. I didn't dismiss it. I offered a fact instead.

Hackers need to exploit the attack surface. If there is a bug in the how the messages are displayed on the lock screen, they would hack it without having to enter the password.

If being the keyword. So far, there doesn't seem to be one.

Posted via CB10

I got your point. Did you get mine?

BB10 is indeed coded with security in mind since the device is to be used by government reps and top execs. Just because a feature is prone to issues and security breaches in other platforms, it does not means the same hold for BB10.

So what lock screen gimmicks make for another attack vector if the holes are plucked? That's my point. The device won't unlock if you have a password set if the password isn't entered and untill we SEE the bug/exploit proving this wrong, this is my final statement on this.

So far, there is no such issue.