-
- The vast majority of hacking isn't done for financial gain. Just look at the supposed one billion names and passwords that some Russian hacking group accumulated. Do you really need a billion accounts to steal all the money you can spend? I'm pretty sure less than 1000 accounts and you can steal all the money you will ever need.08-13-14 11:50 PMLike 0
- Root access was achieved at the conference last week. The listed device was a z10.
http://arstechnica.com/security/2014...acked-sort-of/
P.S. Anything can be rooted, it's just a matter of finding private encryption key which might take millions of years.
Posted via CB1008-14-14 01:24 AMLike 0 - Here's my take on the whole supposed "BlackBerry security issue".
Show me that you can root it or exploit it or GTFO. Otherwise your speculation is based on other platforms and their issues. I'm sure you'll spew off stats and articles to make me look "uneducated", but show me that it was done to specifically BlackBerry10 and QNX.
Z10 10.2.1.3175 via CB10
I do not understand why you ask me (personally) to root the device. I never claimed I could, but BB devices have been rooted before and probably will be again.
BlackBerry *devices* (with everything running on them) are expected to be secure. No matter if a flaw is found in the QNX kernel itself, the BB10 part on top of QNX or the baseband controller/software you can only turn to BlackBerry as they have chosen to implement the system as a whole using those components.
I have no idea how educated you are or not. It does not matter to me. Everybody are welcome to express their opinions as long as we can share our thoughts in a civilized way.
Since I started this thread I am not going to "Get The Fix Out" for you, but you are welcome to stay and debate with me and your fellow CB readers.08-14-14 02:15 AMLike 3 - Am I correct in saying that they didn?t root Z10 at the conference? Did anyone attend? Why most people say it could be done but no one has a screenshot or video? It's difficult to measure the difficulty of the task without some details. Hopefully there will be more information on this subject.
P.S. Anything can be rooted, it's just a matter of finding private encryption key which might take millions of years.
Posted via CB10
I'm in contacts with a senior security advisor from BlackBerry and I have only received a little information, which I have been asked not to share.
I could expect (pure speculation) BlackBerry has delayed publication of the exploit until it has been patched and deployed. This aligns very well with their "carrier approval" timing issue.
Your comment about breaking encryption is 100% spot on: Encryption is based on mathematical problems that cryptologists *consider* "hard to solve". "Hard to solve" means "a solution to the problem can be found, but not within reasonable time".
Assuming quantum computing kicks off, "reasonable time" for current crypto algorithms may be reduced to milliseconds and we have to look at using quantum cryptography instead.08-14-14 02:31 AMLike 0 - First of all,
There is security research on BB 10 and researchers are looking for kernel exploits and other vulnerabilities.
modzero - Security Advisories
https://www.sec-consult.com/fxdata/s...alysis_v10.pdf
https://www.duosecurity.com/blog/can...urity-research
Inside the Security Model of BlackBerry 10 | Threatpost | The first stop for security news
I would also include these, although not directly linked to security:
http://www.nist.gov/forensics/upload...nsics-FULL.pdf
iOS and BlackBerry Forensics
So far, we have seen one single Buffer Overflow (CVE-2014-2389) with "medium severity"
On the other hand there are dark areas like the webkit engine for the BB 10 browser.
The last patches are from 2013 (KB34779 and KB35021)
... and since js is always "on" in the BB 10 browser, there could be unpatched security holes, we are not aware of.
Hackers could think "Hey, it just worked for iOS and Android, let's have a look at BB 10".
But still: That's all academic. Just show me a real jailbreak or "it didn't happen".
The bottom line for me personally is simple:
I really wish to receive security updates immediately without approval from the carriers.
I don't care about updates of the GUI or any bug fixes in my contact app.
Apple is doing a great job here and of course this improves the security of iOS, so (also looking at the update mess of Android platforms), I do hope that BlackBerry can negotiate that with the carriers.08-14-14 04:13 AMLike 0 - I really wish to receive security updates immediately without approval from the carriers.
I don't care about updates of the GUI or any bug fixes in my contact app.
Apple is doing a great job here and of course this improves the security of iOS, so (also looking at the update mess of Android platforms), I do hope that BlackBerry can negotiate that with the carriers.vaioman likes this.08-14-14 05:35 AMLike 1 - I am not convinced that security patch release cycle is going to improve device security much. I have a windows on my desktop and receive regular updates from microsoft. It still gets a virus once in a while. On the other hand, I don't remember getting troubles on the Ubuntu. I believe that OS design plays an important role. BlackBerry put android into a sandbox, so most android root gain tools ain't working. Yes, malware can get privileged access within a sandbox and compromise barrier between android apps but it won't get to work perimeter or another sensitive area.
Posted via CB1008-14-14 01:21 PMLike 0 -
The most important parameter is time.
If you try to tell me that you can wait 6 months until a security hole in your system gets patched, I wish you good luck.
Just a few things I googled within seconds:
"Sawyer's Blackphone hack was in many ways already moot by the time he demonstrated it. In part, it relied on an already-patched problem in Blackphone’s remote wipe software, which Sawyer hadn’t downloaded" taken from
Blackphone goes to Def Con and gets hacked?sort of | Ars Technica
"Of the 26, a privilege escalation bug was already being exploited in the wild, Microsoft said. " taken from
Giant Internet Explorer Patch in August Patch Tuesday
Adobe patches Flash bug hackers are already exploiting - Computerworld
Or just read point 5 here Unpatched servers and other insurgents: Antisec vs. Booz Allen Hamilton - TechRepublic
That's true, but it's just another variable in the equation.
I am tempted to ask you not to patch Ubuntu for 6-12 months, but that's not the point here.
Hackers are like spiders.
They are weaving their nets to catch Windows users!
You can't feed a family with Ubuntu users, even if you do double shifts!
It's impossible.
That's why you never had a virus on your Ubuntu: Low marketshare.Last edited by Superdupont 2_0; 08-15-14 at 01:15 AM.
08-14-14 03:16 PMLike 0 - Third party tools/applications have been the bane of most operating systems. This: Hackers Can Control Your Phone Using a Tool That?s Already Built Into It | Threat Level | WIRED from wired points out to a vastly complicated attack using to quote "vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them"
The tested devices included: "were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven’t looked at Windows Mobile devices yet."
Another quote from the same article: "The researchers say there’s no sign that anyone has exploited the vulnerabilities in the wild, and the company that makes the tool has issued a fix that solves the problem. But it’s now up to carriers to distribute it to users in a firmware update."
Again not the baseline OS but a layer of management tools installed. Real question is if your using a proper MDM, does it negate this issue?08-15-14 01:46 PMLike 0 - That exploit of the carrier management tools is, sadly, something out of BlackBerry's control. But considering how much of the company's reputation lies in security, they should be a little tougher on the carriers in regards to this. If BlackBerry were in charge of their own updates the way Apple is, this could have been patched immediately or even avoided altogether - nearly all iPhones are unaffected as a result. I know it's easier said than done, but I do hope Chen and his team find a way to get the carriers to soften their stance on software updates. BlackBerry needs more control for the sake of their own reputation, not to mention a more consistent user experience for everyone.08-15-14 05:42 PMLike 0
- Third party tools/applications have been the bane of most operating systems. This: Hackers Can Control Your Phone Using a Tool That?s Already Built Into It | Threat Level | WIRED from wired [...]
There are two fundamental prerequisites for security:
1. Control
2. Knowledge
I wouldn't mind if Microsoft would pre-install Wireshark, Process Explorer, Teamviewer, etc. etc. ... on my Windows.
But if my local ISP would have control over any of these applications on my PERSONAL computer, I would show them a big @#!... and would tell them to �#!
At the moment I am waiting for more details from Accuvant Labs, but if it would turn out that carriers can really modify settings on BlackBerry handsets and execute code, the whole security model would be fundamentally compromised even with BES.
Nobody should use a handset when any (private/work) data on it could be compromised by the carrier. Period.
On the other hand:
Giving control to carriers could be a reasonable compromise for people who don't care about security/privacy.
If the carrier pushes security updates for the uneducated user, it could be reasonable compromise.
We know this security model from customized SOHO routers from certain ISPs and, it's so funny coincidence that actually there is a critical flaw in it which was just reported at Black Hat:
Major Problems with TR-069 | RouterCheck
But again:
If my carrier could meddle in my BlackBerry settings, I either change the carrier or my next phone will be an iPhone 6.
I would even go so far not to use any smartphones at all.undone likes this.08-16-14 06:54 AMLike 1 - I would like to add this presentation from Accuvant Labs.
Noticed only US carriers are using this.
p.59 claims OTA code execution found on BlackBerry, but not to what extent.Last edited by jpvj; 08-16-14 at 03:20 PM.
08-16-14 03:08 PMLike 0 - Lock the phone and problem solved.
What is entertaining is that the linux users of bb10 already knew about that so called security problem, except we didn't call it a security problem. We called it linux access to the phone. ;-) You can access memory on the phone as well as sdhc with samba.
I use dolphin instead of nautilus, but the same idea.
I'm not a big fan of samba. I use it, but don't routinely leave the daemon running.
Posted via CB1008-16-14 08:30 PMLike 0 -
Here is a list of OMA members and I speculate that at least they use OMA-DM clients on BlackBerry devices also outside the US:
Current Members
For example, also in Europe and other parts of the world, certain carriers
- push their logos on BB 7 and BB 10 devices (after booting).
- push service apps on the home screen
- in case of BB 7 even wallpapers
So, none of these require a critical permission (if any), which is good, but if you ever have installed a wallpaper app under BB 7, you probably remember that this required your device password, while wallpapers from certain carriers are installed without device password.
Questions: Why can a carrier push wallpapers and service apps to the BB7 screen without asking for the device password, while the user cannot? Which mechanism is used?
This story basically continued with BB 10 also outside the US.
Wherever you live, certain carriers often push service apps to the BB 10 screen, and we cannot delete them.
Same question again: Which mechanism is used?
Unfortunately, I do not know the answer, but I speculate that 3rd party (OMA-)DM software like redbend is involved here.
The bottom line is very simple:
A carrier/ISP should not be able to modify anything (even not my home screen) on my OS without my permission. That applies fundamentally to my personal computer AND my smartphone.
As long as we don't have transparency on this, I consider my BlackBerry as compromised.Last edited by Superdupont 2_0; 08-19-14 at 04:33 AM.
08-19-14 04:14 AMLike 0 - While I understand where you are coming from, in some areas I disagree.
If your phone is subsidized, I think it's ok for carriers to push their bloatware on the phone. Its like being ad supported. This is done on all the phones, not just BlackBerry. I've had it done to Iphones, Android and most recently my Windsuck phone.
If they are just installing their bloatware, I don't think the security is compromised, when you are subsidized. When you unlock your phone after owning your phone or buying the phone outright, then I would agree. The carrier shouldn't have the right to install Crap without your permission.
Posted via CB using my Q1008-21-14 08:36 PMLike 0 -
Did I say something like this in my previous posts?
I am concerned about the mechanism that is used to push these service apps.
That's a totally different story.
The mechanism could potentially be misused (by a crazy operator at my provider or MITM attackers) to modify settings on my phone.
That is my concern and the findings from Accuvant Labs (see above posts) are exactly about this kind of attack.08-22-14 12:33 AMLike 0 - But note all phones are subject to these service provider er um upgrades.
Let's say your phone goes a little psycho. (You may recall some Android app a few years ago that literally DDOSed T-mobile.) The networks need to stun gear that is screwing up the network. That is part of network management. So this back door will always be present to some degree.
What we all lack is some scheme to authenticate our tower connections. The MITM hacker and the cop with a Stingray present the same problem. That is, they look like a tower.
Right now, all security is designed to insure the wireless provider logs your usage and thus generates revenue. The system wasn't set up to stop MITM attacks.
The hacker MITM probably lacks crypto for the latest generation GSM modes (4g and LTE). The crypto wasn't mentioned at the Black Hat demo, but at the Defcon MITM attacks, they used GSM with no crypto. (The tower determines the crypto type or if used at all, not the phone. Your phone might alert you to no crypto being used.)
BB10 does have the ability to not use 2G towers. But my recollection is the crypto on 3G is also compromised. But turning off 2g if you don't need it makes sense. It can stop some MITM. Possibly forcing your phone to only use your carrier might also be useful.
Posted via CB1008-22-14 02:57 AMLike 0 -
I�ve heard that sort of argument a couple of times in totally different situations and it�s always meant as an excuse like �there is nothing wrong with what we do, because everybody does it.�
It never really convinced me and is actually only a good argument for blowflies when they go out for dinner.
But you probably refer to the "just buy an iPhone"-solution, and indeed I doubt that moving to an iPhone would completely solve this problem, I personally would rather completely move away from smartphones over the next years.
The service apps are only one small piece of the big puzzle, but let me make two short suggestions here:
1) BlackBerry could pre-install carrier apps before shipment, but make them removable.
2) Carrier apps could be made available as free downloads in BB World, no joke, I know people who are actually using these apps!
Finally, I am not totally against certain restricted carrier control.
For example, some carrieres support "carrier billing" in BB world, which is very convenient:
Setting up payment options in BlackBerry App World | Inside BlackBerry Help Blog
If my smartphone attacks the carrier network, just disable my SIM card and send me the bill.
Game over.
Oh yes, that is very good point, totally agree with you here, especially as I just proposed to kill my SIM card, when the network is under attack.
BTW, I believe BlackBerry's properly implemented authentication was always (and still is) one of the great advantages of BlackBerry�s NOC...though I have read somewhere that SHA-1 isn't the best algorithm anymore.
One of the reasons why I use BB solutions is because I am a business traveler and my communication is often exposed to �hostile� networks (another good reason is that BB 10 has by far the best GUI in the market).08-22-14 10:10 AMLike 0 - Somehow this doesn�t make it any better though.
I�ve heard that sort of argument a couple of times in totally different situations and it�s always meant as an excuse like �there is nothing wrong with what we do, because everybody does it.�
It never really convinced me and is actually only a good argument for blowflies when they go out for dinner.
But you probably refer to the "just buy an iPhone"-solution, and indeed I doubt that moving to an iPhone would completely solve this problem, I personally would rather completely move away from smartphones over the next years.
The service apps are only one small piece of the big puzzle, but let me make two short suggestions here:
1)BlackBerry could pre-install carrier apps before shipment, but make them removable.
2)Carrier apps could be made available as free downloads in BB World, no joke, I know people who are actually using these apps!
Finally, I am not totally against certain restricted carrier control.
For example, some carrieres support "carrier billing" in BB world, which is very convenient:
Setting up payment options in BlackBerry App World | Inside BlackBerry Help Blog
That�s probably the funniest thing I�ve ever heard about Android apps.
Good point and I fully understand the network managers, but there should be a simple mitigation:
If my smartphone attacks the carrier network, just disable my SIM card and send me the bill.
Game over.
Oh yes, that is very good point, totally agree with you here, especially as I just proposed to kill my SIM card, when the network is under attack.
BTW, I believe BlackBerry's properly implemented authentication was always (and still is) one of the great advantages of BlackBerry�s NOC...though I have read somewhere that SHA-1 isn't the best algorithm anymore.
Yes, in my case 2G is actually always off exactly for that reason (and because I have no disadvantage, as in my case the battery life didn�t decrease significantly).
One of the reasons why I use BB solutions is because I am a business traveler and my communication is often exposed to �hostile� networks (another good reason is that BB 10 has by far the best GUI in the market).
http://blog.youmail.com/post/13973547145/were-baaaacck
I know they pulled the app from the store. I don't recall if they pulled it from the phone itself.
Just how does one shut down a simcard remotely? Well you don't. You can chose not to let that phone get on the network, but you need to let the phone ask before you say no, hence it will still be pinging the network.
Think of Sheldon knocking on Penny's door. Penny can chose not to open the door, but Sheldon will still keep knocking.
I don't know for a fact the carrier can stun your phone, but stun is a feature in most digital mobile radio systems.
http://www.taitradio.com/products/dm...sation-privacy
Posted via CB1008-22-14 11:01 AMLike 0 -
I also know for a fact that Sheldon's ISP will stun his internet access, when he didn't pay the bill.
Finally, I also know for a fact that Sheldon can hack the planet from his phone or computer and no provider will stop him, but of course a few month later Sheldon will get a damage suit.
Just follow the money...08-22-14 04:15 PMLike 0 - I know for a fact that T-mobile will stun Sheldon's SIM card, when he didn't pay the bill at the end of the month.
I also know for a fact that Sheldon's ISP will stun his internet access, when he didn't pay the bill.
Finally, I also know for a fact that Sheldon can hack the planet from his phone or computer and no provider will stop him, but of course a few month later Sheldon will get a damage suit.
Just follow the money...
Posted via CB1008-22-14 11:55 PMLike 0 - @gariac
@jpvj
All good points, but I still don't see a need for OMA-DM here.
If my pc would start an attack, my local ISP would also not stun my pc...wouldn't even cut me off from the network, though this less invasive countermeasure could be a reasonable compromise.08-23-14 07:34 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
BlackBerry security thoughts (Warning: Long post)
« 10.3.xx.xxx @ STL100-1 battery level notification
|
So once again my "obsolete" phone saves the day... »
Similar Threads
-
Connecting Q10 via wifi with BlackBerry Link
By BermudaPool in forum BlackBerry Q10Replies: 5Last Post: 08-14-14, 04:06 PM -
T-Mobile and Blackberry Passport
By Calvin Harris in forum BlackBerry PassportReplies: 16Last Post: 08-14-14, 01:24 PM -
Blackberry wont turn on, HELP!!! please
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-13-14, 12:34 PM
LINK TO POST COPIED TO CLIPBOARD