09-02-14 01:19 PM
58 123
tools
  1. propeller10's Avatar
    Can you please point that out?

    Z10 10.2.2.xxxx
    http://forums.crackberry.com/android...inutes-951479/
    00_Agent likes this.
    08-13-14 09:30 PM
  2. early2bed's Avatar
    can anyone explain me why the marketshare is important? fortune500 companies and governments use blacbkerry, they are alone worth more than all the iphone users and android users together... why would you hack a 16 year old teen girl's phone...
    The vast majority of hacking isn't done for financial gain. Just look at the supposed one billion names and passwords that some Russian hacking group accumulated. Do you really need a billion accounts to steal all the money you can spend? I'm pretty sure less than 1000 accounts and you can steal all the money you will ever need.
    08-14-14 12:50 AM
  3. vrud's Avatar
    Root access was achieved at the conference last week. The listed device was a z10.

    http://arstechnica.com/security/2014...acked-sort-of/
    Am I correct in saying that they didn?t root Z10 at the conference? Did anyone attend? Why most people say it could be done but no one has a screenshot or video? It's difficult to measure the difficulty of the task without some details. Hopefully there will be more information on this subject.

    P.S. Anything can be rooted, it's just a matter of finding private encryption key which might take millions of years.

    Posted via CB10
    08-14-14 02:24 AM
  4. jpvj's Avatar
    Here's my take on the whole supposed "BlackBerry security issue".

    Show me that you can root it or exploit it or GTFO. Otherwise your speculation is based on other platforms and their issues. I'm sure you'll spew off stats and articles to make me look "uneducated", but show me that it was done to specifically BlackBerry10 and QNX.

    Z10 10.2.1.3175 via CB10
    I understand the abbreviation QNX, but GTFO is not in my list. Does it mean "Get The Fix Out"? :-)

    I do not understand why you ask me (personally) to root the device. I never claimed I could, but BB devices have been rooted before and probably will be again.

    BlackBerry *devices* (with everything running on them) are expected to be secure. No matter if a flaw is found in the QNX kernel itself, the BB10 part on top of QNX or the baseband controller/software you can only turn to BlackBerry as they have chosen to implement the system as a whole using those components.

    I have no idea how educated you are or not. It does not matter to me. Everybody are welcome to express their opinions as long as we can share our thoughts in a civilized way.

    Since I started this thread I am not going to "Get The Fix Out" for you, but you are welcome to stay and debate with me and your fellow CB readers.
    08-14-14 03:15 AM
  5. jpvj's Avatar
    Am I correct in saying that they didn?t root Z10 at the conference? Did anyone attend? Why most people say it could be done but no one has a screenshot or video? It's difficult to measure the difficulty of the task without some details. Hopefully there will be more information on this subject.

    P.S. Anything can be rooted, it's just a matter of finding private encryption key which might take millions of years.

    Posted via CB10
    What you wrote is key: So far we have not seen any demonstration of the exploit on BB10.

    I'm in contacts with a senior security advisor from BlackBerry and I have only received a little information, which I have been asked not to share.

    I could expect (pure speculation) BlackBerry has delayed publication of the exploit until it has been patched and deployed. This aligns very well with their "carrier approval" timing issue.

    Your comment about breaking encryption is 100% spot on: Encryption is based on mathematical problems that cryptologists *consider* "hard to solve". "Hard to solve" means "a solution to the problem can be found, but not within reasonable time".
    Assuming quantum computing kicks off, "reasonable time" for current crypto algorithms may be reduced to milliseconds and we have to look at using quantum cryptography instead.
    08-14-14 03:31 AM
  6. Superdupont 2_0's Avatar
    First of all,

    There is security research on BB 10 and researchers are looking for kernel exploits and other vulnerabilities.

    modzero - Security Advisories

    https://www.sec-consult.com/fxdata/s...alysis_v10.pdf

    https://www.duosecurity.com/blog/can...urity-research

    Inside the Security Model of BlackBerry 10 | Threatpost | The first stop for security news


    I would also include these, although not directly linked to security:

    http://www.nist.gov/forensics/upload...nsics-FULL.pdf

    iOS and BlackBerry Forensics


    So far, we have seen one single Buffer Overflow (CVE-2014-2389) with "medium severity"

    On the other hand there are dark areas like the webkit engine for the BB 10 browser.
    The last patches are from 2013 (KB34779 and KB35021)

    ... and since js is always "on" in the BB 10 browser, there could be unpatched security holes, we are not aware of.
    Hackers could think "Hey, it just worked for iOS and Android, let's have a look at BB 10".

    But still: That's all academic. Just show me a real jailbreak or "it didn't happen".

    The bottom line for me personally is simple:

    I really wish to receive security updates immediately without approval from the carriers.
    I don't care about updates of the GUI or any bug fixes in my contact app.
    Apple is doing a great job here and of course this improves the security of iOS, so (also looking at the update mess of Android platforms), I do hope that BlackBerry can negotiate that with the carriers.
    08-14-14 05:13 AM
  7. jpvj's Avatar
    I really wish to receive security updates immediately without approval from the carriers.
    I don't care about updates of the GUI or any bug fixes in my contact app.
    Apple is doing a great job here and of course this improves the security of iOS, so (also looking at the update mess of Android platforms), I do hope that BlackBerry can negotiate that with the carriers.
    +1
    vaioman likes this.
    08-14-14 06:35 AM
  8. jiminica's Avatar
    Loved the comment "reality show for geeks.."

    Posted via CB using my Q10
    08-14-14 06:59 AM
  9. vrud's Avatar
    I am not convinced that security patch release cycle is going to improve device security much. I have a windows on my desktop and receive regular updates from microsoft. It still gets a virus once in a while. On the other hand, I don't remember getting troubles on the Ubuntu. I believe that OS design plays an important role. BlackBerry put android into a sandbox, so most android root gain tools ain't working. Yes, malware can get privileged access within a sandbox and compromise barrier between android apps but it won't get to work perimeter or another sensitive area.

    Posted via CB10
    08-14-14 02:21 PM
  10. Superdupont 2_0's Avatar
    I am not convinced that security patch release cycle is going to improve device security much.
    Security is a complex probability calculation with a lots of parameters.
    The most important parameter is time.

    If you try to tell me that you can wait 6 months until a security hole in your system gets patched, I wish you good luck.


    Just a few things I googled within seconds:


    "Sawyer's Blackphone hack was in many ways already moot by the time he demonstrated it. In part, it relied on an already-patched problem in Blackphone’s remote wipe software, which Sawyer hadn’t downloaded" taken from
    Blackphone goes to Def Con and gets hacked?sort of | Ars Technica

    "Of the 26, a privilege escalation bug was already being exploited in the wild, Microsoft said. " taken from
    Giant Internet Explorer Patch in August Patch Tuesday

    Adobe patches Flash bug hackers are already exploiting - Computerworld


    Or just read point 5 here Unpatched servers and other insurgents: Antisec vs. Booz Allen Hamilton - TechRepublic


    I believe that OS design plays an important role.
    That's true, but it's just another variable in the equation.

    I don't remember getting troubles on the Ubuntu.
    I am tempted to ask you not to patch Ubuntu for 6-12 months, but that's not the point here.

    Hackers are like spiders.
    They are weaving their nets to catch Windows users!
    You can't feed a family with Ubuntu users, even if you do double shifts!
    It's impossible.

    That's why you never had a virus on your Ubuntu: Low marketshare.
    Last edited by Superdupont 2_0; 08-15-14 at 02:15 AM.
    08-14-14 04:16 PM
  11. undone's Avatar
    Third party tools/applications have been the bane of most operating systems. This: Hackers Can Control Your Phone Using a Tool That?s Already Built Into It | Threat Level | WIRED from wired points out to a vastly complicated attack using to quote "vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them"

    The tested devices included: "were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven’t looked at Windows Mobile devices yet."

    Another quote from the same article: "The researchers say there’s no sign that anyone has exploited the vulnerabilities in the wild, and the company that makes the tool has issued a fix that solves the problem. But it’s now up to carriers to distribute it to users in a firmware update."

    Again not the baseline OS but a layer of management tools installed. Real question is if your using a proper MDM, does it negate this issue?
    08-15-14 02:46 PM
  12. LazyEvul's Avatar
    That exploit of the carrier management tools is, sadly, something out of BlackBerry's control. But considering how much of the company's reputation lies in security, they should be a little tougher on the carriers in regards to this. If BlackBerry were in charge of their own updates the way Apple is, this could have been patched immediately or even avoided altogether - nearly all iPhones are unaffected as a result. I know it's easier said than done, but I do hope Chen and his team find a way to get the carriers to soften their stance on software updates. BlackBerry needs more control for the sake of their own reputation, not to mention a more consistent user experience for everyone.
    08-15-14 06:42 PM
  13. Superdupont 2_0's Avatar
    Third party tools/applications have been the bane of most operating systems. This: Hackers Can Control Your Phone Using a Tool That?s Already Built Into It | Threat Level | WIRED from wired [...]
    I would like to add this presentation from Accuvant Labs.

    There are two fundamental prerequisites for security:

    1. Control
    2. Knowledge

    I wouldn't mind if Microsoft would pre-install Wireshark, Process Explorer, Teamviewer, etc. etc. ... on my Windows.
    But if my local ISP would have control over any of these applications on my PERSONAL computer, I would show them a big @#!... and would tell them to #!

    At the moment I am waiting for more details from Accuvant Labs, but if it would turn out that carriers can really modify settings on BlackBerry handsets and execute code, the whole security model would be fundamentally compromised even with BES.
    Nobody should use a handset when any (private/work) data on it could be compromised by the carrier. Period.


    On the other hand:
    Giving control to carriers could be a reasonable compromise for people who don't care about security/privacy.
    If the carrier pushes security updates for the uneducated user, it could be reasonable compromise.
    We know this security model from customized SOHO routers from certain ISPs and, it's so funny coincidence that actually there is a critical flaw in it which was just reported at Black Hat:

    Major Problems with TR-069 | RouterCheck


    But again:
    If my carrier could meddle in my BlackBerry settings, I either change the carrier or my next phone will be an iPhone 6.
    I would even go so far not to use any smartphones at all.
    undone likes this.
    08-16-14 07:54 AM
  14. jpvj's Avatar
    I would like to add this presentation from Accuvant Labs.
    I just love p. 4 in that presentation.

    Noticed only US carriers are using this.

    p.59 claims OTA code execution found on BlackBerry, but not to what extent.
    Last edited by jpvj; 08-16-14 at 04:20 PM.
    08-16-14 04:08 PM
  15. gariac's Avatar
    Lock the phone and problem solved.

    What is entertaining is that the linux users of bb10 already knew about that so called security problem, except we didn't call it a security problem. We called it linux access to the phone. ;-) You can access memory on the phone as well as sdhc with samba.

    I use dolphin instead of nautilus, but the same idea.

    I'm not a big fan of samba. I use it, but don't routinely leave the daemon running.




    Posted via CB10
    08-16-14 09:30 PM
  16. Superdupont 2_0's Avatar
    I just love p. 4 in that presentation.

    Noticed only US carriers are using this.

    p.59 claims OTA code execution found on BlackBerry, but not to what extent.
    Yes, page 10 indicates that OMA-DM clients are not installed „worldwide“, but that is not very specific and not every carrier is a OMA member etc etc. ...

    Here is a list of OMA members and I speculate that at least they use OMA-DM clients on BlackBerry devices also outside the US:
    Current Members

    For example, also in Europe and other parts of the world, certain carriers

    - push their logos on BB 7 and BB 10 devices (after booting).
    - push service apps on the home screen
    - in case of BB 7 even wallpapers

    So, none of these require a critical permission (if any), which is good, but if you ever have installed a wallpaper app under BB 7, you probably remember that this required your device password, while wallpapers from certain carriers are installed without device password.

    Questions: Why can a carrier push wallpapers and service apps to the BB7 screen without asking for the device password, while the user cannot? Which mechanism is used?

    This story basically continued with BB 10 also outside the US.
    Wherever you live, certain carriers often push service apps to the BB 10 screen, and we cannot delete them.

    Same question again: Which mechanism is used?

    Unfortunately, I do not know the answer, but I speculate that 3rd party (OMA-)DM software like redbend is involved here.

    The bottom line is very simple:

    A carrier/ISP should not be able to modify anything (even not my home screen) on my OS without my permission. That applies fundamentally to my personal computer AND my smartphone.

    As long as we don't have transparency on this, I consider my BlackBerry as compromised.
    Last edited by Superdupont 2_0; 08-19-14 at 05:33 AM.
    08-19-14 05:14 AM
  17. jiminica's Avatar
    While I understand where you are coming from, in some areas I disagree.

    If your phone is subsidized, I think it's ok for carriers to push their bloatware on the phone. Its like being ad supported. This is done on all the phones, not just BlackBerry. I've had it done to Iphones, Android and most recently my Windsuck phone.

    If they are just installing their bloatware, I don't think the security is compromised, when you are subsidized. When you unlock your phone after owning your phone or buying the phone outright, then I would agree. The carrier shouldn't have the right to install Crap without your permission.


    Posted via CB using my Q10
    08-21-14 09:36 PM
  18. Superdupont 2_0's Avatar
    [...] If they are just installing their bloatware, I don't think the security is compromised, when you are subsidized. [...]
    Posted via CB using my Q10
    I don't think that a harmless wallpaper or service app compromises the security of any smartphone.
    Did I say something like this in my previous posts?

    I am concerned about the mechanism that is used to push these service apps.
    That's a totally different story.
    The mechanism could potentially be misused (by a crazy operator at my provider or MITM attackers) to modify settings on my phone.
    That is my concern and the findings from Accuvant Labs (see above posts) are exactly about this kind of attack.
    08-22-14 01:33 AM
  19. gariac's Avatar
    But note all phones are subject to these service provider er um upgrades.

    Let's say your phone goes a little psycho. (You may recall some Android app a few years ago that literally DDOSed T-mobile.) The networks need to stun gear that is screwing up the network. That is part of network management. So this back door will always be present to some degree.

    What we all lack is some scheme to authenticate our tower connections. The MITM hacker and the cop with a Stingray present the same problem. That is, they look like a tower.

    Right now, all security is designed to insure the wireless provider logs your usage and thus generates revenue. The system wasn't set up to stop MITM attacks.

    The hacker MITM probably lacks crypto for the latest generation GSM modes (4g and LTE). The crypto wasn't mentioned at the Black Hat demo, but at the Defcon MITM attacks, they used GSM with no crypto. (The tower determines the crypto type or if used at all, not the phone. Your phone might alert you to no crypto being used.)

    BB10 does have the ability to not use 2G towers. But my recollection is the crypto on 3G is also compromised. But turning off 2g if you don't need it makes sense. It can stop some MITM. Possibly forcing your phone to only use your carrier might also be useful.

    Posted via CB10
    08-22-14 03:57 AM
  20. Superdupont 2_0's Avatar
    But note all phones are subject to these service provider er um upgrades.
    Somehow this doesnt make it any better though.

    Ive heard that sort of argument a couple of times in totally different situations and its always meant as an excuse like there is nothing wrong with what we do, because everybody does it.

    It never really convinced me and is actually only a good argument for blowflies when they go out for dinner.

    But you probably refer to the "just buy an iPhone"-solution, and indeed I doubt that moving to an iPhone would completely solve this problem, I personally would rather completely move away from smartphones over the next years.

    The service apps are only one small piece of the big puzzle, but let me make two short suggestions here:

    1) BlackBerry could pre-install carrier apps before shipment, but make them removable.

    2) Carrier apps could be made available as free downloads in BB World, no joke, I know people who are actually using these apps!

    Finally, I am not totally against certain restricted carrier control.
    For example, some carrieres support "carrier billing" in BB world, which is very convenient:
    Setting up payment options in BlackBerry App World | Inside BlackBerry Help Blog


    Let's say your phone goes a little psycho. (You may recall some Android app a few years ago that literally DDOSed T-mobile.)
    Thats probably the funniest thing Ive ever heard about Android apps.

    The networks need to stun gear that is screwing up the network. That is part of network management. So this back door will always be present to some degree.
    Good point and I fully understand the network managers, but there should be a simple mitigation:

    If my smartphone attacks the carrier network, just disable my SIM card and send me the bill.
    Game over.



    What we all lack is some scheme to authenticate our tower connections.
    Oh yes, that is very good point, totally agree with you here, especially as I just proposed to kill my SIM card, when the network is under attack.

    BTW, I believe BlackBerry's properly implemented authentication was always (and still is) one of the great advantages of BlackBerrys NOC...though I have read somewhere that SHA-1 isn't the best algorithm anymore.

    BB10 does have the ability to not use 2G towers. But my recollection is the crypto on 3G is also compromised. But turning off 2g if you don't need it makes sense.
    Yes, in my case 2G is actually always off exactly for that reason (and because I have no disadvantage, as in my case the battery life didnt decrease significantly).

    Possibly forcing your phone to only use your carrier might also be useful.
    One of the reasons why I use BB solutions is because I am a business traveler and my communication is often exposed to hostile networks (another good reason is that BB 10 has by far the best GUI in the market).
    08-22-14 11:10 AM
  21. gariac's Avatar
    Somehow this doesnt make it any better though.

    Ive heard that sort of argument a couple of times in totally different situations and its always meant as an excuse like there is nothing wrong with what we do, because everybody does it.

    It never really convinced me and is actually only a good argument for blowflies when they go out for dinner.

    But you probably refer to the "just buy an iPhone"-solution, and indeed I doubt that moving to an iPhone would completely solve this problem, I personally would rather completely move away from smartphones over the next years.

    The service apps are only one small piece of the big puzzle, but let me make two short suggestions here:

    1)BlackBerry could pre-install carrier apps before shipment, but make them removable.

    2)Carrier apps could be made available as free downloads in BB World, no joke, I know people who are actually using these apps!

    Finally, I am not totally against certain restricted carrier control.
    For example, some carrieres support "carrier billing" in BB world, which is very convenient:
    Setting up payment options in BlackBerry App World | Inside BlackBerry Help Blog




    Thats probably the funniest thing Ive ever heard about Android apps.



    Good point and I fully understand the network managers, but there should be a simple mitigation:

    If my smartphone attacks the carrier network, just disable my SIM card and send me the bill.
    Game over.





    Oh yes, that is very good point, totally agree with you here, especially as I just proposed to kill my SIM card, when the network is under attack.

    BTW, I believe BlackBerry's properly implemented authentication was always (and still is) one of the great advantages of BlackBerrys NOC...though I have read somewhere that SHA-1 isn't the best algorithm anymore.



    Yes, in my case 2G is actually always off exactly for that reason (and because I have no disadvantage, as in my case the battery life didnt decrease significantly).



    One of the reasons why I use BB solutions is because I am a business traveler and my communication is often exposed to hostile networks (another good reason is that BB 10 has by far the best GUI in the market).
    Here is one of the stories regarding apps taxing the tower:
    http://blog.youmail.com/post/13973547145/were-baaaacck

    I know they pulled the app from the store. I don't recall if they pulled it from the phone itself.

    Just how does one shut down a simcard remotely? Well you don't. You can chose not to let that phone get on the network, but you need to let the phone ask before you say no, hence it will still be pinging the network.

    Think of Sheldon knocking on Penny's door. Penny can chose not to open the door, but Sheldon will still keep knocking.



    I don't know for a fact the carrier can stun your phone, but stun is a feature in most digital mobile radio systems.


    http://www.taitradio.com/products/dm...sation-privacy


    Posted via CB10
    08-22-14 12:01 PM
  22. Superdupont 2_0's Avatar
    [...] Think of Sheldon knocking on Penny's door. Penny can chose not to open the door, but Sheldon will still keep knocking. [...] I don't know for a fact the carrier can stun your phone, but stun is a feature in most digital mobile radio systems.
    I know for a fact that T-mobile will stun Sheldon's SIM card, when he didn't pay the bill at the end of the month.
    I also know for a fact that Sheldon's ISP will stun his internet access, when he didn't pay the bill.

    Finally, I also know for a fact that Sheldon can hack the planet from his phone or computer and no provider will stop him, but of course a few month later Sheldon will get a damage suit.

    Just follow the money...
    08-22-14 05:15 PM
  23. gariac's Avatar
    I know for a fact that T-mobile will stun Sheldon's SIM card, when he didn't pay the bill at the end of the month.
    I also know for a fact that Sheldon's ISP will stun his internet access, when he didn't pay the bill.

    Finally, I also know for a fact that Sheldon can hack the planet from his phone or computer and no provider will stop him, but of course a few month later Sheldon will get a damage suit.

    Just follow the money...
    No, T-mobile will ignore the simcard by not letting the phone onto the network. When the bill is paid, it will be enabled again.



    Posted via CB10
    08-23-14 12:55 AM
  24. jpvj's Avatar
    But the device will still try to contact the network only to be told "no service available". If the device behaves as it should nothing should happen until you restart the device (opposite of Sheldon)

    Posted via CB10
    08-23-14 03:56 AM
  25. Superdupont 2_0's Avatar
    @gariac
    @jpvj

    All good points, but I still don't see a need for OMA-DM here.

    If my pc would start an attack, my local ISP would also not stun my pc...wouldn't even cut me off from the network, though this less invasive countermeasure could be a reasonable compromise.
    08-23-14 08:34 AM
58 123

Similar Threads

  1. Connecting Q10 via wifi with BlackBerry Link
    By BermudaPool in forum BlackBerry Q10
    Replies: 5
    Last Post: 08-14-14, 05:06 PM
  2. T-Mobile and Blackberry Passport
    By Calvin Harris in forum BlackBerry Passport
    Replies: 16
    Last Post: 08-14-14, 02:24 PM
  3. Blackberry wont turn on, HELP!!! please
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 08-13-14, 01:34 PM
LINK TO POST COPIED TO CLIPBOARD