1. saptarshikar's Avatar
    Here is what I tweeted to blackberry tech support @blackberryhelp
    "Is my blackberry classic running on BBOS 10.3.3.2031 safe from
    1. KRACK ‎
    2. Blueborne‎
    3. Stagefright
    4. Dirtycow
    5. Spectre
    Vulnerabilities.
    If not can I expect updates in coming days since these are pretty serious and catastrophic issues that users are needed to be protected from."
    Last edited by saptarshikar; 02-18-18 at 04:34 AM.
    02-18-18 04:23 AM
  2. saptarshikar's Avatar
    And here is what they replied,
    "@SaptarshiKar200 Thanks for reaching out. BlackBerry 10 devices utilize processors based on the ARM architecture. ARM architectures perform speculative execution in a more limited fashion than other modern architecture, reducing any potential impact. Due to processor architecture and OS design, this would be difficult to exploit in practice. ^NP"

    Please can somebody make me understand what are they trying to say since I am not much of a tech geek but a medical student?
    Also please comment if there is any workaround or escape plan to avoid any of these if I still want to keep using my blackberry classic? Thank you in advance.‎
    02-18-18 04:31 AM
  3. Richard Buckley's Avatar
    Two things first, they only answered about Spectre; and I wonder why you didn't ask about Meltdown.

    The answer is quite clear at the depth they answered at. I suspect that, if that doesn't satisfy you, what you are looking for would require that you become an expert in modern CPU design.

    What specifically do you not understand about their answer?
    02-18-18 07:21 AM
  4. saptarshikar's Avatar
    Well what I don't understand the fact that what is ARM and how is it effective against these vulnerabilities. Also does that feature reallly make a big deal saving our arses against these threats.
    Also is there really any escapeplans for these threats (except ditching my classic)

    Posted from my BlackBerry Classic (SQC100-1) 10.3.3.2031
    02-18-18 07:40 AM
  5. Richard Buckley's Avatar
    Well what I don't understand the fact that what is ARM and how is it effective against these vulnerabilities. Also does that feature reallly make a big deal saving our arses against these threats.
    Also is there really any escapeplans for these threats (except ditching my classic)

    Posted from my BlackBerry Classic (SQC100-1) 10.3.3.2031
    A little use of your favourite search engine will answer some of these questions. For example ARM is the type of processor used in most mobile devices, and all BB10 devices. https://en.m.wikipedia.org/wiki/ARM_architecture as opposed to an Intel processor.

    As they said, ARM processors implement speculative execution differently. Some, such as the version used in the Raspberry Pi don't do it at all. On top of that there are features of the software running on the processor that can reduce or eliminate the effectiveness of the techniques used to exploit the various kinds of speculative execution. Some of the difference stems from the fact that ARM is a Reduced Instruction Set Computer (RISC) and Intel is a Complex Instruction Set Computer (CISC). Others because BB10 is built on QNX which is a micro-kernel design; Windows, iOS, Android, Linux Mac OS are all monolithic kernel designs.

    LeapSTR100-2/10.3.3.2205
    02-18-18 10:09 AM
  6. Invictus0's Avatar
    BlueBorne didn't impact BB10,

    BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products

    Stagefright is still an on going issue on Android so no device is really "safe" from it but the initial Stagefright vulnerability was difficult to exploit on BB10 before it was patched. I don't think we know if newer Stagefright vulnerabilities also impact the BB10 runtime.

    If updates are an expectation you might want to look at a different platform.
    02-18-18 10:33 AM
  7. Dunt Dunt Dunt's Avatar
    If not can I expect updates
    No... you should not expect any updates for phones that have been out of production for over two years.


    I expect the vulnerability to some of these is very little and would require a targeted attack. If you worked for a big company or major government, this might be an issue... if they hadn't already started phasing BB10 out. But an average user... very little to be worried about. If you are, buy a new modern phone that does get updates.
    02-19-18 07:09 AM
  8. LSDBerry's Avatar
    Are you sure the horse is dead? Perhaps if we try a bigger whip!

    Posted via CB10
    02-19-18 12:25 PM
  9. anon(2313227)'s Avatar
    or steel-toed boots.
    02-19-18 02:45 PM
  10. Leyra B10's Avatar
    No... you should not expect any updates for phones that have been out of production for over two years.


    I expect the vulnerability to some of these is very little and would require a targeted attack. If you worked for a big company or major government, this might be an issue... if they hadn't already started phasing BB10 out. But an average user... very little to be worried about. If you are, buy a new modern phone that does get updates.
    Yea it would take a pretty complex and specific attack, and like you said organizations should have phased out BB10 by now. If a ceo is still using them I feel you..but wake up!

    Posted via CB10
    02-19-18 06:56 PM
  11. eshropshire's Avatar
    Personally I would have not connect any device that is ot patched for KRACK to a WiFi network.
    02-19-18 07:35 PM
  12. Dunt Dunt Dunt's Avatar
    Personally I would have not connect any device that is ot patched for KRACK to a WiFi network.
    There are ways to counter KRACK... but yeah at this point you need to be very vigilant in keeping aware of all the work arounds to stay secure.
    02-20-18 07:59 AM
  13. bb10adopter111's Avatar
    Personally I would have not connect any device that is ot patched for KRACK to a WiFi network.
    This might be overkill, but it is 100% effective against KRACK.

    Also, KRACK cannot compromise an unsecured WiFi connection. So, you are no more vulnerable to public WiFi than you always were. No need to change your policies for public WiFi.

    Posted with my trusty Z10
    02-20-18 08:20 AM
  14. eshropshire's Avatar
    This might be overkill, but it is 100% effective against KRACK.

    Also, KRACK cannot compromise an unsecured WiFi connection. So, you are no more vulnerable to public WiFi than you always were. No need to change your policies for public WiFi.

    Posted with my trusty Z10
    True for KRACK issues, but I generally stay off public WiFi. If I use a WiFi network the network is a private network, home, work etc.. For those networks KRACK is an issue.
    02-20-18 08:56 AM
  15. bb10adopter111's Avatar
    True for KRACK issues, but I generally stay off public WiFi. If I use a WiFi network the network is a private network, home, work etc.. For those networks KRACK is an issue.
    Right. Whether to use public WiFi is a different policy decision unrelated to the KRACK vulnerability.

    I no longer connect to client networks via secure WiFi with my BB10 devices, in case they are subject to a KRACK-related threat; however, I still use my secure WiFi at home, as I have zero reason to suspect that anyone would go to the trouble of targeting me personally.

    Posted with my trusty Z10
    02-20-18 09:03 AM

Similar Threads

  1. Replies: 25
    Last Post: 03-03-18, 12:35 PM
  2. yahoo mail stopped working in Hub
    By slebdog in forum BlackBerry HUB+ Suite
    Replies: 8
    Last Post: 02-20-18, 11:46 AM
  3. With Software release, 10.3.2.2836 .
    By DagaduKojo in forum Android Apps (Amazon Store & APK Files)
    Replies: 9
    Last Post: 02-19-18, 10:01 AM
  4. yahoo email misery in hub
    By RLeeSimon in forum BlackBerry KEYone
    Replies: 4
    Last Post: 02-17-18, 01:39 PM
  5. copying text from an email in HUB
    By nimra in forum BlackBerry KEYone
    Replies: 6
    Last Post: 02-17-18, 10:25 AM
LINK TO POST COPIED TO CLIPBOARD