Printable View
Hi all,
I rarely post on here, but I browse frequently. I have seen a lot of threads regarding KRACK. Just wondering if we have heard anything regarding BB10?
I'm not getting my hopes up, but I would love to use my Classic until I can afford a KeyONE without having to worry.
Thanks for your help!
Sent from my Classic
BB's knowledge base entry doesn't mention BB10: BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products
A user asked BlackBerry about it and they said they're still investigating. We're still waiting.
https://forums.crackberry.com/showth...1#post13063195
Thanks for the updates! Saved some time searching the forums.
Sent from my Classic
Even with an unpatched device, the attack surface is extremely small. Do you ever use public Wi-Fi? Office Wi-Fi? If so, then you regularly expose yourself to the same risk that KRACK might expose you to on a private network. In fact the risk from public networks is much, much higher than the risk of having your private network KRACKed.
Most software has for years been designed to be secure against this risk. Your sensitive info is encrypted in transit, because almost every software developer is now starting from the assumption that the network is probably insecure (and if they're not making this assumption, then they bloody well should be).
Point is, keep using your Classic. Make sure your connections are encrypted, they probably are.
What about apps? There's no easy way of knowing if an app is using SSL for every request. Some apps and websites also use secure connections but they don't enforce them, meaning the user (or a hacker) can switch to an unsecure connection without breaking compatibility.
This isn't an issue exclusive to BB10 either btw, it applies to all platforms.
Indeed. But if you have some app sending unencrypted data then you are already wide open to this attack on public Wi-Fi. All 'sensitive' data apps like banking etc will be using encryption.
Sure and I think people are generally cautioned from accessing sensitive data on public wifi (although people still do it of course). It's different if devices on your home or work network can be compromised in the same way.
I think it's interesting that people are always talking about protecting their personal data when it comes to security. Either people don't use their phones for work, don't care about the security of their employers' information, or don't think it's their job to protect their employer.
This is my primary issue with BYOD. It encourages people who don't need or likely require access to enterprise information assets connect their personal phones as enterprise endpoints, without taking responsibility for their behavior.
As an example, when the KRACK vulnerability was announced, several of my clients sent notices to their employees that they are no longer permitted to connect to their home secure WiFi networks with their BYOD phones or home tablets, PCS, etc. (They had previously been given guidance on how to use the VPN, set up secure (WPA2) WiFi, etc.)
Some employees complained that they wouldn't be able to stream Netflix or enjoy other non-work activities on their personal devices , and they were given the choice of no longer connecting to work resources remotely at all or risking termination for violation of security policies.
This is the inherent conflict with BYOD. Large companies can employ many controls to segregate work information from personal, but smaller companies with limited resources are left very vulnerable by this model in a way they wouldn't be with dedicated devices.
Posted with my trusty Z10