1. lischultz's Avatar
    Hi all,

    I rarely post on here, but I browse frequently. I have seen a lot of threads regarding KRACK. Just wondering if we have heard anything regarding BB10?

    I'm not getting my hopes up, but I would love to use my Classic until I can afford a KeyONE without having to worry.

    Thanks for your help!

    Sent from my  Classic
    11-13-17 08:49 PM
  2. thurask's Avatar
    11-13-17 08:53 PM
  3. Invictus0's Avatar
    A user asked BlackBerry about it and they said they're still investigating. We're still waiting.

    https://forums.crackberry.com/showth...1#post13063195
    11-13-17 09:08 PM
  4. lischultz's Avatar
    Thanks for the updates! Saved some time searching the forums.

    Sent from my  Classic
    11-13-17 09:27 PM
  5. LSDBerry's Avatar
    Even with an unpatched device, the attack surface is extremely small. Do you ever use public Wi-Fi? Office Wi-Fi? If so, then you regularly expose yourself to the same risk that KRACK might expose you to on a private network. In fact the risk from public networks is much, much higher than the risk of having your private network KRACKed.

    Most software has for years been designed to be secure against this risk. Your sensitive info is encrypted in transit, because almost every software developer is now starting from the assumption that the network is probably insecure (and if they're not making this assumption, then they bloody well should be).

    Point is, keep using your Classic. Make sure your connections are encrypted, they probably are.
    app_Developer and rayporsche like this.
    11-14-17 04:33 AM
  6. Invictus0's Avatar
    Even with an unpatched device, the attack surface is extremely small. Do you ever use public Wi-Fi? Office Wi-Fi? If so, then you regularly expose yourself to the same risk that KRACK might expose you to on a private network. In fact the risk from public networks is much, much higher than the risk of having your private network KRACKed.

    Most software has for years been designed to be secure against this risk. Your sensitive info is encrypted in transit, because almost every software developer is now starting from the assumption that the network is probably insecure (and if they're not making this assumption, then they bloody well should be).

    Point is, keep using your Classic. Make sure your connections are encrypted, they probably are.
    What about apps? There's no easy way of knowing if an app is using SSL for every request. Some apps and websites also use secure connections but they don't enforce them, meaning the user (or a hacker) can switch to an unsecure connection without breaking compatibility.

    This isn't an issue exclusive to BB10 either btw, it applies to all platforms.
    11-14-17 10:08 AM
  7. LSDBerry's Avatar
    What about apps? There's no easy way of knowing if an app is using SSL for every request. Some apps and websites also use secure connections but they don't enforce them, meaning the user (or a hacker) can switch to an unsecure connection without breaking compatibility.

    This isn't an issue exclusive to BB10 either btw, it applies to all platforms.
    Indeed. But if you have some app sending unencrypted data then you are already wide open to this attack on public Wi-Fi. All 'sensitive' data apps like banking etc will be using encryption.
    11-14-17 12:25 PM
  8. Invictus0's Avatar
    Indeed. But if you have some app sending unencrypted data then you are already wide open to this attack on public Wi-Fi. All 'sensitive' data apps like banking etc will be using encryption.
    Sure and I think people are generally cautioned from accessing sensitive data on public wifi (although people still do it of course). It's different if devices on your home or work network can be compromised in the same way.
    11-14-17 12:43 PM
  9. bb10adopter111's Avatar
    I think it's interesting that people are always talking about protecting their personal data when it comes to security. Either people don't use their phones for work, don't care about the security of their employers' information, or don't think it's their job to protect their employer.

    This is my primary issue with BYOD. It encourages people who don't need or likely require access to enterprise information assets connect their personal phones as enterprise endpoints, without taking responsibility for their behavior.

    As an example, when the KRACK vulnerability was announced, several of my clients sent notices to their employees that they are no longer permitted to connect to their home secure WiFi networks with their BYOD phones or home tablets, PCS, etc. (They had previously been given guidance on how to use the VPN, set up secure (WPA2) WiFi, etc.)

    Some employees complained that they wouldn't be able to stream Netflix or enjoy other non-work activities on their personal devices , and they were given the choice of no longer connecting to work resources remotely at all or risking termination for violation of security policies.

    This is the inherent conflict with BYOD. Large companies can employ many controls to segregate work information from personal, but smaller companies with limited resources are left very vulnerable by this model in a way they wouldn't be with dedicated devices.

    Posted with my trusty Z10
    11-14-17 01:21 PM

Similar Threads

  1. With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
    By bb10adopter111 in forum BlackBerry 10 OS
    Replies: 422
    Last Post: 04-08-18, 06:42 AM
  2. BlackBerry highlights the impact of KRACK vulnerability on BlackBerry products
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 10-30-17, 03:10 PM
  3. Is BBM affected by KRACK over WiFi?
    By jevinzac in forum General BBM Chat
    Replies: 1
    Last Post: 10-19-17, 08:22 PM
  4. KRACK WPA2 Vulnerability on BB10
    By EFats in forum BlackBerry 10 OS
    Replies: 8
    Last Post: 10-18-17, 01:38 PM
  5. Oct update for KRACK?
    By Nels in forum BlackBerry Mobile Support
    Replies: 1
    Last Post: 10-18-17, 10:14 AM
LINK TO POST COPIED TO CLIPBOARD