[bb10adopter111]

The recent revealed KRACK WiFi vulnerability is a huge deal, and demands a response from all vendors who support secure systems. If BlackBerry doesn't respond to this vulnerability with a timely patch for BB10 devices, that silence will represent the official end of all support for the OS.

I don't expect a patch, and without WiFi, I will have to retire my BB10 devices from active use as soon as the Android patch goes live next month.

Posted with my trusty Z10

[app_Developer]

I think we will see a patch. It’s a huge reputational risk to a company that has built its entire identity around security.

I can’t see BB being that foolish.

This will finally be the 10.3.4 people have been waiting for! The KRACK release.

[Dunt Dunt Dunt]

So 10.3.4 is finally coming!


I suspect that 10.3 will soon join BlackBerry 10 OS versions 10.0, 10.1 and 10.2.0 that are already EOL (three years ago).

[Invictus0]

I think we will see a patch. It’s a huge reputational risk to a company that has built its entire identity around security.

I can’t see BB being that foolish.

This will finally be the 10.3.4 people have been waiting for! The KRACK release.

Agreed, their hands are tied on Android but they can at least react on BB10 if it's vulnerable.

[Dunt Dunt Dunt]

Agreed, their hands are tied on Android but they can at least react on BB10 if it's vulnerable.

It's vulnerable... this is about the Standard (WPA2) for Wi-Fi communications that everyone has been using and the data that is being transmitted.

It's a MAJOR vulnerability to anyone using Wi-Fi.... BlackBerry will have to address it or as bb10adopter111 says it will be a clear sign that they aren't supporting BB10 anymore.

[Invictus0]

It's vulnerable... this is about the Standard (WPA2) for Wi-Fi communications that everyone has been using and the data that is being transmitted.

It's a MAJOR vulnerability to anyone using Wi-Fi.... BlackBerry will have to address it or as bb10adopter111 says it will be a clear sign that they aren't supporting BB10 anymore.

True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).

[app_Developer]

True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).

It doesn’t matter if BB10 is vulnerable to the eavesdropping and tampering or just the eavesdropping alone. It still must be fixed in the next few weeks. No excuses.

[chillekasper]

I also think it would be bad for the BlackBerry brand if they dont bring a patch

Posted via CB10

[Stevebez]

I'm not a programmer or anything of the sort, but I can't imagine it would take a huge amount of effort to write the patch. Now testing on the other hand I don't know.

Posted via CB10

[bb10adopter111]

True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).

All unpatched WPA2 connections are 100% vulnerable to anyone who has the knowledge and desire to exploit them. The only reason Windows and Mac OS are "less vulnerable " is because the PC Web browsers are more likely to connect via the HTTPS protocol. But they are still EXTREMELY vulnerable unless a secure VPN is being used.

Posted with my trusty Z10

[bb10adopter111]

I also think it would be bad for the BlackBerry brand if they dont bring a patch

Posted via CB10

I wouldn't be surprised to see Microsoft issue an emergency patch for Windows XP. This is a very, very big vulnerability that can endanger critical infrastructure and even cost people their lives.

Posted with my trusty Z10

[thurask]

I wouldn't be surprised to see Microsoft issue an emergency patch for Windows XP. This is a very, very big vulnerability that can endanger critical infrastructure and even cost people their lives.

Posted with my trusty Z10

They did for WannaCry earlier in the year, although the XP legacy contingent is (unfortunately) too large to ignore.

[Nguyen1]

So.... to be clear, if I use my passport strictly on data and shut down wifi, it is safe from Krack?

Signature: Still typing away on my Passport SE!

[thurask]

So.... to be clear, if I use my passport strictly on data and shut down wifi, it is safe from Krack?

Signature: Still typing away on my Passport SE!

Disabling WiFi seems to be the only way to be sure in lieu of a patch, yes.

[Invictus0]

It doesn’t matter if BB10 is vulnerable to the eavesdropping and tampering or just the eavesdropping alone. It still must be fixed in the next few weeks. No excuses.

Agreed and I didn't mean to imply otherwise. It's kind of crazy it's taking BlackBerry this long to comment considering one of their biggest competitors patched the vulnerability last week.

[bb10adopter111]

Agreed and I didn't mean to imply otherwise. It's kind of crazy it's taking BlackBerry this long to comment considering one of their biggest competitors patched the vulnerability last week.

Who do you mean that already patched it?


Posted with my trusty Z10

[kike5885]

I may be totally wrong, but would guess that a VPN upon connection would solve this with no patch and out of the box?

Posted via CB10

[DreadPirateRegan]

I think we will see a patch. It’s a huge reputational risk to a company that has built its entire identity around security.

I can’t see BB being that foolish.

This will finally be the 10.3.4 people have been waiting for! The KRACK release.

Hot fix, I doubt it will be named 10.3.4 but get your point. Hah. I sure hope they respond to this if it's that big. Makes sense. It would still probably stand as EOL but with enough folks still using BB10 and as others said being a company based on security, they would indeed be "foolish" not to fix that even if it cost them some funds.. c

Can we get a dark hub with that hot fix?

 Passport SE  -Working wiDe in 2017+...

[bb10adopter111]

I may be totally wrong, but would guess that a VPN upon connection would solve this with no patch and out of the box?

Posted via CB10

Yes, a properly configured and reliable VPN should address most of the vulnerabilities except possibly a malware injection.

Posted with my trusty Z10

[Dr_BlackBerry]

True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).

Linux already has patches available most notably Debian based which covers the majority of popular distributions and also Fedora

http://www.zdnet.com/article/here-is...ble-right-now/

https://fedoramagazine.org/protect-wifi-fedora-krack/



Posted via CB10

[tickerguy]

It's vulnerable... this is about the Standard (WPA2) for Wi-Fi communications that everyone has been using and the data that is being transmitted.

It's a MAJOR vulnerability to anyone using Wi-Fi.... BlackBerry will have to address it or as bb10adopter111 says it will be a clear sign that they aren't supporting BB10 anymore.

Actually you don't know that -- QNX is not Linux or FreeBSD, and might not have the common path that allows it to work on those devices...

While it's not exactly likely BlackBerry found and silently fixed this on QNX it's also not impossible.

You must therefore assume its vulnerable until told otherwise, but assuming and knowing are two different things.

[Carjackd]

So 10.3.4 is finally coming!


I suspect that 10.3 will soon join BlackBerry 10 OS versions 10.0, 10.1 and 10.2.0 that are already EOL (three years ago).

Is there anyone left in Waterloo to patch it?

[bb10adopter111]

Actually you don't know that -- QNX is not Linux or FreeBSD, and might not have the common path that allows it to work on those devices...

While it's not exactly likely BlackBerry found and silently fixed this on QNX it's also not impossible.

You must therefore assume its vulnerable until told otherwise, but assuming and knowing are two different things.

The underlying code doesn't matter. That's not what's vulnerable. It's the secure connection between the router and the endpoint that's vulnerable for any unpatched implementation of the WPA2 protocol.

Posted with my trusty Z10

[Invictus0]

Who do you mean that already patched it?


Posted with my trusty Z10

Microsoft, they compete with QNX in many areas (IoT, vehicles, etc).

https://www.windowscentral.com/micro...-vulnerability

[Emaderton3]

Is there anyone left in Waterloo to patch it?

Exactly.

Posted via CB10