With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
- Sorry, yes you're right. In usa, data unlimited... but expensive. But I'm less worried about my phone than about the home setting. How will Krack affect the wifi on an Echo, for instance?
No data compression on passport, true, but I mostly use a 9900.
Signature: Still typing away on my Passport SE!
9900 with BBOS... why worry about vulnerabilities then.10-18-17 09:53 AMLike 0 - It's shameful how slow mobile devices are with critical updates like this. The whole distributed model of responsibility for security patching is a major vulnerability.
In Linux, Mac OS and Windows, most issues are patched before they're widely known. With this bug, any reasonably intelligent person can research it, put together a hacking toolkit, and successfully exploit it for weeks before it will be addressed for the vast majority of users.
Posted with my trusty Z10
Just checked my Alcatel Idol 4s w/W10 and Lumia 650DS and both were patched at the same time as my laptop, once again putting all the major mobile manufacturers to shame. What takes them so long?10-18-17 10:02 AMLike 0 - Agreed. Poor old Microsoft does get a bum-rap for these sorts of things but apparently they had this patched a couple of months ago. I did read why they didn't announce it, something about giving others the opportunity to use the patch themselves, or something. Didn't quite get their reasoning.
Just checked my Alcatel Idol 4s w/W10 and Lumia 650DS and both were patched at the same time as my laptop, once again putting all the major mobile manufacturers to shame. What takes them so long?
Here is the entirety of the patch for OpenBSD. It's not a ton of code, but there is a lot of work in making sure the device continues to work well with all the thousands of different routers and configurations in the world. Standards and security are one thing, but users get upset if their phones don't work at the coffeeshop. So regression testing is a big deal here, and takes time.
https://ftp.openbsd.org/pub/OpenBSD/...play.patch.sigA Noise Annoys likes this.10-18-17 10:18 AMLike 1 - There is always an embargo on announcing vulnerabilities like this so that all manufacturers have time to make their fixes. Otherwise bad guys get even more opportunity to exploit such things. Granted, they can do that now, but it would be even worse without the embargoes.
Yeah, Microsoft did a great job with this!
Here is the entirety of the patch for OpenBSD. It's not a ton of code, but there is a lot of work in making sure the device continues to work well with all the thousands of different routers and configurations in the world. Standards and security are one thing, but users get upset if their phones don't work at the coffeeshop. So regression testing is a big deal here, and takes time.
https://ftp.openbsd.org/pub/OpenBSD/...play.patch.sig10-18-17 10:43 AMLike 0 - Tech companies were made aware of KRACK back in July.
By the time the public was made aware of it, Microsoft had already patched Windows - including Windows 10 Mobile.
Apple's iOS patch is still in beta.
Google says an Android patch will be issued "in the coming weeks".
BlackBerry? Their Android patch is dependent on Google. This is a prime example of why transitioning to Android makes BlackBerry's claims of ultimate smartphone security and privacy a complete joke. And if they issue a patch for BB10, I will be extremely surprised. Don't expect anything for BBOS 7, either.
When I learned about KRACK, it became painfully obvious to me that it is unacceptable to be using a phone that doesn't get regular security updates. By regular, I mean every 2-3 months at the very least. Preferably once a month.
I've stopped using my Classic, which hasn't received an update in ages. I'm using my Moto E4, which was at least has a patch date of May 2017, until I can get a phone that is guaranteed to receive monthly patches.
Honestly, I'm very impressed with Microsoft right now. And Apple already having the patch in beta and having the ability to send out an update to all supported iOS devices without carrier interference makes it a strong second.
The vast majority of Android phones being used around the world will never receive the KRACK fix.evodevo69 likes this.10-18-17 10:49 AMLike 1 -
Today if I were going to use a smartphone on WiFi, and I didn't have access to the developer builds of iOS, I'd want to be running Windows.
When I learned about KRACK, it became painfully obvious to me that it is unacceptable to be using a phone that doesn't get regular security updates. By regular, I mean every 2-3 months at the very least. Preferably once a month.Dunt Dunt Dunt likes this.10-18-17 11:33 AMLike 1 - Google says an Android patch will be issued "in the coming weeks".
BlackBerry? [B]Their Android patch is dependent on Google. This is a prime example of why transitioning to Android makes BlackBerry's claims of ultimate smartphone security and privacy a complete joke.
I don't think this brings the device security to the level of "joke". Google takes this very seriously and its reputation depends on it too.
And patching is only one component of device security. BlackBerry has a good handle on the rest.10-18-17 11:48 AMLike 0 - Tech companies were made aware of KRACK back in July.
By the time the public was made aware of it, Microsoft had already patched Windows - including Windows 10 Mobile.
Apple's iOS patch is still in beta.
Google says an Android patch will be issued "in the coming weeks".
BlackBerry? [B]Their Android patch is dependent on Google. This is a prime example of why transitioning to Android makes BlackBerry's claims of ultimate smartphone security and privacy a complete joke.
The vast majority of Android phones being used around the world will never receive the KRACK fix.
BlackBerry had no choice but to go Android.. That doesn't mean it offers the best long term security solution for users or to their target market... Enterprise.
I think for Enterprise, Windows would have been a great solution... one they know. If they could have gotten more developer support and won over consumers. As I don't think any Enterprise only solution is going to be viable.10-18-17 11:56 AMLike 0 - Agreed. Poor old Microsoft does get a bum-rap for these sorts of things but apparently they had this patched a couple of months ago. I did read why they didn't announce it, something about giving others the opportunity to use the patch themselves, or something. Didn't quite get their reasoning.
Just checked my Alcatel Idol 4s w/W10 and Lumia 650DS and both were patched at the same time as my laptop, once again putting all the major mobile manufacturers to shame. What takes them so long?
Signature: Still typing away on my Passport SE!10-18-17 12:07 PMLike 0 -
When I say my Idol was updated the same time as my laptop, I mean it was updated with the same update release as my laptop.10-18-17 12:14 PMLike 0 - Google is responsible for patching AOSP, and the KNACK vulnerability is scheduled for the Nov patch level. BlackBerry works with all of the component vendors to complete the rest of the job.
I don't think this brings the device security to the level of "joke". Google takes this very seriously and its reputation depends on it too.
And patching is only one component of device security. BlackBerry has a good handle on the rest.
BlackBerry couldn't issue an ad-hoc update to their Android devices even if they wanted to. They don't have complete control over the OS like Microsoft and Apple do. They have ceded that power to Google and component vendors. Witness the result.
Ironically, they do still have complete control over BB10, but do you think they even have enough resources still devoted to it to develop, test, and release another major OS update, let alone a patch?
I really want to use a BlackBerry. I love their physical keyboards - always have, always will. For crying out loud, I started using a Classic a few weeks ago after using an iPhone for 6 months because I couldn't stay away from that keyboard and trackpad. But I've been slapped upside the head with reality (again) with this KRACK news. It made me realize that I really do care about security - of which regular and timely OS updates and patches are an integral part.
Yes, OS updates and patches are only one component of device security, but we should not - indeed, we must not compromise in ANY of those areas. That's like locking the front door of your home and leaving the window wide open.10-18-17 12:31 PMLike 0 - Apparently Google doesn't take this as seriously as Microsoft or Apple. They've all known about KRACK since July. Compared to how their competition has responded, Android security is, indeed, a joke. There are times - such as this - when waiting until the next monthly update isn't good enough. Microsoft and Apple have the ability to push ad-hoc updates whenever they want.
BlackBerry couldn't issue an ad-hoc update to their Android devices even if they wanted to. They don't have complete control over the OS like Microsoft and Apple do. They have ceded that power to Google and component vendors. Witness the result.
Ironically, they do still have complete control over BB10, but do you think they even have enough resources still devoted to it to develop, test, and release another major OS update, let alone a patch?
I really want to use a BlackBerry. I love their physical keyboards - always have, always will. For crying out loud, I started using a Classic a few weeks ago after using an iPhone for 6 months because I couldn't stay away from that keyboard and trackpad. But I've been slapped upside the head with reality (again) with this KRACK news. It made me realize that I really do care about security - of which regular and timely OS updates and patches are an integral part.
Yes, OS updates and patches are only one component of device security, but we should not - indeed, we must not compromise in ANY of those areas. That's like locking the front door of your home and leaving the window wide open.
I myself feel very secure with Pixel / BlackBerry Android and their rapid-enough patch release schedule.
I can mitigate minor bumps like this one by using mobile data or my paid VPN service.
You still can't patch stupid.10-18-17 12:35 PMLike 0 - If BlackBerry and TCL kept their partnership going.... for four of five years and a dozen devices, I doubt we'd see the kind of long term support that Apple currently offers. As it is too dependent on both Google and hardware suppliers - probable not good to use the low end stuff for long term support. Which is why they only offer two years of security patches. It very well might go longer, but it's kinda out of BlackBerry's hands.
BlackBerry had no choice but to go Android.. That doesn't mean it offers the best long term security solution for users or to their target market... Enterprise.
I think for Enterprise, Windows would have been a great solution... one they know. If they could have gotten more developer support and won over consumers. As I don't think any Enterprise only solution is going to be viable.
The demise of Windows Mobile is unfortunate. So many bad decisions and blunders by Microsoft. Very similar to BlackBerry and BB10. I had high hopes for Continuum on Windows 10 Mobile - for ages I have wanted a smartphone-like device that I can also dock with tablet, laptop, or desktop hardware to drive experiences on each platform.
I feel like a smartphone refugee. No place to call home.Dunt Dunt Dunt likes this.10-18-17 12:41 PMLike 1 -
I'm not thrilled with Apple, either, as their patch is still in beta. But at least it will come out sooner than Android's.
I fully admit the likelihood of the average smartphone user being compromised through KRACK is probably small (I hope). There have been no known instances of compromise through this vulnerability in the wild...at least, that we have been told.
But I keep going back to the fact that tech companies have known about KRACK since July, and that only one of them (Microsoft) seems to have taken it seriously enough to patch it before it was made public.
I mean, couldn't Google have included a patch in their October security update if they really wanted to? Surely they have the manpower and resources to make that happen - they're Google.
You still can't patch stupid.10-18-17 12:53 PMLike 0 -
-
- Has anyone yet confirmed that there is a KRACK vulnerability in BB10 yet? I can't find any reference to it but just to make sure I've switched my WiFi off and am running on carrier network only.10-18-17 01:04 PMLike 0
- You didn't miss it necessarily as Windows Phone has a tendency to update in the background while you're on, ironically, WiFi. When you first booted your device up it ran an update almost immediately, the patch was probably included in that. W10 devices that were already up and running got the patch a couple of months ago.
When I say my Idol was updated the same time as my laptop, I mean it was updated with the same update release as my laptop.
It's funny, but I used to think of microsoft as an evil empire and Apple as the innovator. How things change.
I have little interest in the droidberry phones, sadly. I pay attention but I am unlikely to ever buy one. I suspect that windows phone, what remains of it, is more secure than android phones on average.
Signature: Still typing away on my Passport SE!10-18-17 01:04 PMLike 0 -
The demise of Windows Mobile is unfortunate. So many bad decisions and blunders by Microsoft. Very similar to BlackBerry and BB10. I had high hopes for Continuum on Windows 10 Mobile - for ages I have wanted a smartphone-like device that I can also dock with tablet, laptop, or desktop hardware to drive experiences on each platform.
I feel like a smartphone refugee. No place to call home.
Signature: Still typing away on my Passport SE!anon(10321802) likes this.10-18-17 01:14 PMLike 1 -
Proable waiting until Google has release a fix. And hoping no one asks them about BBOS or BB10, as I doubt they want to addressee either of these defunct OS.10-18-17 01:36 PMLike 0 - Oh I see. In that case, I should feel confident using my idol with continuum then yes?
It's funny, but I used to think of microsoft as an evil empire and Apple as the innovator. How things change.
I have little interest in the droidberry phones, sadly. I pay attention but I am unlikely to ever buy one. I suspect that windows phone, what remains of it, is more secure than android phones on average.
Signature: Still typing away on my Passport SE!
Windows 10 Mobile (version 1703) mainstream support ends in June 201910-18-17 01:55 PMLike 0 -
A good example is BlueBorne which doesn't impact BB10 but does impact any Android device not running on at least the September 2017 patch,
BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products10-18-17 02:06 PMLike 0 - What version of BB10 is your Classic on? Depending on the version and the exploits you're worried about, your Classic might actually be more secure than a recently patched version of Android.
A good example is BlueBorne which doesn't impact BB10 but does impact any Android device not running on at least the September 2017 patch,
BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products
Some would argue that BB10 devices are not a high-visibility or enticing target, being an unpopular platform with such a small remaining userbase. But I'm not willing to take the risk anymore. Not with all the security breach craziness only getting crazier. I love the keyboard, but I don't love it enough to risk my personal data being compromised if I can help it.10-18-17 02:25 PMLike 0 - My Classic is running 10.3.3. But that's beside the point for me, really. If it isn't receiving regular (as in every 2-3 weeks at the very least) OS updates for bug fixes, security patches, etc. then it's really not as secure as it could be.
Some would argue that BB10 devices are not a high-visibility or enticing target, being an unpopular platform with such a small remaining userbase. But I'm not willing to take the risk anymore. Not with all the security breach craziness only getting crazier. I love the keyboard, but I don't love it enough to risk my personal data being compromised if I can help it.
Frequent patches are necessary for security. Do you remember where that came from? Mainly Microsoft who after claiming that XP was the most secure couldn't keep up with the vulnerabilities in the system without going to a regular patch schedule. Othes climbed on and now it is accepted without, it seems any critical thought. To keep it short we have traded good software development practice for feature and bug rich code with rapid patching that one previous poster aptly called the red queen's race. We have been swindled. I have been developing high security, mission critical, security software since 1985. I have never been involved in a rapid patching cycle because we have very few bugs and almost all of them are mitigated by the depth of the security and defensive nature of the code. My employer values correct, secure and durable over frivolous features.
I had a chance to review the Wi-Fi protocol documents, some of the patches and how some devices managed to stay invulnerable because they were not implemented according to the specifications. Anyone coding the software who had knowledge of how cryptography works, and why would you not have someone like that coding this software, would have known that the specifications would result in a loss of cryptographic protection. I can say quite confidently that I would not have coded it per the specifications, but very much like what the patched code is like. I can say that because an equally bad cryptographic specification came across my desk not long ago and I refused to code it as written.
I don't know what happened in the QNX Wi-Fi driver, we will have to see. But I wouldn't be surprised if it was written in a safe way rather than as specified. As we know both patched, broken per the spec and broken in novel ways are all interoperable.
Unlike you I am not concerned by infrequent patches in the absence of evidence of the requirement. What does concern me is a monthly patch cycle that never makes any progress. But as I said, only you can decide what is safe enough for you.
LeapSTR100-2/10.3.3.2205Invictus0 and aiharkness like this.10-18-17 04:10 PMLike 2 - My Classic is running 10.3.3. But that's beside the point for me, really. If it isn't receiving regular (as in every 2-3 weeks at the very least) OS updates for bug fixes, security patches, etc. then it's really not as secure as it could be.
Some would argue that BB10 devices are not a high-visibility or enticing target, being an unpopular platform with such a small remaining userbase. But I'm not willing to take the risk anymore. Not with all the security breach craziness only getting crazier. I love the keyboard, but I don't love it enough to risk my personal data being compromised if I can help it.
At this point your best bet for a secure platform that's actively supported is iOS.10-18-17 04:13 PMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
« replace battery on Passport?
|
Newbie with failing / non-working native BB10 apps - WhatsApp etc »
Similar Threads
-
How secure really is the Keyone finger sensor
By dorsetshaw in forum BlackBerry KEYoneReplies: 19Last Post: 10-27-17, 08:53 PM -
KRACK WPA2 Vulnerability on BB10
By EFats in forum BlackBerry 10 OSReplies: 8Last Post: 10-18-17, 01:38 PM -
how to stop auto download of mail attachment in hub
By madh263362 in forum BlackBerry Android OSReplies: 2Last Post: 10-17-17, 08:51 AM -
KEYone Keyboard scrolling issue with ads on articles
By Turborat in forum BlackBerry Android OSReplies: 0Last Post: 10-17-17, 07:56 AM -
Problem with finger sensor on may K1
By mikimike2 in forum BlackBerry Android OSReplies: 1Last Post: 10-17-17, 05:49 AM
LINK TO POST COPIED TO CLIPBOARD