[DreadPirateRegan]

And then, I guess there's the issue if you use your phone as a mobile hotspot.

In that case, your phone is the router.

Damn and I was just about to setup my Q10 as a sort of "kodi" but with Mobdro and Showbox always plugged in to the TV. Although I guess snot much to exploit(??) if that's all was using it for, a QNX entertainment center. I'd use a droid as a remote. Somehow!..

 Passport SE  -Working wiDe in 2017+...

[app_Developer]

And then, I guess there's the issue if you use your phone as a mobile hotspot.

In that case, your phone is the router.

There shouldn’t be an issue there. In that case, the upstream is your cell connection, not WiFi. So it doesn’t matter if the hotspot is patched or not.

What matters is if the device(s) you connect to the hotspot is/are properly patched.

[G_Unit MVP]

i don't think they need the carriers to push a patch. They can put the installer in BB world for anyone to download, same way they did with ART back then.

[conite]

i don't think they need the carriers to push a patch. They can put the installer in BB world for anyone to download, same way they did with ART back then.

It requires an OS-level fix - not an app update.

[G_Unit MVP]

yes, and ART isn't a OS level fix?

[conite]

yes, and ART isn't a OS level fix?

No. It's two .bar files.

[bobshine]

Just keep an eye on this page,

https://ca.blackberry.com/enterprise...-response-team



It's not even close to EOL according to BlackBerry's own definition,

https://ca.blackberry.com/support/bu...le/terminology

Some people still think BB10 is not EOL yet?????!!!!!!

[Invictus0]

Some people still think BB10 is not EOL yet?????!!!!!!

Did you read the link?

[DreadPirateRegan]

Did you read the link?

I did, I did but it's like a definition versus an answer?
What's the verdict guys? LoL..

 Passport SE  -Working wiDe in 2017+...

[Invictus0]

I did, I did but it's like a definition versus an answer?
What's the verdict guys? LoL..

 Passport SE  -Working wiDe in 2017+...

BlackBerry isn't defining BB 10.3.x as End of Support or End of Life yet so if it's vulnerable to KRACK it's possible we could see a patch. They still haven't posted an advisory for any of their products so we don't have confirmation just yet on what's vulnerable and what BlackBerry will do about it.

[darby77]

In general, having a patched router does not make up for the vulnerability (if it exists) in the phone.

So for example, the current version of iOS is vulnerable, and putting your iPhone on a patched router doesn't fix it or make it any better. You have to do the Apple update whenever it becomes available.

Thanks. So let's hope my neighbours are friendly people.

Posted via  Z10

[A Noise Annoys]

I'm not trusting BlackBerry to fix anything at this juncture and am taking precautions myself simply by switching WiFi off. I'm lucky that I have unlimited data and I don't have to link to WiFi enabled devices like an office printer so I understand this may not be practical for some, but for BlackBerry to sit there and essentially ignore this issue, at least from a public viewpoint, is ridiculous.

Posted via CB10

[conite]

I'm not trusting BlackBerry to fix anything at this juncture and am taking precautions myself simply by switching WiFi off. I'm lucky that I have unlimited data and I don't have to link to WiFi enabled devices like an office printer so I understand this may not be practical for some, but for BlackBerry to sit there and essentially ignore this issue, at least from a public viewpoint, is ridiculous.

Posted via CB10

I think a lot of people would be shocked to know just how few people there are still using the platform. BlackBerry knows.

[A Noise Annoys]

I think a lot of people would be shocked to know just how few people there are still using the platform. BlackBerry knows.

I do appreciate that, but I would think that vast amount of users of those few people would be enterprise, precisely the customer BlackBerry should be protecting against this hack.

Posted via CB10

[Chuck Finley69]

I do appreciate that, but I would think that vast amount of users of those few people would be enterprise, precisely the customer BlackBerry should be protecting against this hack.

Posted via CB10

That was the point... BB knows how many are left of Enterprise and Total users and will decide with the data they have, next steps. One thing JC is good at is getting revenue from users instead of giving it away free.....

[anon(10321802)]

I'm not trusting BlackBerry to fix anything at this juncture and am taking precautions myself simply by switching WiFi off. I'm lucky that I have unlimited data and I don't have to link to WiFi enabled devices like an office printer so I understand this may not be practical for some, but for BlackBerry to sit there and essentially ignore this issue, at least from a public viewpoint, is ridiculous.

Posted via CB10

Yeah, for them not to just come clean with an EOL date when the platform is de facto EOL already is ridiculous.

If a patch is necessary and they actually issue one, I'd be very surprised.

There's also the possibility that BB10 isn't affected in the first place, but that would assume their developers were smart enough to implement the WAP2 encryption standards contrary to the faulty specifications. I'm not holding my breath, there.

Still, I've decided to keep using my Classic until they announce something either way, because my only other alternative is to use a Moto E4 with a security level of May 2017, so I know it definitely IS vulnerable.

 BlackBerry | CLASSIC

[Dunt Dunt Dunt]

I do appreciate that, but I would think that vast amount of users of those few people would be enterprise, precisely the customer BlackBerry should be protecting against this hack.

Posted via CB10

I don't know.... Many CrackBerry users refused to heed Chen's announcements back in 2015 about ending development, but I'm not sure Enterprise did. And at this point even if a company had a few BB10 devices still being used, they would be older devices that probable would not be a big deal to replace. One of the last announced "wins" for BB10 was the US Senate... and they have already well into the process of moving on.

I would "think" that they will push this patch out, but it will probable prompt them to go ahead add BB10.3 to the older BB10 versions as an EOL product.

[bb10adopter111]

It's also worth mentioning that BlackBerry may have told their enterprise customers to simply disable WiFi on their BB10 phones. I have simply deleted all of my "secure" WiFi connections from all of my phones so they can't connect automatically until I can apply patches.

Posted with my trusty Z10

[tollfeeder]

If anyone is interested - there are ways to mitigate the situation with unpatched clients. LEDE, an alternative open source firmware for a wide range of routers, utilises an AP-side workaround for instance https://lede-project.org/docs/user-g...ack_workaround

Posted via CB10

[bb10adopter111]

If anyone is interested - there are ways to mitigate the situation with unpatched clients. LEDE, an alternative open source firmware for a wide range of routers, utilises an AP-side workaround for instance https://lede-project.org/docs/user-g...ack_workaround

Posted via CB10

Interesting for individuals and hobbyists, but I can just imagine the laughter if I suggested that my corporate clients start installing unsupported firmware on their routers.

Posted with my trusty Z10

[tollfeeder]

Interesting for individuals and hobbyists, but I can just imagine the laughter if I suggested that my corporate clients start installing unsupported firmware on their routers.

Posted with my trusty Z10

Well, you just need to find some professional to offer support then. By the way, commercial solutions might pick up the patch as well, since they did in the past and are often based on Linux anyway.

Posted via CB10

[Invictus0]

I think a lot of people would be shocked to know just how few people there are still using the platform. BlackBerry knows.

It's not just BB10 though, they haven't posted an advisory for any of their products yet (BB Android, QNX, etc).

I don't know.... Many CrackBerry users refused to heed Chen's announcements back in 2015 about ending development, but I'm not sure Enterprise did. And at this point even if a company had a few BB10 devices still being used, they would be older devices that probable would not be a big deal to replace. One of the last announced "wins" for BB10 was the US Senate... and they have already well into the process of moving on.

Manchester Police bought Leaps last year, I'm sure even governments that have announced migration plans to iOS or Android are still using BB10 devices as it's usually not the fastest process.

[DreadPirateRegan]

I think a lot of people would be shocked to know just how few people there are still using the platform. BlackBerry knows.

Morning guys and gals, Conite,
I will ask you since you usually have thee answers bro.

In laymen terms for some of us: How could this exploit effect us hypothetically on a BB10 device if vulnerable and, well, being exploited? What can, would they typically do with this as I already know wed have to be on a WPA2 WiFi which is prett,standard everywhere as far as I know as WAS the basic but most secure, I'm on it right now? My home/personal what could happen. I am not running no damn proxy.

I think this will help allot of us decide and/or understand.. thanks @conite

Dread

 Passport SE  -Working wiDe in 2017+...

[Dunt Dunt Dunt]

It's not just BB10 though, they haven't posted an advisory for any of their products yet (BB Android, QNX, etc).



Manchester Police bought Leaps last year, I'm sure even governments that have announced migration plans to iOS or Android are still using BB10 devices as it's usually not the fastest process.

Taught that was back in 2015 right after the LEAP was released..... Any group the deployed BB10 in 2016, after BlackBerry basically ended development and told 3rd party developers that - bet that IT guy is looking for a new job.

But yes I'm sure there are a number of BB10 devices out there, and a number of IT Administrators trying to check all the boxes on their hardware vulnerabilities to CRACK.... and wondering when BlackBerry will let them know the status of their products. I'm just thinking that if it really came down to not patching BB10, it wouldn't be a big of an uproar as some here might think.

[DreadPirateRegan]

It's not just BB10 though, they haven't posted an advisory for any of their products yet (BB Android, QNX, etc).



Manchester Police bought Leaps last year, I'm sure even governments that have announced migration plans to iOS or Android are still using BB10 devices as it's usually not the fastest process.

Seems to me it's in their best interest to leave the gateway even a little open for BB10 is to patch it. Only Choice! If not even better as then people can say BB10 had an update even though just a (Hot Fix) in 2017? If there is even a 2% chance they may want to come back to it for whatever reason, release the patch imo.. yes, will cost money but.. I'm sure they will find the cheapest way to do it. They can call it hot fix version 625. :x

Come on BlackBerry, make up for the Past, this seems Big and if look at it the other way as in would get people to migrate to android faster, the issue with that is - allot of options besides just BlackDroid.

 Passport SE  -Working wiDe in 2017+...