[thurask]

It is BCM43xx that is vulnerable, although the oldest chip tested by researchers is the BCM4339, which is only in some test platforms according to the previously linked thread. I'd have to look into the OS to check.

OK, now that I have an OS's guts to look at...

Z10: Texas Instruments WL1283 (STL100-1/2)/WL1273 (STL100-3/4)
Q10: Broadcom BCM4334
Q5: Broadcom BCM4334
Z30: Broadcom BCM4334
Z3: Qualcomm (whatever was in the old MSM8930 chip)
Leap: Broadcom BCM4334
Passport: Broadcom BCM4339
Classic: Broadcom BCM4334

Only the Passport's WiFi chip was recent enough to be tested, but since the (currently) final 10.3.3.2205 update was built December 12, 2016, that's well before Broadpwn was disclosed and patched on other platforms.

[app_Developer]

Just because we don't hear about them doesn't mean they don't happen. Take Stagefright for example,

https://www.androidheadlines.com/201...c-in-2017.html

You also don't need to root or jailbreak a device to be impacted, in some case that's what the exploits do (and that's one of the things BB Android tries to protect against). Most users probably won't be impacted by exploits but for some security is certainly a consideration when buying a new phone.

Well, stagefright is much easier to exploit at scale than KRACK.

But, KRACK is out there now and so it has to be fixed.

This coming week would a good time for BB to say something about this.

[Wmsi]

My memory is failing me... did BB patch the last major vulnerability?

BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products

[Rodrigo Lourenco]

I only desagree that people Who use bb10, use it as second phone...anything else is good information.thanks

☇ by Blackberry 

[bb10adopter111]

As I wrote, only BlackBerry knows, but I will try and guess.

27 months ago, BB10 users peeked at 10 million.

The average person keeps a smartphone for 22 months, so that instantly cuts the number to less than 5 million.

I would also argue that the bleed rate on BB10 would be much higher than the average because of the whole "deal platform" thing. I would cut that number in half again to under 2.5 million.

Now how many of these users actually USE the phone as a PRIMARY device? I would probably half the number again.

So, I would guess 1-1.5 million users left, down to 500,000 by next summer. I think I'm being quite generous.

Like you, in have no idea either, but I can't fault your logic. A range of 500K to 2M is what I would have estimated, with 80% confidence.

Posted with my trusty Z10

[DreadPirateRegan]

It is BCM43xx that is vulnerable, although the oldest chip tested by researchers is the BCM4339, which is only in some test platforms according to the previously linked thread. I'd have to look into the OS to check.

Thurask,
You are a wealth of knowledge and just thought I'd tell you that as everybody needs to hear something good (as well as random and true) once in awhile in this crazy and fast paced world. Totally random, just came back from my 26 year old cousins funeral today whom committed suicide and in 2013 my 25 y/o cuz did the deed so may be feeling a little bit like on the rag but.. Anyway, just figured I'd say that as strange as it sounds. Also, with that said man - I wish you weren't 500 steps ahead of me so I could follow and learn from you everytime.. #HeyJealousy

Carry on gentleman.. just passing thru again.

#KeepSmilingGuys

Now, I will try to translate this Chinese (to ME) in quotes above, to LEARN so I can maybe one day join a similar convo with actual useful participation. #GoingToSitInTheCornerNow

 Passport SE  -Working wiDe in 2017+...

[bobshine]

OK, now that I have an OS's guts to look at...

Z10: Texas Instruments WL1283 (STL100-1/2)/WL1273 (STL100-3/4)
Q10: Broadcom BCM4334
Q5: Broadcom BCM4334
Z30: Broadcom BCM4334
Z3: Qualcomm (whatever was in the old MSM8930 chip)
Leap: Broadcom BCM4334
Passport: Broadcom BCM4339
Classic: Broadcom BCM4334

Only the Passport's WiFi chip was recent enough to be tested, but since the (currently) final 10.3.3.2205 update was built December 12, 2016, that's well before Broadpwn was disclosed and patched on other platforms.

Wow that’s more than I thought... I only thought that the Passport used Broadcom and that the other BB10 used TI.

The thing is that we’ll never know if it’s vulnerable... which I think is the worse situation. At least if we knew, we can take the necessary measures and be more careful

[bb10adopter111]

Well, if I just parked myself in Starbucks for half a day, that could net me a lot of victims. Only the idiots would be driving down the block trying to pick off one home at a time. It wouldn't take a lot to make it worthwhile...just one unencrypted email (we all encrypt our emails, right? right?) with some particularly juicy information is all it takes. Maybe YOU are careful, but if your recipient is not and replies back....
With so many WiFi users around the world, the chance of any one user being picked off might be low, but do you really want to count on that as security?

The larger issue is that there are thousands of enterprises that are intentionally targeted continuously. There is no shortage of professionals, whether in criminal, corporate or government sponsored espionage teams that are happy to park a van wherever they need to to gain access to their targets.

One of my clients has informed their employees that they may not access any WiFi connections on their BYOD devices unless they first remove their enterprise data and get a sign off from IT.

Posted with my trusty Z10

[Invictus0]

OK, now that I have an OS's guts to look at...

Z10: Texas Instruments WL1283 (STL100-1/2)/WL1273 (STL100-3/4)
Q10: Broadcom BCM4334
Q5: Broadcom BCM4334
Z30: Broadcom BCM4334
Z3: Qualcomm (whatever was in the old MSM8930 chip)
Leap: Broadcom BCM4334
Passport: Broadcom BCM4339
Classic: Broadcom BCM4334

Only the Passport's WiFi chip was recent enough to be tested, but since the (currently) final 10.3.3.2205 update was built December 12, 2016, that's well before Broadpwn was disclosed and patched on other platforms.

If this site is to be believed, they might not be vulnerable on iOS?

MacStrategy | Article | List Of Apple Products Affected By Broadpwn

[eshropshire]

Thurask,
You are a wealth of knowledge and just thought I'd tell you that as everybody needs to hear something good (as well as random and true) once in awhile in this crazy and fast paced world. Totally random, just came back from my 26 year old cousins funeral today whom committed suicide and in 2013 my 25 y/o cuz did the deed so may be feeling a little bit like on the rag but.. Anyway, just figured I'd say that as strange as it sounds. Also, with that said man - I wish you weren't 500 steps ahead of me so I could follow and learn from you everytime.. #HeyJealousy

Carry on gentleman.. just passing thru again.

#KeepSmilingGuys

Now, I will try to translate this Chinese (to ME) in quotes above, to LEARN so I can maybe one day join a similar convo with actual useful participation. #GoingToSitInTheCornerNow

 Passport SE  -Working wiDe in 2017+...

Very sad to hear about your loss. Take care.

[app_Developer]

If this site is to be believed, they might not be vulnerable on iOS?

MacStrategy | Article | List Of Apple Products Affected By Broadpwn

It was vulnerable. They just fixed it in 10.3.3. And presumably in some version of 11.

[Richard Buckley]

Well, if I just parked myself in Starbucks for half a day, that could net me a lot of victims. Only the idiots would be driving down the block trying to pick off one home at a time. It wouldn't take a lot to make it worthwhile...just one unencrypted email (we all encrypt our emails, right? right?) with some particularly juicy information is all it takes. Maybe YOU are careful, but if your recipient is not and replies back....
With so many WiFi users around the world, the chance of any one user being picked off might be low, but do you really want to count on that as security?

Do any Starbucks even use WPA2? None of them I've ever been in did. Most free Wi-Fi hotspots are captive portals with no encryption. So you don't even need to use Krack on those networks.

LeapSTR100-2/10.3.3.2205

[Invictus0]

It was vulnerable. They just fixed it in 10.3.3. And presumably in some version of 11.

Those specific chips though? There doesn't seem to be anything concrete on the BCM4334.

[bb10adopter111]

Do any Starbucks even use WPA2? None of them I've ever been in did. Most free Wi-Fi hotspots are captive portals with no encryption. So you don't even need to use Krack on those networks.

LeapSTR100-2/10.3.3.2205

Correct. Most people seem rely confused about the threat here. The danger is that lots of supposedly secure work is done over WPA2, and unencrypted communications on THOSE connections are now vulnerable. The big problem is that your device thinks it's on a trusted, secure network when data could be breached or the entire network spoofed.

Posted with my trusty Z10

[app_Developer]

We’re taking Starbucks too literally. Think of a coworking space that uses WPA2 and a bad guy camping there trying to steal emails or credit cards.

The point is it would be very difficult to steal anything of value even from unpatched clients.

Not saying it shouldn’t be fixed, but this is not so easy to exploit in the real world

[Richard Buckley]

We’re taking Starbucks too literally. Think of a coworking space that uses WPA2 and a bad guy camping there trying to steal emails or credit cards.

The point is it would be very difficult to steal anything of value even from unpatched clients.

Not saying it shouldn’t be fixed, but this is not so easy to exploit in the real world

I don't think so. There is a lot of talk here and elsewhere that makes me believe that people think the Krack attack makes using open Wi-Fi hotspots like those at Starbucks, Tim Hortons and just about everywhere free Wi-Fi is offered more risky. The more we use Starbucks as an example for Krack the more we re-enforce that idea.

The fact is that free Wi-Fi that uses WPA2, like my optometrists' and doctors' are still more secure than any Starbucks even if someone is trying to use Krack. As mentioned by others, Krack is a threat to those using WPA2 and not using additional forms of encryption, homes and offices. And that any unpatched client represents a way in for hackers, that includes phones, laptops, tablets and IoT devices.

LeapSTR100-2/10.3.3.2205

[scrannel]

So... is there any setting within the router itself that can make exploitation more difficult?

[anon(8063781)]

So... is there any setting within the router itself that came make exploitation more difficult?

Actually, there might be: if your router has a Tx (transmission) power setting, you could lower it (which requires a little trial and error) to make it more difficult for outsiders to detect your network and intercept those keys, but still cover your home.

Mine is set so that it covers the house, but you really can't connect if you're more than about 10 feet away outdoors.

My neighbours, of course, are broadcasting at 50,000 kW.

[Troy Tiscareno]

So, I would guess 1-1.5 million users left, down to 500,000 by next summer. I think I'm being quite generous.

I agree - especially on the last part.

Even here on CB, the number of people migrating away from BB10 is considerable (many are moving to BB-Android).

[bb10adopter111]

I agree - especially on the last part.

Even here on CB, the number of people migrating away from BB10 is considerable (many are moving to BB-Android).

Whatever the actual number is, it's a fraction of a percent of the market. The only question, really, is whether BlackBerry feels a need to either provide a fix for BB10 or make any kind of statement.

I had kind if hoped that I could continue to use my BB10 phones for a few more years for the core MS Exchange functions via secure WiFi. So, I'll be disappointed, but not surprised, if BB's decision is that BB10 isn't relevant enough to patch, or even mention.

Posted with my trusty Z10

[Chuck Finley69]

Whatever the actual number is, it's a fraction of a percent of the market. The only question, really, is whether BlackBerry feels a need to either provide a fix for BB10 or make any kind of statement.

I had kind if hoped that I could continue to use my BB10 phones for a few more years for the core MS Exchange functions via secure WiFi. So, I'll be disappointed, but not surprised, if BB's decision is that BB10 isn't relevant enough to patch, or even mention.

Posted with my trusty Z10

BB10 is like Bruce Willis character in Die Hard. Just happens to be missed by the bad guys who don't initially know he's even there. Yippee Kiyea ____________ ______________. LOL

[CaptainSuperb]

BlackBerry has got 20 million users, many of which are on BBOS (7.1 or earlier) as well as OS 10 and the defunct Android models that BB made themselves.

We'll find out how well this 'software' company does by issuing a patch for ALL of the above actively used devices.

Or maybe Chen (PBUH) will just have to find another company to 'acquire' in order to do it for him. *snigger*

[Elephant_Canyon]

BlackBerry has got 20 million users,

[citation needed]

[Chuck Finley69]

BlackBerry has got 20 million users, many of which are on BBOS (7.1 or earlier) as well as OS 10 and the defunct Android models that BB made themselves.

We'll find out how well this 'software' company does by issuing a patch for ALL of the above actively used devices.

Or maybe Chen (PBUH) will just have to find another company to 'acquire' in order to do it for him. *snigger*

Seems like acquisitions have done well for him and the BOD.... You mad bro?

[thurask]

Seems like acquisitions have done well for him and the BOD.... You mad bro?

The usual idea of "what's best for BlackBerry" is "what's best for me" in a shoddy disguise. I'm sure the shareholders are more than willing to bend to the whims of some random guy who insists legacy devices are just pining for the fjords.