[CaptainSuperb]

20 million users is from the 1st quarter 2017 report so it's probably half that by now.

If you run a business purely for profit at the expense of your reputation then you will go down, and rightly so.

Even His High Holiness (PBUH) cannot escape the inevitable law of karma.

[Chuck Finley69]

20 million users is from the 1st quarter 2017 report so it's probably half that by now.

If you run a business purely for profit at the expense of your reputation then you will go down, and rightly so.

Even His High Holiness (PBUH) cannot escape the inevitable law of karma.

Andy Rubin, is that you? Don't worry, eventually, maybe, you'll get your groove back.......

[conite]

20 million users is from the 1st quarter 2017 report so it's probably half that by now.

If you run a business purely for profit at the expense of your reputation then you will go down, and rightly so.

Even His High Holiness (PBUH) cannot escape the inevitable law of karma.

My 1 to 1.5 million number is more likely correct in terms of active BB10 users of primary devices.

I would guess the same number of BBOS users are still out there.

Just pinging the NOC once a quarter shouldn't qualify.

[app_Developer]

So let's hope for some news from BB this week on this front.

If BB Android and BB10 are immune to these KRACK attacks, then BB should get some brand value from that by announcing this far and wide this week. This is why you should carry a BB phone and why you should work with BB for your car or IoT system, because BB is so careful in how it implements standards. If BB waits too long to announce this, then people will have forgotten about KRACK and/or it will have been patched on Android and iOS anyway.

On the other hand, if BB Android is vulnerable, but BB10 is not, then you issue a statement saying that and committing to Nov update for KEYOne, etc to address KRACK.

If BB10 is also vulnerable, then you either (1) don't mention it in that statement, or (2) make a different commitment to a patch for BB10, or (3) just declare BB10 as officially EOL now. I really hope they choose to patch it in November. Carriers might ignore the patch, but at least BB will have done the right thing.

[DreadPirateRegan]

My 1 to 1.5 million number is more likely correct in terms of active BB10 users of primary devices.

I would guess the same number of BBOS users are still out there.

Just pinging the NOC once a quarter shouldn't qualify.

What is this NOC you speak of how how does thee ping it as in thy wants to "ping the NOC" as well - many, many times over. Sounds Romantic...

 Passport SE  -Working wiDe in 2017+...

[EFats]

As I wrote, only BlackBerry knows, but I will try and guess.

27 months ago, BB10 users peeked at 10 million.

The average person keeps a smartphone for 22 months, so that instantly cuts the number to less than 5 million.

I would also argue that the bleed rate on BB10 would be much higher than the average because of the whole "deal platform" thing. I would cut that number in half again to under 2.5 million.

Now how many of these users actually USE the phone as a PRIMARY device? I would probably half the number again.

So, I would guess 1-1.5 million users left, down to 500,000 by next summer. I think I'm being quite generous.

Aah, yes, but it wasn't that long ago (too lazy to do the search, but well within the last 2 years) that the research showed the average BlackBerry user kept their phone closer to 36 months. This was during the period BB10 was already WELL in decline.
Also, last quarter Subscriber Access Fees for BlackBerry were quite significant. If I recall, in the $30million range, so estimate how many legacy users from that number...

[DreadPirateRegan]

How many, like me believed an update would come? I couldn't of been the only one to call as when we were awaiting the ART fix for two months, I called and they said they had only one other brief caller so it wasn't explained well. I explained in detail and a day and a half later, art fix was in BBW. I suggest if you like Dropbox beings blackberry makes it (I think?) call and ask.. Worth a shot! Stranger things have happened. Just today or yesterday rather..

It's just an api swap and back in Biz!.. Call, explain, Get!

#LongLiveBB10 and the Passports

 Passport SE  -Working wiDe in 2017+...

[Dunt Dunt Dunt]

How many, like me believed an update would come? I couldn't of been the only one to call as when we were awaiting the ART fix for two months, I called and they said they had only one other brief caller so it wasn't explained well. I explained in detail and a day and a half later, art fix was in BBW. I suggest if you like Dropbox beings blackberry makes it (I think?) call and ask.. Worth a shot! Stranger things have happened. Just today or yesterday rather..

It's just an api swap and back in Biz!.. Call, explain, Get!

#LongLiveBB10 and the Passports

 Passport SE  -Working wiDe in 2017+...

I agree... doesn't hurt to call, or post a tweet.

But then I've called with issues (rebooting back at launch) and been given the same line about them knowing nothing about it.... that's just what they do.

[scrannel]

Actually, there might be: if your router has a Tx (transmission) power setting, you could lower it (which requires a little trial and error) to make it more difficult for outsiders to detect your network and intercept those keys, but still cover your home.

Mine is set so that it covers the house, but you really can't connect if you're more than about 10 feet away outdoors.

My neighbours, of course, are broadcasting at 50,000 kW.

Sounds like my proximity is a blessing then -- you cannot detect my wifi from the street as I am middle of semi-nowhere.

[StephanieMaks]

It's been over a week now since the KRACK vulnerability was made public. If BlackBerry haven't said anything at all at this point, then my guess is BB10 is a) vulnerable, and b) not getting fixed.

If it weren't vulnerable, then they've had plenty of time to figure that out and put out a little press release or blog post, like they did for the recent Bluetooth vuln. If it were vulnerable but a patch was forthcoming, they've had ample opportunity to say so.

Ongoing silence to me simply says to me that it is vulnerable but they will not be fixing it. They will stay silent as long as they possibly can then declare the OS to be EOL. In my opinion.

[Invictus0]

It's been over a week now since the KRACK vulnerability was made public. If BlackBerry haven't said anything at all at this point, then my guess is BB10 is a) vulnerable, and b) not getting fixed.

If it weren't vulnerable, then they've had plenty of time to figure that out and put out a little press release or blog post, like they did for the recent Bluetooth vuln. If it were vulnerable but a patch was forthcoming, they've had ample opportunity to say so.

Ongoing silence to me simply says to me that it is vulnerable but they will not be fixing it. They will stay silent as long as they possibly can then declare the OS to be EOL. In my opinion.

BlackBerry hasn't commented on KRACK for any of their products yet (phones, QNX, etc).

https://ca.blackberry.com/enterprise...-response-team

[Dunt Dunt Dunt]

It's been over a week now since the KRACK vulnerability was made public. If BlackBerry haven't said anything at all at this point, then my guess is BB10 is a) vulnerable, and b) not getting fixed.

If it weren't vulnerable, then they've had plenty of time to figure that out and put out a little press release or blog post, like they did for the recent Bluetooth vuln. If it were vulnerable but a patch was forthcoming, they've had ample opportunity to say so.

Ongoing silence to me simply says to me that it is vulnerable but they will not be fixing it. They will stay silent as long as they possibly can then declare the OS to be EOL. In my opinion.

I agree... July to now is ample opportunity for them to have addressed this.

But BlackBerry is a company with no fat and little muscle.... Chen has trimmed the company down so much in order to cut spending and match revenues, that they will take longer to reacted than they have in the past.

They will release something... if only to address the Android devices. So until they make some statement, there is a chance that they are working on BB10.

I'd say the release of 10.3.3.3057 is a sign they are doing "something".... maybe they dusted off the update server in preparation of a KRACK patch?

[bb10adopter111]

I agree... July to now is ample opportunity for them to have addressed this.

But BlackBerry is a company with no fat and little muscle.... Chen has trimmed the company down so much in order to cut spending and match revenues, that they will take longer to reacted than they have in the past.

They will release something... if only to address the Android devices. So until they make some statement, there is a chance that they are working on BB10.

I'd say the release of 10.3.3.3057 is a sign they are doing "something".... maybe they dusted off the update server in preparation of a KRACK patch?

That's an interesting idea. It seems an odd coincidence that they would push out a patch that likely only affects a few users when there is a much larger vulnerability that affects all their users. At the least, it confirmed a sign of life.

Posted with my trusty Z10

[DreadPirateRegan]

That's an interesting idea. It seems an odd coincidence that they would push out a patch that likely only affects a few users when there is a much larger vulnerability that affects all their users. At the least, it confirmed a sign of life.

Posted with my trusty Z10

Exactly and we will take it! I knew it! I knew BB10 was worth keeping around for a rainy day. I hope! Haha...

 Passport SE  -Working wiDe in 2017+...

[Chuck Finley69]

It's been over a week now since the KRACK vulnerability was made public. If BlackBerry haven't said anything at all at this point, then my guess is BB10 is a) vulnerable, and b) not getting fixed.

If it weren't vulnerable, then they've had plenty of time to figure that out and put out a little press release or blog post, like they did for the recent Bluetooth vuln. If it were vulnerable but a patch was forthcoming, they've had ample opportunity to say so.

Ongoing silence to me simply says to me that it is vulnerable but they will not be fixing it. [They will stay silent.] In my opinion.

Fixed to show better accuracy. Statistically, the average consumer doesn't understand this vulnerability yet.

[bb10adopter111]

Fixed to show better accuracy. Statistically, the average consumer doesn't understand this vulnerability yet.

The average consumer never will, and likely doesn't care. But this is a very big deal for businesses in regulated industries, businesses and government agencies who are regularly targeted by criminals and nation state actors, and anyone in critical infrastructure or the defense supply chain. Combined, that is a very large % of the economy in the US, and this is a world-wide issue. The average consumer feels secure that no one will target their home WiFi, but even that's not true for officers of important organizations, who are specifically targeted on a continual basis.

[Chuck Finley69]

The average consumer never will, and likely doesn't care. But this is a very big deal for businesses in regulated industries, businesses and government agencies who are regularly targeted by criminals and nation state actors, and anyone in critical infrastructure or the defense supply chain. Combined, that is a very large % of the economy in the US, and this is a world-wide issue. The average consumer feels secure that no one will target their home WiFi, but even that's not true for officers of important organizations, who are specifically targeted on a continual basis.

You'd think. I'm regulated industry, SEC, DOL, FINRA, and FLDFS. At this point, none have put a single memorandum notice regarding clients or representatives.

[bb10adopter111]

You'd think. I'm regulated industry, SEC, DOL, FINRA, and FLDFS. At this point, none have put a single memorandum notice regarding clients or representatives.

I think a lot of IT and cybersecurity teams are trying to fly under the radar while they wait for and apply patches. This is one of those cases where a focus on defending the network (before patches are available) is less effective than simply locking down sensitive information through encryption and permissions. I know that a fair number of companies have simply shut down their WiFi where they feel they are exposed.

[Richard Buckley]

I think a lot of IT and cybersecurity teams are trying to fly under the radar while they wait for and apply patches. This is one of those cases where a focus on defending the network (before patches are available) is less effective than simply locking down sensitive information through encryption and permissions. I know that a fair number of companies have simply shut down their WiFi where they feel they are exposed.

Maybe this will be a wake-up call for better network design. Because it uses radio controlling access by modulating power is ineffective especially in the face of a determined attacker. The history of Bluetooth has shown that. All you need is a high gain antenna to increase the area of accessibility by 10 times. So a Wi-Fi access point that is only accessible to the building walls for phones and laptops could be accessible a block or more away for a well equipped hacker. How many IT security people would be happy extending their hard cable network to all the inside and outside areas within a half mile of their facilities regardless of what kind of protection they could put in place? But because it is Wi-Fi it is OK? Hopefully some lessons are being learned in regulated and high value industry, but I doubt it.

Edit:

And on top of this ROCA affects millions of security products sold over the last decade. And now we have DUHK to worry about.


LeapSTR100-2/10.3.3.2205

[Invictus0]

In other news, it was patched in Sailfish OS a few days ago but I don't think its rolled out yet. Will be interesting to see who comes in second for mobile deployment,

https://together.jolla.com/question/...post-id-170198

Looks like the update that had the KRACK patch for SailfishOS was released this week, just iOS, Android, and potentially BB10 left now.

https://together.jolla.com/question/...sony-xperia-x/

[thurask]

BlackBerry's response: https://support.blackberry.com/kb/ar...language=en_US

No mention of BB10; you'd think if it was magically immunized months before disclosure they'd note that.

[conite]

Looks like the update that had the KRACK patch for SailfishOS was released this week, just iOS, Android, and potentially BB10 left now.

https://together.jolla.com/question/...sony-xperia-x/

You're likely aware that BlackBerry Android started pushing the Krack patch two days ago with the latest Priv update AAQ280, and the imminent KEYᵒⁿᵉ AAQ302.

[Invictus0]

You're likely aware that BlackBerry Android started pushing the Krack patch two days ago with the latest Priv update AAQ280, and the imminent KEYᵒⁿᵉ AAQ302.

That's the October update, right? So BlackBerry patched it before Google did on Android it seems?

[conite]

That's the October update, right? So BlackBerry patched it before Google did on Android it seems?

Yes.

Google is waiting until the Nov 6 patch level. BlackBerry delayed Oct on the Priv to include it asap. This will be the second Oct patch for many KEYᵒⁿᵉs.

[Invictus0]

Yes.

Google is waiting until the Nov 6 patch level. BlackBerry delayed Oct on the Priv to include it asap. This will be the second Oct patch for many KEYᵒⁿᵉs.

If that's the case they should really advertise that, especially if it's a custom fix that they made themselves.