1. conite's Avatar
    If that's the case they should really advertise that, especially if it's a custom fix that they made themselves.
    It's not unexpected. They were the first with quadrooter too.
    10-28-17 08:29 PM
  2. Invictus0's Avatar
    It's not unexpected. They were the first with quadrooter too.
    Quadrooter was already patched by Google in the August 2016 update when it was announced whereas KRACK won't officially be patched until November 2017.

    It was also a different type of win as it was largely mitigated by BB Android's root protection regardless of patch level. In this case BB Android is vulnerable but they may have patched it themselves before anyone else?
    10-28-17 08:45 PM
  3. conite's Avatar
    Quadrooter was already patched by Google in the August 2016 update when it was announced whereas KRACK won't officially be patched until November 2017.

    It was also a different type of win as it was largely mitigated by BB Android's root protection regardless of patch level. In this case BB Android is vulnerable but they may have patched it themselves before anyone else?
    The patch is public code. It was just a matter of getting it integrated and out the door.
    10-28-17 08:48 PM
  4. bb10adopter111's Avatar
    BlackBerry's response: https://support.blackberry.com/kb/ar...language=en_US

    No mention of BB10; you'd think if it was magically immunized months before disclosure they'd note that.
    And just so you know they mean it...the certificate for https://support.blackberry.com is not recognized by the BlackBerry browser in BB10.

    I guess that's one way of formally announcing the end of support for the platform! ROFLMAO

    Posted with my trusty Z10
    StephanieMaks likes this.
    10-28-17 11:43 PM
  5. akavbb's Avatar
    And just so you know they mean it...the certificate for https://support.blackberry.com is not recognized by the BlackBerry browser in BB10.

    I guess that's one way of formally announcing the end of support for the platform! ROFLMAO

    Posted with my trusty Z10
    Pity......

    Nothing like my SE
    10-29-17 01:22 AM
  6. bobshine's Avatar
    And just so you know they mean it...the certificate for https://support.blackberry.com is not recognized by the BlackBerry browser in BB10.

    I guess that's one way of formally announcing the end of support for the platform! ROFLMAO

    Posted with my trusty Z10
    Oh lord!
    10-29-17 08:21 AM
  7. app_Developer's Avatar
    And just so you know they mean it...the certificate for https://support.blackberry.com is not recognized by the BlackBerry browser in BB10.

    I guess that's one way of formally announcing the end of support for the platform! ROFLMAO
    That’s awesome. It’s like creative ways of breaking up with your SO.

    But BB deserves credit for starting to roll out this fix before many others.
    DrBoomBotz likes this.
    10-29-17 08:30 AM
  8. DrBoomBotz's Avatar
    That’s awesome. It’s like creative ways of breaking up with your SO.

    But BB deserves credit for starting to roll out this fix before many others.
    Revoke the cert Bert.
    app_Developer likes this.
    10-29-17 09:38 AM
  9. conite's Avatar
    Revoke the cert Bert.
    Take a pass on the Krack, Jack.
    app_Developer likes this.
    10-29-17 10:12 AM
  10. anon(8063781)'s Avatar
    Take a pass on the Krack, Jack.
    No need to update mate, just set yourself free
    app_Developer likes this.
    10-29-17 10:53 AM
  11. Troy Tiscareno's Avatar
    BlackBerry has got 20 million users
    Is it still 2015?
    10-29-17 10:58 AM
  12. kvndoom's Avatar
    Is it still 2015?
    No, it will always be 2013 on the BB10 forum. 2015 is yet a brave new world...
    10-29-17 12:04 PM
  13. bb10adopter111's Avatar
    No need to update mate, just set yourself free
    Just jump on the 'Droid, Floyd...
    anon(8063781) likes this.
    10-29-17 01:26 PM
  14. Invictus0's Avatar
    Their October notice doesn't mention any of the KRACK CVE's ¯\_(ツ)_/¯

    BlackBerry powered by Android Security Bulletin – October 2017
    10-30-17 12:56 PM
  15. conite's Avatar
    Their October notice doesn't mention any of the KRACK CVE's ¯\_(ツ)_/¯

    BlackBerry powered by Android Security Bulletin – October 2017
    Because it wasn't part of the original Oct patch. It's a "second" Oct build.
    10-30-17 01:11 PM
  16. Invictus0's Avatar
    Because it wasn't part of the original Oct patch. It's a "second" Oct build.
    It was published the same day as the KRACK notice so I assume it's referring to the most recent patch.
    10-30-17 01:14 PM
  17. conite's Avatar
    It was published the same day as the KRACK notice so I assume it's referring to the most recent patch.
    Nope.

    KEYᵒⁿᵉ AAP638/AAP683, and DTEK50 AAP623 are Oct patch levels prior to Krack fix.

    Priv AAQ280 and above, and KEYᵒⁿᵉ AAQ264 and above are Oct patch levels that include Krack fix.
    Invictus0 likes this.
    10-30-17 01:15 PM
  18. markmall's Avatar
    Does this refute any lingering belief that the Canadian or other governments are using BB10 and that BlackBerry will accommodate them?

    Or is it still too early to tell since Android and ios aren't protected yet?

    Posted via CB10
    10-30-17 01:41 PM
  19. conite's Avatar
    Does this refute any lingering belief that the Canadian or other governments are using BB10 and that BlackBerry will accommodate them?

    Or is it still too early to tell since Android and ios aren't protected yet?

    Posted via CB10
    As per above, BlackBerry is currently pushing Krack patches to Priv and KEYᵒⁿᵉ.

    But as far as BB10 is concerned, I would say the jury is still out as to whether they will push another build.
    10-30-17 01:53 PM
  20. bb10adopter111's Avatar
    As per above, BlackBerry is currently pushing Krack patches to Priv and KEYᵒⁿᵉ.

    But as far as BB10 is concerned, I would say the jury is still out as to whether they will push another build.
    Assuming they still have the expertise in house, and assuming the fix is limited to a relatively simple change to the four-way handshake process to prevent unauthorized key reinstallation, BlackBerry should try to offer a fix, not because it's good business, but because it's a significant vulnerability that could be exploited with life and death consequences.

    If the scope of the fix is simply too large to justify the effort, BlackBerry should provide clear advice to the public that BB10 WiFi security is vulnerable to local man in the middle attacks.

    The fact that they haven't said anything yet is impossible to interpret. It might mean they are working on a fix. It might mean no fix is coming, or it could mean they haven't yet decided.

    Posted with my trusty Z10
    10-30-17 02:09 PM
  21. conite's Avatar
    Assuming they still have the expertise in house, and assuming the fix is limited to a relatively simple change to the four-way handshake process to prevent unauthorized key reinstallation, BlackBerry should try to offer a fix, not because it's good business, but because it's a significant vulnerability that could be exploited with life and death consequences.

    If the scope of the fix is simply too large to justify the effort, BlackBerry should provide clear advice to the public that BB10 WiFi security is vulnerable to local man in the middle attacks.



    Posted with my trusty Z10
    It is my understanding that it is a rather straightforward fix in the radio software.

    Doing the coding is the easy part. Testing, certification, and deployment is the expensive part.

    I just don't see tens of thousands of official statements from hundreds of companies providing warnings about every platform or device that WON'T get patched for Krack.
    elfabio80 likes this.
    10-30-17 02:15 PM
  22. markmall's Avatar
    It is my understanding that it is a rather straightforward fix in the radio software.

    Doing the coding is the easy part. Testing, certification, and deployment is the expensive part.

    I just don't see tens of thousands of official statements from hundreds of companies providing warnings about every platform or device that WON'T get patched for Krack.
    I know how business friendly we are to Chen's company but I wonder if there is legal exposure for not warning people if you're not going to fix a known vulnerability that can foreseeably least to attacks on personal bank accounts and other things.

    Posted via CB10
    10-30-17 02:47 PM
  23. conite's Avatar
    I know how business friendly we are to Chen's company but I wonder if there is legal exposure for not warning people if you're not going to fix a known vulnerability that can foreseeably least to attacks on personal bank accounts and other things.

    Posted via CB10
    It comes back to a previous discussion questioning how long a manufacturer is legally required to provide updates to its product.

    I don't believe any such legal framework exists - at least not in North America.

    Plus, it's been 2.5 years since the last BB10 device (Leap) was launched, and half a year since the last BB10 device was sold on ShopBlackBerry.
    10-30-17 02:52 PM
  24. Invictus0's Avatar
    Nope.

    KEYᵒⁿᵉ AAP638/AAP683, and DTEK50 AAP623 are Oct patch levels prior to Krack fix.

    Priv AAQ280 and above, and KEYᵒⁿᵉ AAQ264 and above are Oct patch levels that include Krack fix.
    Interesting, thanks!

    Does this refute any lingering belief that the Canadian or other governments are using BB10 and that BlackBerry will accommodate them?

    Or is it still too early to tell since Android and ios aren't protected yet?

    Posted via CB10
    There hasn't been any comment on QNX yet (which is more than just BB10) so I'd say the verdict is still out.
    10-30-17 03:03 PM
  25. vimagreg's Avatar
    It comes back to a previous discussion questioning how long a manufacturer is legally required to provide updates to its product.

    I don't believe any such legal framework exists - at least not in North America.

    Plus, it's been 2.5 years since the last BB10 device (Leap) was launched, and half a year since the last BB10 device was sold on ShopBlackBerry.
    THIS!!

    For the sake of God, guys, BB10 is dead, move on. Ok if you want to use a vintage system, I for myself love to use my old devices sometimes (webOS, Nokia N900, Palm Treo 680, BB Passport), but I don't try to ask companies to update it since I KNOW all of it is dead for market. Blackberry made a lot of statements making it very clear that their main focus is know on Android services, and that's it. Just move on or, if you want to continue using your 2+ years old device, just deal with your decision.
    10-30-17 04:46 PM
423 ... 910111213 ...

Similar Threads

  1. How secure really is the Keyone finger sensor
    By dorsetshaw in forum BlackBerry KEYone
    Replies: 19
    Last Post: 10-27-17, 08:53 PM
  2. KRACK WPA2 Vulnerability on BB10
    By EFats in forum BlackBerry 10 OS
    Replies: 8
    Last Post: 10-18-17, 01:38 PM
  3. how to stop auto download of mail attachment in hub
    By madh263362 in forum BlackBerry Android OS
    Replies: 2
    Last Post: 10-17-17, 08:51 AM
  4. KEYone Keyboard scrolling issue with ads on articles
    By Turborat in forum BlackBerry Android OS
    Replies: 0
    Last Post: 10-17-17, 07:56 AM
  5. Problem with finger sensor on may K1
    By mikimike2 in forum BlackBerry Android OS
    Replies: 1
    Last Post: 10-17-17, 05:49 AM
LINK TO POST COPIED TO CLIPBOARD