With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
- This thread is getting old---I think it's safe to say BB is not going to address the problem, OP. Big surprise! /sStephanieMaks likes this.11-06-17 01:23 PMLike 1
-
Since we can be sure it's not a top line priority for them, and would I would think the back and forth between engineers and business managers could easily take a few weeks, or even a couple of months before a decision would be finalized. I'm still a little intrigued by the fact that they just pushed an unexpected patch out a couple of weeks ago.
But, while we might not agree on exactly what the cutoff point is, we agree that the chance of a fix declines as time passes from this point forward.
Posted with my trusty Z1011-06-17 03:09 PMLike 0 - I still think that's a very possible outcome, but I am inured to wait until the end of November before feeling "safe" to say anything. If we assume (for argument's sake) that BlackBerry would be willing to fix it if it was feasible and wouldn't break the bank, then they still would need to complete both a technical assessment and a project management/financial assessment of the fix.
Since we can be sure it's not a top line priority for them, and would I would think the back and forth between engineers and business managers could easily take a few weeks, or even a couple of months before a decision would be finalized. I'm still a little intrigued by the fact that they just pushed an unexpected patch out a couple of weeks ago.
But, while we might not agree on exactly what the cutoff point is, we agree that the chance of a fix declines as time passes from this point forward.
Posted with my trusty Z10SoundChaser007 likes this.11-06-17 03:14 PMLike 1 -
- Perhaps but QNX is still used for more than just cars (embedded systems, medical devices, etc) and it's BlackBerry's flagship OS, these delays don't reflect well IMO.11-06-17 03:38 PMLike 0
-
Posted with my trusty Z1011-06-17 03:54 PMLike 0 -
-
-
2. None of those devices you named are likely WiFi clients - many probably aren't networked at all - so most are probably unaffected anyway.
So, not fixing something that isn't a problem for those devices is hardly going to "reflect poorly" on BB.11-06-17 09:49 PMLike 0 - 1. BB10 is not QNX (it uses QNX as its foundation, but 90% of the code is specific to BB10).
2. None of those devices you named are likely WiFi clients - many probably aren't networked at all - so most are probably unaffected anyway.
So, not fixing something that isn't a problem for those devices is hardly going to "reflect poorly" on BB.
2. We don't know the use case for every QNX device or industry and realistically it shouldn't matter. BlackBerry as an OS provider would simply have to report or patch the flaw and make it available to QNX users who would decide on integration and deployment themselves.
Medical devices certainly do use WiFi and BlackBerry demonstrated hacking one over it a few years ago.
https://www.healthmgttech.com/fatal-...ckberry-summit
Edit: http://blackberry.qnx.com/en/solutio.../medical/index11-06-17 11:06 PMLike 0 -
LeapSTR100-2/10.3.3.220511-07-17 03:45 AMLike 0 - I still believe if they had decided to fix it they'd have said something by now.
The ongoing silence wrt BB10 to me means either they have yet to even make a decision, or they've decided to do nothing and say nothing and let BB10 'support' run out the clock before quietly adding it to the list of EOL products.
Likewise if BB10 wasn't vulnerable in the first place, they'd have mentioned that somewhere by now. It doesn't cost much to make a blog post or send a tweet.
As to why the last update was released after such a long delay, at this point I believe BB10 is so low on their list of priorities they flat out forgot. Like, someone turned on the BB10 machine to look into the KRACK thing and discovered 'Oh yeah, there's an update waiting. Send.' <jk>johnny_bravo72 likes this.11-07-17 06:33 AMLike 1 -
- why would "the security company" need to be notified by another entity....LOL krackberry. buffoons.
Posted via CBX11-07-17 07:45 AMLike 0 -
"KRACK (Key Reinstallation Attack) is a severe replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017"11-07-17 07:49 AMLike 0 - I still believe if they had decided to fix it they'd have said something by now.
The ongoing silence wrt BB10 to me means either they have yet to even make a decision, or they've decided to do nothing and say nothing and let BB10 'support' run out the clock before quietly adding it to the list of EOL products.
Likewise if BB10 wasn't vulnerable in the first place, they'd have mentioned that somewhere by now. It doesn't cost much to make a blog post or send a tweet.
As to why the last update was released after such a long delay, at this point I believe BB10 is so low on their list of priorities they flat out forgot. Like, someone turned on the BB10 machine to look into the KRACK thing and discovered 'Oh yeah, there's an update waiting. Send.'
If there still is anyone left who feels some responsibility for the security of BB10, which I think is likely, that person/small team may be advocating internally for a fix. If the scope of the work is easily digestible within the existing operating budget, they might get a green light, but the work might progress slowly with no announcement unless the fix was absolutely confirmed to be done.
My experience working in large companies is that people generally want to do the best they can for customers within their constraints, so that solutions with a small scope that can be implemented by existing teams with existing resources can get approved if the teams advocate for it.
The essential question is whether there is still any kind of BB10 team left at BlackBerry with the skills to develop and deploy a relatively small fix for the vulnerable WPA2 components. If there is, it's not like there are any other items on the to do list! But if there aren't, I don't see it happening.
Posted with my trusty Z10StephanieMaks likes this.11-07-17 07:52 AMLike 1 - And what's interesting is QNX was notified in August when almost all other vendors were,
https://www.kb.cert.org/vuls/id/CHEU-AQNN3H11-07-17 10:07 AMLike 0 - Disagree with this statement in that many medical devices are indeed connected both wirelessly and wired, and I might add, very unsecure. It wasn't that long ago that BB had a demo on wireless vital sign monitors that were easily hacked along with infusion pumps.11-07-17 10:33 AMLike 0
-
It's amazing to me how many people blithely install IoT items in their lives and business with an irrational assumption that they are safe, when in fact they are vulnerable and largely unregulated and untested.
For example, anyone with an IoT speaker in their bedroom should realize that it would in most cases be relatively easy to record anything that happens there!
Posted with my trusty Z1011-07-17 11:01 AMLike 0 -
It's amazing to me how many people blithely install IoT items in their lives and business with an irrational assumption that they are safe, when in fact they are vulnerable and largely unregulated and untested.
For example, anyone with an IoT speaker in their bedroom should realize that it would in most cases be relatively easy to record anything that happens there!
Posted with my trusty Z1011-07-17 11:11 AMLike 0 - If it's an interactive speaker, it already has a microphone and protocols for analog to digital conversion and sending sound over the network. All that remains is to redirect that data somewhere else.
Sure, they are "secured" by the manufacturers, but that's not a guarantee that they don't have unidentified vulnerabilities or, in the case of KRACK, known ones.
Posted with my trusty Z10StephanieMaks likes this.11-07-17 01:02 PMLike 1 - If it's an interactive speaker, it already has a microphone and protocols for analog to digital conversion and sending sound over the network. All that remains is to redirect that data somewhere else.
Sure, they are "secured" by the manufacturers, but that's not a guarantee that they don't have unidentified vulnerabilities or, in the case of KRACK, known ones.
Posted with my trusty Z1011-07-17 02:22 PMLike 0 -
1) The effort required to use an exploit
2) The value of the information (or the impact of a loss of control of its confidentiality, integrity or availability)
3) The motivations and capabilities of the actors involved.
Posted with my trusty Z1011-07-17 03:42 PMLike 0 -
LeapSTR100-2/10.3.3.220511-07-17 03:48 PMLike 0 -
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
« replace battery on Passport?
|
Newbie with failing / non-working native BB10 apps - WhatsApp etc »
Similar Threads
-
How secure really is the Keyone finger sensor
By dorsetshaw in forum BlackBerry KEYoneReplies: 19Last Post: 10-27-17, 08:53 PM -
KRACK WPA2 Vulnerability on BB10
By EFats in forum BlackBerry 10 OSReplies: 8Last Post: 10-18-17, 01:38 PM -
how to stop auto download of mail attachment in hub
By madh263362 in forum BlackBerry Android OSReplies: 2Last Post: 10-17-17, 08:51 AM -
KEYone Keyboard scrolling issue with ads on articles
By Turborat in forum BlackBerry Android OSReplies: 0Last Post: 10-17-17, 07:56 AM -
Problem with finger sensor on may K1
By mikimike2 in forum BlackBerry Android OSReplies: 1Last Post: 10-17-17, 05:49 AM
LINK TO POST COPIED TO CLIPBOARD