1. bb10adopter111's Avatar
    The recent revealed KRACK WiFi vulnerability is a huge deal, and demands a response from all vendors who support secure systems. If BlackBerry doesn't respond to this vulnerability with a timely patch for BB10 devices, that silence will represent the official end of all support for the OS.

    I don't expect a patch, and without WiFi, I will have to retire my BB10 devices from active use as soon as the Android patch goes live next month.

    Posted with my trusty Z10
    10-17-17 10:54 AM
  2. app_Developer's Avatar
    I think we will see a patch. It’s a huge reputational risk to a company that has built its entire identity around security.

    I can’t see BB being that foolish.

    This will finally be the 10.3.4 people have been waiting for! The KRACK release.
    10-17-17 11:09 AM
  3. Dunt Dunt Dunt's Avatar
    So 10.3.4 is finally coming!


    I suspect that 10.3 will soon join BlackBerry 10 OS versions 10.0, 10.1 and 10.2.0 that are already EOL (three years ago).
    10-17-17 11:12 AM
  4. Invictus0's Avatar
    I think we will see a patch. It’s a huge reputational risk to a company that has built its entire identity around security.

    I can’t see BB being that foolish.

    This will finally be the 10.3.4 people have been waiting for! The KRACK release.
    Agreed, their hands are tied on Android but they can at least react on BB10 if it's vulnerable.
    10-17-17 11:36 AM
  5. Dunt Dunt Dunt's Avatar
    Agreed, their hands are tied on Android but they can at least react on BB10 if it's vulnerable.
    It's vulnerable... this is about the Standard (WPA2) for Wi-Fi communications that everyone has been using and the data that is being transmitted.

    It's a MAJOR vulnerability to anyone using Wi-Fi.... BlackBerry will have to address it or as bb10adopter111 says it will be a clear sign that they aren't supporting BB10 anymore.
    10-17-17 11:58 AM
  6. Invictus0's Avatar
    It's vulnerable... this is about the Standard (WPA2) for Wi-Fi communications that everyone has been using and the data that is being transmitted.

    It's a MAJOR vulnerability to anyone using Wi-Fi.... BlackBerry will have to address it or as bb10adopter111 says it will be a clear sign that they aren't supporting BB10 anymore.
    True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).
    10-17-17 12:39 PM
  7. app_Developer's Avatar
    True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).
    It doesn’t matter if BB10 is vulnerable to the eavesdropping and tampering or just the eavesdropping alone. It still must be fixed in the next few weeks. No excuses.
    10-17-17 01:06 PM
  8. chillekasper's Avatar
    I also think it would be bad for the BlackBerry brand if they dont bring a patch

    Posted via CB10
    10-17-17 01:09 PM
  9. Stevebez's Avatar
    I'm not a programmer or anything of the sort, but I can't imagine it would take a huge amount of effort to write the patch. Now testing on the other hand I don't know.

    Posted via CB10
    10-17-17 01:24 PM
  10. bb10adopter111's Avatar
    True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).
    All unpatched WPA2 connections are 100% vulnerable to anyone who has the knowledge and desire to exploit them. The only reason Windows and Mac OS are "less vulnerable " is because the PC Web browsers are more likely to connect via the HTTPS protocol. But they are still EXTREMELY vulnerable unless a secure VPN is being used.

    Posted with my trusty Z10
    10-17-17 01:42 PM
  11. bb10adopter111's Avatar
    I also think it would be bad for the BlackBerry brand if they dont bring a patch

    Posted via CB10
    I wouldn't be surprised to see Microsoft issue an emergency patch for Windows XP. This is a very, very big vulnerability that can endanger critical infrastructure and even cost people their lives.

    Posted with my trusty Z10
    10-17-17 01:44 PM
  12. thurask's Avatar
    I wouldn't be surprised to see Microsoft issue an emergency patch for Windows XP. This is a very, very big vulnerability that can endanger critical infrastructure and even cost people their lives.

    Posted with my trusty Z10
    They did for WannaCry earlier in the year, although the XP legacy contingent is (unfortunately) too large to ignore.
    10-17-17 01:52 PM
  13. Nguyen1's Avatar
    So.... to be clear, if I use my passport strictly on data and shut down wifi, it is safe from Krack?

    Signature: Still typing away on my Passport SE!
    10-17-17 02:02 PM
  14. thurask's Avatar
    So.... to be clear, if I use my passport strictly on data and shut down wifi, it is safe from Krack?

    Signature: Still typing away on my Passport SE!
    Disabling WiFi seems to be the only way to be sure in lieu of a patch, yes.
    10-17-17 02:04 PM
  15. Invictus0's Avatar
    It doesn’t matter if BB10 is vulnerable to the eavesdropping and tampering or just the eavesdropping alone. It still must be fixed in the next few weeks. No excuses.
    Agreed and I didn't mean to imply otherwise. It's kind of crazy it's taking BlackBerry this long to comment considering one of their biggest competitors patched the vulnerability last week.
    10-17-17 04:50 PM
  16. bb10adopter111's Avatar
    Agreed and I didn't mean to imply otherwise. It's kind of crazy it's taking BlackBerry this long to comment considering one of their biggest competitors patched the vulnerability last week.
    Who do you mean that already patched it?


    Posted with my trusty Z10
    10-17-17 05:45 PM
  17. kike5885's Avatar
    I may be totally wrong, but would guess that a VPN upon connection would solve this with no patch and out of the box?

    Posted via CB10
    10-17-17 05:54 PM
  18. DreadPirateRegan's Avatar
    I think we will see a patch. It’s a huge reputational risk to a company that has built its entire identity around security.

    I can’t see BB being that foolish.

    This will finally be the 10.3.4 people have been waiting for! The KRACK release.
    Hot fix, I doubt it will be named 10.3.4 but get your point. Hah. I sure hope they respond to this if it's that big. Makes sense. It would still probably stand as EOL but with enough folks still using BB10 and as others said being a company based on security, they would indeed be "foolish" not to fix that even if it cost them some funds.. c

    Can we get a dark hub with that hot fix?

     Passport SE  -Working wiDe in 2017+...
    10-17-17 06:05 PM
  19. bb10adopter111's Avatar
    I may be totally wrong, but would guess that a VPN upon connection would solve this with no patch and out of the box?

    Posted via CB10
    Yes, a properly configured and reliable VPN should address most of the vulnerabilities except possibly a malware injection.

    Posted with my trusty Z10
    hazmaju likes this.
    10-17-17 06:17 PM
  20. Dr_BlackBerry's Avatar
    True but we don't know how vulnerable it is. So far it seems iOS and Windows are least vulnerable while Android and Linux are the most vulnerable (and Android won't see a fix for weeks).
    Linux already has patches available most notably Debian based which covers the majority of popular distributions and also Fedora

    http://www.zdnet.com/article/here-is...ble-right-now/

    https://fedoramagazine.org/protect-wifi-fedora-krack/



    Posted via CB10
    10-17-17 06:19 PM
  21. tickerguy's Avatar
    It's vulnerable... this is about the Standard (WPA2) for Wi-Fi communications that everyone has been using and the data that is being transmitted.

    It's a MAJOR vulnerability to anyone using Wi-Fi.... BlackBerry will have to address it or as bb10adopter111 says it will be a clear sign that they aren't supporting BB10 anymore.
    Actually you don't know that -- QNX is not Linux or FreeBSD, and might not have the common path that allows it to work on those devices...

    While it's not exactly likely BlackBerry found and silently fixed this on QNX it's also not impossible.

    You must therefore assume its vulnerable until told otherwise, but assuming and knowing are two different things.
    10-17-17 06:30 PM
  22. Carjackd's Avatar
    So 10.3.4 is finally coming!


    I suspect that 10.3 will soon join BlackBerry 10 OS versions 10.0, 10.1 and 10.2.0 that are already EOL (three years ago).
    Is there anyone left in Waterloo to patch it?
    cwalt2166 likes this.
    10-17-17 06:43 PM
  23. bb10adopter111's Avatar
    Actually you don't know that -- QNX is not Linux or FreeBSD, and might not have the common path that allows it to work on those devices...

    While it's not exactly likely BlackBerry found and silently fixed this on QNX it's also not impossible.

    You must therefore assume its vulnerable until told otherwise, but assuming and knowing are two different things.
    The underlying code doesn't matter. That's not what's vulnerable. It's the secure connection between the router and the endpoint that's vulnerable for any unpatched implementation of the WPA2 protocol.

    Posted with my trusty Z10
    10-17-17 06:44 PM
  24. Invictus0's Avatar
    Who do you mean that already patched it?


    Posted with my trusty Z10
    Microsoft, they compete with QNX in many areas (IoT, vehicles, etc).

    https://www.windowscentral.com/micro...-vulnerability
    10-17-17 07:27 PM
  25. Emaderton3's Avatar
    Is there anyone left in Waterloo to patch it?
    Exactly.

    Posted via CB10
    10-17-17 07:37 PM
401 123 ...

Similar Threads

  1. How secure really is the Keyone finger sensor
    By dorsetshaw in forum BlackBerry KEYone
    Replies: 19
    Last Post: 10-27-17, 09:53 PM
  2. KRACK WPA2 Vulnerability on BB10
    By EFats in forum BlackBerry 10 OS
    Replies: 8
    Last Post: 10-18-17, 02:38 PM
  3. how to stop auto download of mail attachment in hub
    By madh263362 in forum BlackBerry Android OS
    Replies: 2
    Last Post: 10-17-17, 09:51 AM
  4. KEYone Keyboard scrolling issue with ads on articles
    By Turborat in forum BlackBerry KEYone Support
    Replies: 0
    Last Post: 10-17-17, 08:56 AM
  5. Problem with finger sensor on may K1
    By mikimike2 in forum BlackBerry KEYone Support
    Replies: 1
    Last Post: 10-17-17, 06:49 AM
LINK TO POST COPIED TO CLIPBOARD