[anon(10321802)]

I know US military DISA personnel were still using BB10 and even BBOS in very limited secured devices as of few months ago. Don't know about new device requests.

As of last week, Boeing was still using BB10 devices, at least in limited fashion. I was at a large conference last week and struck up a nice conversation with a chap from Boeing when I noticed his AT&T Passport on a table next to his laptop. He said he hated it, though, and was glad they'd be moving to Androids on Knox soon.

 BlackBerry | CLASSIC

[Chuck Finley69]

As of last week, Boeing was still using BB10 devices, at least in limited fashion. I was at a large conference last week and struck up a nice conversation with a chap from Boeing when I noticed his AT&T Passport on a table next to his laptop. He said he hated it, though, and was glad they'd be moving to Androids on Knox soon.

 BlackBerry | CLASSIC

Same exact comment from person I know about their issued Z30. They're ready for Android replacement with Knox but doesn't care which brand. Just over BB lack of ecosystem.

[carlos 1]

But the Blackberry, has already said that the blackberry 10 had is failure in the Wi-Fi ??

Posted via CB10 for may blackberry® passport ™

[conite]

But the Blackberry, has already said that the blackberry 10 had is failure in the Wi-Fi ??

Posted via CB10 for may blackberry passport

Yes, all devices that use wpa2 encryption are affected.

The question is, will BlackBerry do anything about it with regards to BB10.

[Dunt Dunt Dunt]

As of last week, Boeing was still using BB10 devices, at least in limited fashion. I was at a large conference last week and struck up a nice conversation with a chap from Boeing when I noticed his AT&T Passport on a table next to his laptop. He said he hated it, though, and was glad they'd be moving to Androids on Knox soon.

 BlackBerry | CLASSIC

Guess Boeing never pushed out their own Android BlackPhone they were developing.... It was being designed to work with BES12.

[carlos 1]

And the blackberry doesn't think resolve this problem ???

Posted via CB10 for may blackberry® passport ™

[DreadPirateRegan]

I think I understand where you're coming from. In a perfect world, software would be written in such a way that it doesn't require constant security patching and bug fixing.

But what reason do we have to believe that BB10 doesn't require it? Their software is closed-source, so all we have to go on is whatever they tell us...or don't tell us. I think BlackBerry's dearth of updates for BB10 has more to do with the fact that it's a deprecated OS that is no longer being actively developed or supported, not because it's any more "hardened" or impervious to emerging security threats than any other mobile OS.

When it comes to security, until we hear otherwise from BlackBerry/QNX, the safest assumption is that BB10 is vulnerable, is it not?

I certainly don't have the programming expertise or experience you do, but I'm not willing to stake my digital safety on a guess or a hunch that WiFi encryption protocols were implemented contrary to widely-used specifications. Your hunch may be right, but that's all it is - a hunch.

I really hope BlackBerry/QNX does confirm that they implemented the WiFi standard securely - contrary to the prevailing specifications. If they do, my faith in their pre-Android phones will have been restored, somewhat.

Edited to add: this is all moot, however, as I am currently using a Moto E4 with a patch level of May 2017, so I know for a fact this phone is vulnerable, whereas BB10 is still a big question mark. Maybe a big question mark would be preferable right now.

Can't a grey hat run the hack against BB10 to check or is it much deeper then just taking the time to try to run this hack against your own BB10 device and share the results. ..of course then we would have to trust the source but.. I wonder how many of us wrote to Blackberry. I am going to call even though it probably won't get me far it's worth the shot.

 Passport SE  -Working wiDe in 2017+...

[conite]

And the blackberry doesn't think resolve this problem ???

Posted via CB10 for may blackberry passport

That's the problem regarding an effectively EOL platform.

[Invictus0]

Just keep an eye on this page,

https://ca.blackberry.com/enterprise...-response-team

That's the problem regarding an effectively EOL platform.

It's not even close to EOL according to BlackBerry's own definition,

https://ca.blackberry.com/support/bu...le/terminology

[conite]

Just keep an eye on this page,

https://ca.blackberry.com/enterprise...-response-team



It's not even close to EOL according to BlackBerry's own definition,

https://ca.blackberry.com/support/bu...le/terminology

Semantics. It is "effectively" EOL. No updates in a year, no patches, no new devices in 2.5 years, deprecated ecosystem, etc, etc, etc.

I'd be happy to poke around a new BB10 build, but I'm not overly optimistic.

[bb10adopter111]

Semantics. It is "effectively" EOL. No updates in a year, no patches, no new devices in 2.5 years, deprecated ecosystem, etc, etc, etc.

All true, but given the fact that BlackBerry 10 still is certified as secure for use by defense, government and critical infrastructure enterprises, I think some official response/guidance would be appropriate, even if it's only to not connect via secure WiFi!

Posted with my trusty Z10

[Chuck Finley69]

All true, but given the fact that BlackBerry 10 still is certified as secure for use by defense, government and critical infrastructure enterprises, I think some official response/guidance would be appropriate, even if it's only to not connect via secure WiFi!

Posted with my trusty Z10

I think BB at this point is operating under simple legal theory of closed mouth gathers no foot and speaks no evidence for liability proof either

[bb10adopter111]

I think BB at this point is operating under simple legal theory of closed mouth gathers no foot and speaks no evidence for liability proof either

True. It's also possible that they are communicating directly with clients who are in the sensitive groups I mentioned. I've turned off my WiFi radio for the time being on all my devices, in any case.

Posted with my trusty Z10

[Invictus0]

Semantics. It is "effectively" EOL. No updates in a year, no patches, no new devices in 2.5 years, deprecated ecosystem, etc, etc, etc.

I'd be happy to poke around a new BB10 build, but I'm not overly optimistic.

It's still misleading, especially in response to someone asking if the vulnerability will be patched. By BlackBerry's own definition and what we know of BB10's client base it's reasonable to assume that BB10 will be patched if it's impacted by KRACK. If it's vulnerable and they don't patch it their reputation and trust would certainly be impacted.

[conite]

It's still misleading, especially in response to someone asking if the vulnerability will be patched. By BlackBerry's own definition and what we know of BB10's client base it's reasonable to assume that BB10 will be patched if it's impacted by KRACK. If it's vulnerable and they don't patch it their reputation and trust would certainly be impacted.

The fix itself is quick and simple. Deploying it would be hard.

The vast minority of BB10 devices were factory unlocked - and they would be the ones to get it.

The carriers won't be interested.

[Invictus0]

The fix itself is quick and simple. Deploying it would be hard.

The vast minority of BB10 devices were factory unlocked - and they would be the ones to get it.

The carriers won't be interested.

Agreed, carriers will be an issue and there's certainly not a lot BlackBerry can do about that.

In other news, it was patched in Sailfish OS a few days ago but I don't think its rolled out yet. Will be interesting to see who comes in second for mobile deployment,

https://together.jolla.com/question/...post-id-170198

[bb10adopter111]

Also worth noting, it makes sense for BlackBerry to stay quiet until there is a fix. Advertising vulnerabilities invites people to exploit them. BB10's security through obscurity applies here.

Of course, BlackBerry's silence isn't an indication that a fix is coming. If we don't hear anything by the time Apple and Android patches have been made available, I'd take that as a sign nothing is coming.

Posted with my trusty Z10

[darby77]

If my router has been patched, do I still have a problem as BB 10 user?

Posted via  Z10

[bb10adopter111]

...

[app_Developer]

If my router has been patched, do I still have a problem as BB 10 user?

In general, having a patched router does not make up for the vulnerability (if it exists) in the phone.

So for example, the current version of iOS is vulnerable, and putting your iPhone on a patched router doesn't fix it or make it any better. You have to do the Apple update whenever it becomes available.

[conite]

In general, having a patched router does not make up for the vulnerability (if it exists) in the phone.

So for example, the current version of iOS is vulnerable, and putting your iPhone on a patched router doesn't fix it or make it any better. You have to do the Apple update whenever it becomes available.

What about a patched phone on an unpatched router? Most people can control the former, but are powerless about the latter.

[app_Developer]

What about a patched phone on an unpatched router? Most people can control the former, but are powerless about the latter.

yeah, so the problem is if the router is then itself connected wirelessly via WPA2 to some upstream router. Then you have the potential for KRACK attacks against the router (because then the router is also a client). Even if every phone and computer on the network were patched, it wouldn't matter.

The premise of these attacks is that someone is impersonating the router that you think you're talking to. So there is some rogue router that you don't control and your phone is actually connected to the bad guys router. In the KRACK study they did this by setting up a rogue router on a parallel channel and spoofing the mac address of the router you were expecting. So the router itself is not hacked, and this is part of the reason why the real keys (master or session) are not compromised.

[conite]

yeah, so the problem is if the router is then itself connected wirelessly via WPA2 to some upstream router. Then you have the potential for KRACK attacks against the router (because then the router is also a client). Even if every phone and computer on the network were patched, it wouldn't matter.

The premise of these attacks is that someone is impersonating the router that you think you're talking to. So there is some rogue router that you don't control and your phone is actually connected to the bad guys router. In the KRACK study they did this by setting up a rogue router on a parallel channel and spoofing the mac address of the router you were expecting. So the router itself is not hacked, and this is why the real keys (master or session) are not compromised.

Got it. Thx.

[joeldf]

And then, I guess there's the issue if you use your phone as a mobile hotspot.

In that case, your phone is the router.

[DreadPirateRegan]

Also worth noting, it makes sense for BlackBerry to stay quiet until there is a fix. Advertising vulnerabilities invites people to exploit them. BB10's security through obscurity applies here.

Of course, BlackBerry's silence isn't an indication that a fix is coming. If we don't hear anything by the time Apple and Android patches have been made available, I'd take that as a sign nothing is coming.

Posted with my trusty Z10

Very good observations and facts,

Hey, Maybe they can break something else along with the patch so more will "go to black droid." faster. Haha. I am loyal to BB as a whole and will get a BlackBerry ANDROID when I am "ready" (on my watch) beings nothing like what I just mentioned above happens.

 Passport SE  -Working wiDe in 2017+...