04-08-18 06:42 AM
423 ... 7891011 ...
tools
  1. thurask's Avatar
    It is BCM43xx that is vulnerable, although the oldest chip tested by researchers is the BCM4339, which is only in some test platforms according to the previously linked thread. I'd have to look into the OS to check.
    OK, now that I have an OS's guts to look at...

    Z10: Texas Instruments WL1283 (STL100-1/2)/WL1273 (STL100-3/4)
    Q10: Broadcom BCM4334
    Q5: Broadcom BCM4334
    Z30: Broadcom BCM4334
    Z3: Qualcomm (whatever was in the old MSM8930 chip)
    Leap: Broadcom BCM4334
    Passport: Broadcom BCM4339
    Classic: Broadcom BCM4334

    Only the Passport's WiFi chip was recent enough to be tested, but since the (currently) final 10.3.3.2205 update was built December 12, 2016, that's well before Broadpwn was disclosed and patched on other platforms.
    10-21-17 03:21 PM
  2. app_Developer's Avatar
    Just because we don't hear about them doesn't mean they don't happen. Take Stagefright for example,

    https://www.androidheadlines.com/201...c-in-2017.html

    You also don't need to root or jailbreak a device to be impacted, in some case that's what the exploits do (and that's one of the things BB Android tries to protect against). Most users probably won't be impacted by exploits but for some security is certainly a consideration when buying a new phone.
    Well, stagefright is much easier to exploit at scale than KRACK.

    But, KRACK is out there now and so it has to be fixed.

    This coming week would a good time for BB to say something about this.
    Invictus0 likes this.
    10-21-17 03:26 PM
  3. Wmsi's Avatar
    My memory is failing me... did BB patch the last major vulnerability?
    BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products
    moonflyer likes this.
    10-21-17 03:27 PM
  4. Rodrigo Lourenco's Avatar
    I only desagree that people Who use bb10, use it as second phone...anything else is good information.thanks

    ☇ by Blackberry 
    anon(8679041) likes this.
    10-21-17 04:23 PM
  5. bb10adopter111's Avatar
    As I wrote, only BlackBerry knows, but I will try and guess.

    27 months ago, BB10 users peeked at 10 million.

    The average person keeps a smartphone for 22 months, so that instantly cuts the number to less than 5 million.

    I would also argue that the bleed rate on BB10 would be much higher than the average because of the whole "deal platform" thing. I would cut that number in half again to under 2.5 million.

    Now how many of these users actually USE the phone as a PRIMARY device? I would probably half the number again.

    So, I would guess 1-1.5 million users left, down to 500,000 by next summer. I think I'm being quite generous.
    Like you, in have no idea either, but I can't fault your logic. A range of 500K to 2M is what I would have estimated, with 80% confidence.

    Posted with my trusty Z10
    10-21-17 04:55 PM
  6. DreadPirateRegan's Avatar
    It is BCM43xx that is vulnerable, although the oldest chip tested by researchers is the BCM4339, which is only in some test platforms according to the previously linked thread. I'd have to look into the OS to check.
    Thurask,
    You are a wealth of knowledge and just thought I'd tell you that as everybody needs to hear something good (as well as random and true) once in awhile in this crazy and fast paced world. Totally random, just came back from my 26 year old cousins funeral today whom committed suicide and in 2013 my 25 y/o cuz did the deed so may be feeling a little bit like on the rag but.. Anyway, just figured I'd say that as strange as it sounds. Also, with that said man - I wish you weren't 500 steps ahead of me so I could follow and learn from you everytime.. #HeyJealousy

    Carry on gentleman.. just passing thru again.

    #KeepSmilingGuys

    Now, I will try to translate this Chinese (to ME) in quotes above, to LEARN so I can maybe one day join a similar convo with actual useful participation. #GoingToSitInTheCornerNow

     Passport SE  -Working wiDe in 2017+...
    10-21-17 05:04 PM
  7. bobshine's Avatar
    OK, now that I have an OS's guts to look at...

    Z10: Texas Instruments WL1283 (STL100-1/2)/WL1273 (STL100-3/4)
    Q10: Broadcom BCM4334
    Q5: Broadcom BCM4334
    Z30: Broadcom BCM4334
    Z3: Qualcomm (whatever was in the old MSM8930 chip)
    Leap: Broadcom BCM4334
    Passport: Broadcom BCM4339
    Classic: Broadcom BCM4334

    Only the Passport's WiFi chip was recent enough to be tested, but since the (currently) final 10.3.3.2205 update was built December 12, 2016, that's well before Broadpwn was disclosed and patched on other platforms.
    Wow that’s more than I thought... I only thought that the Passport used Broadcom and that the other BB10 used TI.

    The thing is that we’ll never know if it’s vulnerable... which I think is the worse situation. At least if we knew, we can take the necessary measures and be more careful
    10-21-17 05:05 PM
  8. bb10adopter111's Avatar
    Well, if I just parked myself in Starbucks for half a day, that could net me a lot of victims. Only the idiots would be driving down the block trying to pick off one home at a time. It wouldn't take a lot to make it worthwhile...just one unencrypted email (we all encrypt our emails, right? right?) with some particularly juicy information is all it takes. Maybe YOU are careful, but if your recipient is not and replies back....
    With so many WiFi users around the world, the chance of any one user being picked off might be low, but do you really want to count on that as security?
    The larger issue is that there are thousands of enterprises that are intentionally targeted continuously. There is no shortage of professionals, whether in criminal, corporate or government sponsored espionage teams that are happy to park a van wherever they need to to gain access to their targets.

    One of my clients has informed their employees that they may not access any WiFi connections on their BYOD devices unless they first remove their enterprise data and get a sign off from IT.

    Posted with my trusty Z10
    10-21-17 05:25 PM
  9. Invictus0's Avatar
    OK, now that I have an OS's guts to look at...

    Z10: Texas Instruments WL1283 (STL100-1/2)/WL1273 (STL100-3/4)
    Q10: Broadcom BCM4334
    Q5: Broadcom BCM4334
    Z30: Broadcom BCM4334
    Z3: Qualcomm (whatever was in the old MSM8930 chip)
    Leap: Broadcom BCM4334
    Passport: Broadcom BCM4339
    Classic: Broadcom BCM4334

    Only the Passport's WiFi chip was recent enough to be tested, but since the (currently) final 10.3.3.2205 update was built December 12, 2016, that's well before Broadpwn was disclosed and patched on other platforms.
    If this site is to be believed, they might not be vulnerable on iOS?

    MacStrategy | Article | List Of Apple Products Affected By Broadpwn
    10-21-17 05:34 PM
  10. eshropshire's Avatar
    Thurask,
    You are a wealth of knowledge and just thought I'd tell you that as everybody needs to hear something good (as well as random and true) once in awhile in this crazy and fast paced world. Totally random, just came back from my 26 year old cousins funeral today whom committed suicide and in 2013 my 25 y/o cuz did the deed so may be feeling a little bit like on the rag but.. Anyway, just figured I'd say that as strange as it sounds. Also, with that said man - I wish you weren't 500 steps ahead of me so I could follow and learn from you everytime.. #HeyJealousy

    Carry on gentleman.. just passing thru again.

    #KeepSmilingGuys

    Now, I will try to translate this Chinese (to ME) in quotes above, to LEARN so I can maybe one day join a similar convo with actual useful participation. #GoingToSitInTheCornerNow

     Passport SE  -Working wiDe in 2017+...
    Very sad to hear about your loss. Take care.
    DreadPirateRegan likes this.
    10-21-17 06:12 PM
  11. app_Developer's Avatar
    If this site is to be believed, they might not be vulnerable on iOS?

    MacStrategy | Article | List Of Apple Products Affected By Broadpwn
    It was vulnerable. They just fixed it in 10.3.3. And presumably in some version of 11.
    10-21-17 06:31 PM
  12. Richard Buckley's Avatar
    Well, if I just parked myself in Starbucks for half a day, that could net me a lot of victims. Only the idiots would be driving down the block trying to pick off one home at a time. It wouldn't take a lot to make it worthwhile...just one unencrypted email (we all encrypt our emails, right? right?) with some particularly juicy information is all it takes. Maybe YOU are careful, but if your recipient is not and replies back....
    With so many WiFi users around the world, the chance of any one user being picked off might be low, but do you really want to count on that as security?
    Do any Starbucks even use WPA2? None of them I've ever been in did. Most free Wi-Fi hotspots are captive portals with no encryption. So you don't even need to use Krack on those networks.

    LeapSTR100-2/10.3.3.2205
    10-21-17 07:48 PM
  13. Invictus0's Avatar
    It was vulnerable. They just fixed it in 10.3.3. And presumably in some version of 11.
    Those specific chips though? There doesn't seem to be anything concrete on the BCM4334.
    10-21-17 08:26 PM
  14. bb10adopter111's Avatar
    Do any Starbucks even use WPA2? None of them I've ever been in did. Most free Wi-Fi hotspots are captive portals with no encryption. So you don't even need to use Krack on those networks.

    LeapSTR100-2/10.3.3.2205
    Correct. Most people seem rely confused about the threat here. The danger is that lots of supposedly secure work is done over WPA2, and unencrypted communications on THOSE connections are now vulnerable. The big problem is that your device thinks it's on a trusted, secure network when data could be breached or the entire network spoofed.

    Posted with my trusty Z10
    10-21-17 08:44 PM
  15. app_Developer's Avatar
    We’re taking Starbucks too literally. Think of a coworking space that uses WPA2 and a bad guy camping there trying to steal emails or credit cards.

    The point is it would be very difficult to steal anything of value even from unpatched clients.

    Not saying it shouldn’t be fixed, but this is not so easy to exploit in the real world
    Asuhmiaseh likes this.
    10-21-17 09:13 PM
  16. Richard Buckley's Avatar
    We’re taking Starbucks too literally. Think of a coworking space that uses WPA2 and a bad guy camping there trying to steal emails or credit cards.

    The point is it would be very difficult to steal anything of value even from unpatched clients.

    Not saying it shouldn’t be fixed, but this is not so easy to exploit in the real world
    I don't think so. There is a lot of talk here and elsewhere that makes me believe that people think the Krack attack makes using open Wi-Fi hotspots like those at Starbucks, Tim Hortons and just about everywhere free Wi-Fi is offered more risky. The more we use Starbucks as an example for Krack the more we re-enforce that idea.

    The fact is that free Wi-Fi that uses WPA2, like my optometrists' and doctors' are still more secure than any Starbucks even if someone is trying to use Krack. As mentioned by others, Krack is a threat to those using WPA2 and not using additional forms of encryption, homes and offices. And that any unpatched client represents a way in for hackers, that includes phones, laptops, tablets and IoT devices.

    LeapSTR100-2/10.3.3.2205
    aiharkness likes this.
    10-22-17 05:26 AM
  17. scrannel's Avatar
    So... is there any setting within the router itself that can make exploitation more difficult?
    Last edited by scrannel; 10-24-17 at 09:46 AM.
    10-22-17 09:57 AM
  18. anon(8063781)'s Avatar
    So... is there any setting within the router itself that came make exploitation more difficult?
    Actually, there might be: if your router has a Tx (transmission) power setting, you could lower it (which requires a little trial and error) to make it more difficult for outsiders to detect your network and intercept those keys, but still cover your home.

    Mine is set so that it covers the house, but you really can't connect if you're more than about 10 feet away outdoors.

    My neighbours, of course, are broadcasting at 50,000 kW.
    10-22-17 10:59 AM
  19. Troy Tiscareno's Avatar
    So, I would guess 1-1.5 million users left, down to 500,000 by next summer. I think I'm being quite generous.
    I agree - especially on the last part.

    Even here on CB, the number of people migrating away from BB10 is considerable (many are moving to BB-Android).
    10-22-17 03:22 PM
  20. bb10adopter111's Avatar
    I agree - especially on the last part.

    Even here on CB, the number of people migrating away from BB10 is considerable (many are moving to BB-Android).
    Whatever the actual number is, it's a fraction of a percent of the market. The only question, really, is whether BlackBerry feels a need to either provide a fix for BB10 or make any kind of statement.

    I had kind if hoped that I could continue to use my BB10 phones for a few more years for the core MS Exchange functions via secure WiFi. So, I'll be disappointed, but not surprised, if BB's decision is that BB10 isn't relevant enough to patch, or even mention.

    Posted with my trusty Z10
    10-22-17 05:56 PM
  21. Chuck Finley69's Avatar
    Whatever the actual number is, it's a fraction of a percent of the market. The only question, really, is whether BlackBerry feels a need to either provide a fix for BB10 or make any kind of statement.

    I had kind if hoped that I could continue to use my BB10 phones for a few more years for the core MS Exchange functions via secure WiFi. So, I'll be disappointed, but not surprised, if BB's decision is that BB10 isn't relevant enough to patch, or even mention.

    Posted with my trusty Z10
    BB10 is like Bruce Willis character in Die Hard. Just happens to be missed by the bad guys who don't initially know he's even there. Yippee Kiyea ____________ ______________. LOL
    Last edited by Chuck Finley69; 10-22-17 at 06:19 PM.
    DreadPirateRegan likes this.
    10-22-17 06:02 PM
  22. CaptainSuperb's Avatar
    BlackBerry has got 20 million users, many of which are on BBOS (7.1 or earlier) as well as OS 10 and the defunct Android models that BB made themselves.

    We'll find out how well this 'software' company does by issuing a patch for ALL of the above actively used devices.

    Or maybe Chen (PBUH) will just have to find another company to 'acquire' in order to do it for him. *snigger*
    10-23-17 09:56 AM
  23. Elephant_Canyon's Avatar
    BlackBerry has got 20 million users,
    [citation needed]
    Troy Tiscareno likes this.
    10-23-17 10:02 AM
  24. Chuck Finley69's Avatar
    BlackBerry has got 20 million users, many of which are on BBOS (7.1 or earlier) as well as OS 10 and the defunct Android models that BB made themselves.

    We'll find out how well this 'software' company does by issuing a patch for ALL of the above actively used devices.

    Or maybe Chen (PBUH) will just have to find another company to 'acquire' in order to do it for him. *snigger*
    Seems like acquisitions have done well for him and the BOD.... You mad bro?
    DreadPirateRegan likes this.
    10-23-17 10:06 AM
  25. thurask's Avatar
    Seems like acquisitions have done well for him and the BOD.... You mad bro?
    The usual idea of "what's best for BlackBerry" is "what's best for me" in a shoddy disguise. I'm sure the shareholders are more than willing to bend to the whims of some random guy who insists legacy devices are just pining for the fjords.
    10-23-17 10:14 AM
423 ... 7891011 ...

Similar Threads

  1. How secure really is the Keyone finger sensor
    By dorsetshaw in forum BlackBerry KEYone
    Replies: 19
    Last Post: 10-27-17, 08:53 PM
  2. KRACK WPA2 Vulnerability on BB10
    By EFats in forum BlackBerry 10 OS
    Replies: 8
    Last Post: 10-18-17, 01:38 PM
  3. how to stop auto download of mail attachment in hub
    By madh263362 in forum BlackBerry Android OS
    Replies: 2
    Last Post: 10-17-17, 08:51 AM
  4. KEYone Keyboard scrolling issue with ads on articles
    By Turborat in forum BlackBerry Mobile Support
    Replies: 0
    Last Post: 10-17-17, 07:56 AM
  5. Problem with finger sensor on may K1
    By mikimike2 in forum BlackBerry Mobile Support
    Replies: 1
    Last Post: 10-17-17, 05:49 AM
LINK TO POST COPIED TO CLIPBOARD