[SethDove]

How does that work? Anyone hear why there were no Blackberries this time? Just curious.

Posted via CB10

[Dunt Dunt Dunt]

How does that work? Anyone hear why there were no Blackberries this time? Just curious.

Posted via CB10

BlackBerry is pretty much irrelevant when it comes to the mobile market, and thus the problem is there isn't much interest in hacking it or talking about it. (and don't say it's too secure... they have found weakness in the past ). It's simply that with 3% - 5% marketshare and sales below 1%.... it just isn't very interesting.

[RichardHBB]

From the article I read, the Z30 was one of the devices tested. No mention of it being hacked.

Mobile Pwn2Own 2014: iPhone 5s, Galaxy S5, Nexus 5, Fire Phone Hacked | SecurityWeek.Com

"The competition, organized by HP's Zero Day Initiative (ZDI) and sponsored by BlackBerry and the Google Android Security team, targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5."

So the discussion about BlackBerry being irrelevant can be tabled. Do note that BlackBerry, along with the Google Android Security Team, sponsored this event.

Richard

[Deppe]

BlackBerry is pretty much irrelevant when it comes to the mobile market, and thus the problem is there isn't much interest in hacking it or talking about it. (and don't say it's too secure... they have found weakness in the past ). It's simply that with 3% - 5% marketshare and sales below 1%.... it just isn't very interesting.

I have no idea what this event is about, but unless you are hacking for commercial goals, wouldn't the most secure platform be "funnier" to hack than other platforms?

From what I understand about hackers many of them hack to show that they are able to do it - we pretty much know that about iPhone and Androids with jailbreaks and all - would that not make BlackBerry relevant?

Again, I don't know much about that particular area but I would think it makes intuitive sense to have one of, if not the most secure platform at such an event, regardless the market share.

[BBFunGuy]

This contest is for money, not fun. Prize money offered is the same whether you hacked the iPhone 5s, or the Z30, so logically you work out how to hack the easiest device 1st. May be BlackBerry will have better luck next year, but then they will probably be competing against the might iPhone 6. Yikes!

[SethDove]

Found another article. Apparently Blackberry co-sponsored this time?

iPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own | Ars Technica

The HP blog post says nothing about the Z30:

Mobile Pwn2Own 2014: The day one recap - HP Enterprise Business Community

[gariac]

http://h30499.www3.hp.com/t5/HP-Secu...p/ba-p/6670234

Day two, but nothing BlackBerry relevant.


Posted via CB10

[Mayor McCheese]

BlackBerry is pretty much irrelevant when it comes to the mobile market, and thus the problem is there isn't much interest in hacking it or talking about it. (and don't say it's too secure... they have found weakness in the past ). It's simply that with 3% - 5% marketshare and sales below 1%.... it just isn't very interesting.

I didn't know the G8 governments were irrelevant to hackers! News to me :s....

Posted via CB10

[gariac]

I heard on TWIT that there was a Z30 there but nobody wanted to hack it. Now this could be good for BlackBerry. Apparently these hackers have a number of zero day exploits up their sleeve way before the event starts. That is how they can show up and crack a phone in a day.

Perhaps nobody could find a zero day for the Z30.


Posted via CB10

[RichardHBB]

Some may try to spin it as, "no fame in hacking a phone nobody uses" but I think the real issue is, "too hard to hack vs. the others."

Richard

[gariac]

The iphone is easy to crack due to Safari being crap. This may be a lesson for people trying 3rd party browsers on their BlackBerry. You change the browser, you add a vector. Anything given executable permission is always suspect. And please, fanbois, no lectures on sandboxing.

Posted via CB10

[dvarnai]

Safari uses the same webkit codebase as BlackBerry... So unless BlackBerry have top notch sandboxing for the browser the same exploits would apply.

BlackBerry Q10 SQN100-3

[gariac]

Safari uses the same webkit codebase as BlackBerry... So unless BlackBerry have top notch sandboxing for the browser the same exploits would apply.

BlackBerry Q10 SQN100-3

Just look at the HTML5 ranking difference between safari and the bb10 browser and tell me they are the same.

So if two programs are written in C++, does that make them equally secure?


Posted via CB10

[dvarnai]

Just look at the HTML5 ranking difference between safari and the bb10 browser and tell me they are the same.

So if two programs are written in C++, does that make them equally secure?


Posted via CB10

They don't necessarily have to use the same revision of webkit you know...

BlackBerry Q10 SQN100-3

[Richard Buckley]

They don't necessarily have to use the same revision of webkit you know...

BlackBerry Q10 SQN100-3

They also don't have to implement all the features included in the code base. Or use the same JavaScript engine.

The underlying OSs and support libraries can also differ in significant ways.

Posted via CB10

[dvarnai]

They also don't have to implement all the features included in the code base. Or use the same JavaScript engine.

The underlying OSs and support libraries can also differ in significant ways.

Posted via CB10

BlackBerry really should have better things to do than working on their own js engine. Also html5 score doesn't mean anything. Mobile chrome shares the renderer with the pc one yet its score is less. Why? Because rarely used stuff adds extra complexity to the code and increases binary sizes. And who knows removing some of the more widespread features that are just eye candy like css text-shadow you can just as well speed up the browser. Either blackberry did a pretty good job implementing stuff by themselves ahead of competitors or a half-assed job enabling everything possible (although the reason behind this might be the app gap itself, however if they remove flash it wont really make any difference)

Edit: well I just checked. Compared to ios we only have webrtc, webcam access (lol?), gamepad support (wha...), pointer events, fullscreen support and Web notifications. Yet we still lack fully open source codecs (ios too), web crypto api, security policy 1.1 and some other stuff. I think it's clear that the html5 score doesn't mean much here, we have stuff that are totally useless on a phone and we lack stuff that blackberry is supposed to be famous for

So I would say blackberry just didn't spend time disabling useless stuff while others did

BlackBerry Q10 SQN100-3

[Richard Buckley]

BlackBerry really should have better things to do than working on their own js engine. Also html5 score doesn't mean anything. Mobile chrome shares the renderer with the pc one yet its score is less. Why? Because rarely used stuff adds extra complexity to the code and increases binary sizes. And who knows removing some of the more widespread features that are just eye candy like css text-shadow you can just as well speed up the browser. Either blackberry did a pretty good job implementing stuff by themselves ahead of competitors or a half-assed job enabling everything possible (although the reason behind this might be the app gap itself, however if they remove flash it wont really make any difference)

Edit: well I just checked. Compared to ios we only have webrtc, webcam access (lol?), gamepad support (wha...), pointer events, fullscreen support and Web notifications. Yet we still lack fully open source codecs (ios too), web crypto api, security policy 1.1 and some other stuff. I think it's clear that the html5 score doesn't mean much here, we have stuff that are totally useless on a phone and we lack stuff that blackberry is supposed to be famous for

So I would say blackberry just didn't spend time disabling useless stuff while others did

BlackBerry Q10 SQN100-3

And yet no takers.

Edit:

In fact the first webkit based BlackBerry browser in BBOS 6 was hacked at Pwn2own. Normally that would be an indication that there are more vulnerabilities waiting in the code. Unless BlackBerry has a different approach to using open source projects, or hackers have decided to take it easy on them.
Posted via CB10

[gariac]

And yet no takers.

Edit:

In fact the first webkit based BlackBerry browser in BBOS 6 was hacked at Pwn2own. Normally that would be an indication that there are more vulnerabilities waiting in the code. Unless BlackBerry has a different approach to using open source projects, or hackers have decided to take it easy on them.
Posted via CB10

No takers for what? And we are on bb10.

Make no mistake. If somebody had an exploit up their sleeve for the z30, they would have hacked the phone. You get more street cred for hacking a BlackBerry than an iPhone or Android because those phones are easy to hack.

This is a money making event. If there was a hack for the Z30, you bet people would be lining up to collect the money.

Posted via CB10

[dvarnai]

No takers for what? And we are on bb10.

Make no mistake. If somebody had an exploit up their sleeve for the z30, they would have hacked the phone. You get more street cred for hacking a BlackBerry than an iPhone or Android because those phones are easy to hack.

This is a money making event. If there was a hack for the Z30, you bet people would be lining up to collect the money.

Posted via CB10

The windows phone wasn't hacked either but they did try... it was even mentioned that it wasn't hacked. If anyone would have even tried the z30 it would have been mentioned

BlackBerry Q10 SQN100-3

[gariac]

The windows phone wasn't hacked either but they did try... it was even mentioned that it wasn't hacked. If anyone would have even tried the z30 it would have been mentioned

BlackBerry Q10 SQN100-3

The windows phone got a partial hack success. But the exploits are known before the event takes place. There was no bb10 exploit in the wild, so nobody tried to hack the Z30.

There was a bug in BlackBerry Protect last year, though BlackBerry patched it before it could be exploited in the pwn to own.

Posted via CB10

[Richard Buckley]

No takers for what? And we are on bb10.

Make no mistake. If somebody had an exploit up their sleeve for the z30, they would have hacked the phone. You get more street cred for hacking a BlackBerry than an iPhone or Android because those phones are easy to hack.

This is a money making event. If there was a hack for the Z30, you bet people would be lining up to collect the money.

Posted via CB10

Exactly my point. If it was as straight forward as hack one Net kit browser hack them all there would be people trying to take down the Z30. The fact that they aren't talking up the challenge more likely means that there haven't been any finds, than no one cares.

The BBOS 6 incident is important because of what BlackBerry learned about open source. The fact that it hasn't happened again says a lot about how they applied those lessons.

Posted via CB10