1. SethDove's Avatar
    How does that work? Anyone hear why there were no Blackberries this time? Just curious.

    Posted via CB10
    11-13-14 12:00 PM
  2. anon1727506's Avatar
    How does that work? Anyone hear why there were no Blackberries this time? Just curious.

    Posted via CB10
    BlackBerry is pretty much irrelevant when it comes to the mobile market, and thus the problem is there isn't much interest in hacking it or talking about it. (and don't say it's too secure... they have found weakness in the past ). It's simply that with 3% - 5% marketshare and sales below 1%.... it just isn't very interesting.
    11-13-14 12:21 PM
  3. RichardHBB's Avatar
    From the article I read, the Z30 was one of the devices tested. No mention of it being hacked.

    Mobile Pwn2Own 2014: iPhone 5s, Galaxy S5, Nexus 5, Fire Phone Hacked | SecurityWeek.Com

    "The competition, organized by HP's Zero Day Initiative (ZDI) and sponsored by BlackBerry and the Google Android Security team, targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5."

    So the discussion about BlackBerry being irrelevant can be tabled. Do note that BlackBerry, along with the Google Android Security Team, sponsored this event.

    Richard
    11-13-14 12:32 PM
  4. Deppe's Avatar
    BlackBerry is pretty much irrelevant when it comes to the mobile market, and thus the problem is there isn't much interest in hacking it or talking about it. (and don't say it's too secure... they have found weakness in the past ). It's simply that with 3% - 5% marketshare and sales below 1%.... it just isn't very interesting.
    I have no idea what this event is about, but unless you are hacking for commercial goals, wouldn't the most secure platform be "funnier" to hack than other platforms?

    From what I understand about hackers many of them hack to show that they are able to do it - we pretty much know that about iPhone and Androids with jailbreaks and all - would that not make BlackBerry relevant?

    Again, I don't know much about that particular area but I would think it makes intuitive sense to have one of, if not the most secure platform at such an event, regardless the market share.
    spikesolie likes this.
    11-13-14 12:32 PM
  5. BBFunGuy's Avatar
    This contest is for money, not fun. Prize money offered is the same whether you hacked the iPhone 5s, or the Z30, so logically you work out how to hack the easiest device 1st. May be BlackBerry will have better luck next year, but then they will probably be competing against the might iPhone 6. Yikes!
    11-13-14 12:50 PM
  6. SethDove's Avatar
    Found another article. Apparently Blackberry co-sponsored this time?

    iPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own | Ars Technica

    The HP blog post says nothing about the Z30:

    Mobile Pwn2Own 2014: The day one recap - HP Enterprise Business Community
    11-13-14 01:20 PM
  7. gariac's Avatar
    http://h30499.www3.hp.com/t5/HP-Secu...p/ba-p/6670234

    Day two, but nothing BlackBerry relevant.


    Posted via CB10
    11-13-14 07:27 PM
  8. Mayor McCheese's Avatar
    BlackBerry is pretty much irrelevant when it comes to the mobile market, and thus the problem is there isn't much interest in hacking it or talking about it. (and don't say it's too secure... they have found weakness in the past ). It's simply that with 3% - 5% marketshare and sales below 1%.... it just isn't very interesting.
    I didn't know the G8 governments were irrelevant to hackers! News to me :s....

    Posted via CB10
    11-13-14 09:35 PM
  9. gariac's Avatar
    I heard on TWIT that there was a Z30 there but nobody wanted to hack it. Now this could be good for BlackBerry. Apparently these hackers have a number of zero day exploits up their sleeve way before the event starts. That is how they can show up and crack a phone in a day.

    Perhaps nobody could find a zero day for the Z30.


    Posted via CB10
    11-18-14 03:11 AM
  10. RichardHBB's Avatar
    Some may try to spin it as, "no fame in hacking a phone nobody uses" but I think the real issue is, "too hard to hack vs. the others."

    Richard
    11-18-14 11:14 AM
  11. gariac's Avatar
    The iphone is easy to crack due to Safari being crap. This may be a lesson for people trying 3rd party browsers on their BlackBerry. You change the browser, you add a vector. Anything given executable permission is always suspect. And please, fanbois, no lectures on sandboxing.

    Posted via CB10
    11-19-14 12:45 PM
  12. dvarnai's Avatar
    Safari uses the same webkit codebase as BlackBerry... So unless BlackBerry have top notch sandboxing for the browser the same exploits would apply.

    BlackBerry Q10 SQN100-3
    11-19-14 04:14 PM
  13. gariac's Avatar
    Safari uses the same webkit codebase as BlackBerry... So unless BlackBerry have top notch sandboxing for the browser the same exploits would apply.

    BlackBerry Q10 SQN100-3

    Just look at the HTML5 ranking difference between safari and the bb10 browser and tell me they are the same.

    So if two programs are written in C++, does that make them equally secure?


    Posted via CB10
    11-19-14 06:35 PM
  14. dvarnai's Avatar
    Just look at the HTML5 ranking difference between safari and the bb10 browser and tell me they are the same.

    So if two programs are written in C++, does that make them equally secure?


    Posted via CB10
    They don't necessarily have to use the same revision of webkit you know...

    BlackBerry Q10 SQN100-3
    11-19-14 07:38 PM
  15. Richard Buckley's Avatar
    They don't necessarily have to use the same revision of webkit you know...

    BlackBerry Q10 SQN100-3
    They also don't have to implement all the features included in the code base. Or use the same JavaScript engine.

    The underlying OSs and support libraries can also differ in significant ways.

    Posted via CB10
    11-19-14 08:03 PM
  16. dvarnai's Avatar
    They also don't have to implement all the features included in the code base. Or use the same JavaScript engine.

    The underlying OSs and support libraries can also differ in significant ways.

    Posted via CB10
    BlackBerry really should have better things to do than working on their own js engine. Also html5 score doesn't mean anything. Mobile chrome shares the renderer with the pc one yet its score is less. Why? Because rarely used stuff adds extra complexity to the code and increases binary sizes. And who knows removing some of the more widespread features that are just eye candy like css text-shadow you can just as well speed up the browser. Either blackberry did a pretty good job implementing stuff by themselves ahead of competitors or a half-assed job enabling everything possible (although the reason behind this might be the app gap itself, however if they remove flash it wont really make any difference)

    Edit: well I just checked. Compared to ios we only have webrtc, webcam access (lol?), gamepad support (wha...), pointer events, fullscreen support and Web notifications. Yet we still lack fully open source codecs (ios too), web crypto api, security policy 1.1 and some other stuff. I think it's clear that the html5 score doesn't mean much here, we have stuff that are totally useless on a phone and we lack stuff that blackberry is supposed to be famous for

    So I would say blackberry just didn't spend time disabling useless stuff while others did

    BlackBerry Q10 SQN100-3
    11-19-14 08:13 PM
  17. Richard Buckley's Avatar
    BlackBerry really should have better things to do than working on their own js engine. Also html5 score doesn't mean anything. Mobile chrome shares the renderer with the pc one yet its score is less. Why? Because rarely used stuff adds extra complexity to the code and increases binary sizes. And who knows removing some of the more widespread features that are just eye candy like css text-shadow you can just as well speed up the browser. Either blackberry did a pretty good job implementing stuff by themselves ahead of competitors or a half-assed job enabling everything possible (although the reason behind this might be the app gap itself, however if they remove flash it wont really make any difference)

    Edit: well I just checked. Compared to ios we only have webrtc, webcam access (lol?), gamepad support (wha...), pointer events, fullscreen support and Web notifications. Yet we still lack fully open source codecs (ios too), web crypto api, security policy 1.1 and some other stuff. I think it's clear that the html5 score doesn't mean much here, we have stuff that are totally useless on a phone and we lack stuff that blackberry is supposed to be famous for

    So I would say blackberry just didn't spend time disabling useless stuff while others did

    BlackBerry Q10 SQN100-3
    And yet no takers.

    Edit:

    In fact the first webkit based BlackBerry browser in BBOS 6 was hacked at Pwn2own. Normally that would be an indication that there are more vulnerabilities waiting in the code. Unless BlackBerry has a different approach to using open source projects, or hackers have decided to take it easy on them.
    Posted via CB10
    Last edited by Richard Buckley; 11-20-14 at 05:18 AM.
    11-20-14 04:40 AM
  18. gariac's Avatar
    And yet no takers.

    Edit:

    In fact the first webkit based BlackBerry browser in BBOS 6 was hacked at Pwn2own. Normally that would be an indication that there are more vulnerabilities waiting in the code. Unless BlackBerry has a different approach to using open source projects, or hackers have decided to take it easy on them.
    Posted via CB10
    No takers for what? And we are on bb10.

    Make no mistake. If somebody had an exploit up their sleeve for the z30, they would have hacked the phone. You get more street cred for hacking a BlackBerry than an iPhone or Android because those phones are easy to hack.

    This is a money making event. If there was a hack for the Z30, you bet people would be lining up to collect the money.

    Posted via CB10
    11-20-14 07:20 AM
  19. dvarnai's Avatar
    No takers for what? And we are on bb10.

    Make no mistake. If somebody had an exploit up their sleeve for the z30, they would have hacked the phone. You get more street cred for hacking a BlackBerry than an iPhone or Android because those phones are easy to hack.

    This is a money making event. If there was a hack for the Z30, you bet people would be lining up to collect the money.

    Posted via CB10
    The windows phone wasn't hacked either but they did try... it was even mentioned that it wasn't hacked. If anyone would have even tried the z30 it would have been mentioned

    BlackBerry Q10 SQN100-3
    11-20-14 11:01 AM
  20. gariac's Avatar
    The windows phone wasn't hacked either but they did try... it was even mentioned that it wasn't hacked. If anyone would have even tried the z30 it would have been mentioned

    BlackBerry Q10 SQN100-3
    The windows phone got a partial hack success. But the exploits are known before the event takes place. There was no bb10 exploit in the wild, so nobody tried to hack the Z30.

    There was a bug in BlackBerry Protect last year, though BlackBerry patched it before it could be exploited in the pwn to own.

    Posted via CB10
    spikesolie likes this.
    11-20-14 03:34 PM
  21. Richard Buckley's Avatar
    No takers for what? And we are on bb10.

    Make no mistake. If somebody had an exploit up their sleeve for the z30, they would have hacked the phone. You get more street cred for hacking a BlackBerry than an iPhone or Android because those phones are easy to hack.

    This is a money making event. If there was a hack for the Z30, you bet people would be lining up to collect the money.

    Posted via CB10
    Exactly my point. If it was as straight forward as hack one Net kit browser hack them all there would be people trying to take down the Z30. The fact that they aren't talking up the challenge more likely means that there haven't been any finds, than no one cares.

    The BBOS 6 incident is important because of what BlackBerry learned about open source. The fact that it hasn't happened again says a lot about how they applied those lessons.

    Posted via CB10
    11-20-14 04:25 PM

Similar Threads

  1. Just wanted to recommend an awesome 'built for BlackBerry' game
    By Barbareren in forum BlackBerry 10 Games
    Replies: 4
    Last Post: 11-19-14, 05:46 AM
  2. Blackberry needs to provide me more
    By Marty Mart in forum BlackBerry 10 OS
    Replies: 21
    Last Post: 11-18-14, 05:55 PM
  3. eBay used Blackberry Purchase AT&T BIS Activation Problem
    By SaintThomasAquinas in forum General BlackBerry Discussion
    Replies: 5
    Last Post: 11-14-14, 04:05 PM
  4. BB Passport - how to remove ....sent by my Blackberry on my emails?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 11-13-14, 11:09 AM
  5. BlackBerry for Enterprise and Investor Day live blog!
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 11-13-14, 11:00 AM
LINK TO POST COPIED TO CLIPBOARD