1. anon(10782781)'s Avatar
    Hi everybody. Yesterday there was news that Apple sued NSOGroup (the creators of the Pegasus software). I read this and it turned out that the old Blackberries (before OS 10) were also hacked by them. For the sake of interest, I would like to ask, do you think they had software capable of specifically hacking BlackBerry OS 10? I don't seem to have found any information about this on the internet.
    11-24-21 02:14 AM
  2. spARTacus's Avatar
    I suspect they certainly could have, given the claims that they can exploit all versions of iOS and Android. BB10 also has the Android runtime within it.

    Since business decisions seem to be behind how/what they target, based on what potential market could exist for their capabilities, I guess there is a chance they never bothered targeting BB10 (too small of a user base). However, I think there was at one point also some high profile BB10 users. So, maybe that also made BB10 a valuable target.

    I did a quick google search and didn't find any media reports or rumors about cases of BB10 being exploited in relation to this.

    I am curious as to the merit behind Apple suing them. I guess there is some sort of terms of service for Apple devices, about not allowed to miss use them or reverse engineer them. Or, maybe contravention of app store terms of service.
    11-24-21 07:18 AM
  3. Dunt Dunt Dunt's Avatar
    One of the companies in Israel did list BB10 devices as something they could gather "some" information from. But little point in them advertising or marketing that today... BB10 for Enterprise was an EOL product half a decade ago.
    11-24-21 08:38 AM
  4. KOEG's Avatar
    I agree with spARTacus that Android Runtime could be a "weak link" in security. I recently found a similar hack of Android Runtime in OS 10, dated 2015.




    At 6 minutes 43 seconds, it is clear that all this works exactly with OS 10 and QNX. As I understand it, this hacking happens with the help of a special Linux distribution. I've come across this distribution myself a couple of times. So I think that even at the time when the system was still being updated, people were quietly extracting user data from devices running OS 10.
    11-24-21 11:45 AM
  5. conite's Avatar
    I agree with spARTacus that Android Runtime could be a "weak link" in security. I recently found a similar hack of Android Runtime in OS 10, dated 2015.




    At 6 minutes 43 seconds, it is clear that all this works exactly with OS 10 and QNX. As I understand it, this hacking happens with the help of a special Linux distribution. I've come across this distribution myself a couple of times. So I think that even at the time when the system was still being updated, people were quietly extracting user data from devices running OS 10.
    The Android Runtime is not a weak link. It's only a virtual machine run from within the OS. It can't be hacked or even accessed from the outside - it's just an app.
    11-24-21 12:29 PM
  6. KOEG's Avatar
    Do you think it's fake? Just the Android Runtime version, for example, is correct there, there is an inscription QNX, the processor code Z10 is also correct (6 minute 43 seconds). I just know that this program is 100% working for Android devices. In this video, everything is extracted from the Android Runtime, which is directly connected to the main system (including contacts in OS 10 itself, SMS, etc.).
    11-24-21 01:27 PM
  7. joeldf's Avatar
    Do you think it's fake? Just the Android Runtime version, for example, is correct there, there is an inscription QNX, the processor code Z10 is also correct (6 minute 43 seconds). I just know that this program is 100% working for Android devices. In this video, everything is extracted from the Android Runtime, which is directly connected to the main system (including contacts in OS 10 itself, SMS, etc.).
    It's just reporting the OS info. Any android app that can report the current OS on a BB10 phone will say that.

    As for SMS, yes, there are hooks for some information thought the android runtime to BB10. That's how so many SMS and Contacts backup apps made for Android can work on BB10. Permission is given for that access.

    Ever try Ghost Commander on BB10? You can get to a lot of information with that app too. Pretty much the same information.
    11-24-21 01:36 PM
  8. KOEG's Avatar
    It seems to me that it's one thing when you put Ghost Commander on the device itself and find out the information. And it's quite another thing when, for example, it is password protected and conditional SMS messages, contacts, photos can be extracted from the device. About the OS version, processor code, etc., I wrote to the fact that it really could be the original Z10.
    Last edited by KOEG; 11-24-21 at 02:15 PM.
    11-24-21 01:58 PM
  9. conite's Avatar
    It seems to me that it's one thing when you put Ghost Commander on the device itself and find out the information. And it's quite another thing when, for example, it is password protected and conditional SMS messages, contacts, photos can be extracted from the device.
    We have no idea what is real and what is fake in that video.

    There was a bounty for hacking a BB10 device at one point, and there is no record of anyone getting it, so...

    Others have broken BBID and anti-theft, but only after having wiped the device.
    11-24-21 02:11 PM
  10. KOEG's Avatar
    Well, BlackBerry 10 has always been an unpopular platform. Therefore, it seems to me that it could have been hacked, they just didn't talk about it much anywhere.
    11-24-21 02:33 PM
  11. KOEG's Avatar
    I have tested this method, and it REALLY works. Tested on OS 10.3.3. From my Z30 I extracted a list of contacts, SMS, started a stream from the front camera of the phone, etc.
    11-28-21 05:30 AM
  12. nevilleadaniels's Avatar
    This Israeli company with or without Pegasus goes in under the radar on the Old Unix command codes. Which is the fundamental basis of Windows, Linux, OS2, Andoid, IOS, and quite a number of mainframe computing operating systems.
    And using fortran the preceding code to Cobol, they can get into virtually everything
    11-28-21 07:33 AM
  13. spARTacus's Avatar
    I have tested this method, and it REALLY works. Tested on OS 10.3.3. From my Z30 I extracted a list of contacts, SMS, started a stream from the front camera of the phone, etc.
    What particular method did you test?
    11-28-21 07:39 AM
  14. KOEG's Avatar
    I did everything as in that video (I sent the link above)
    spARTacus likes this.
    11-28-21 07:56 AM
  15. app_Developer's Avatar
    The Android Runtime is not a weak link. It's only a virtual machine run from within the OS. It can't be hacked or even accessed from the outside - it's just an app.
    But the runtime has elevated access. I could totally see how the runtime could be exploited to reach radios, SMS, the user’s contacts, etc. These are all things which the runtime has access to in the normal course of its work.
    KOEG likes this.
    11-28-21 05:50 PM
  16. conite's Avatar
    But the runtime has elevated access. I could totally see how the runtime could be exploited to reach radios, SMS, the user’s contacts, etc. These are all things which the runtime has access to in the normal course of its work.
    Of course. But not from outside the OS. You have to get past BB10 to get to the Runtime.
    app_Developer likes this.
    11-28-21 05:51 PM
  17. KOEG's Avatar
    Of course. But not from outside the OS. You have to get past BB10 to get to the Runtime.
    However, if the exploit gets to the user's device (as in the working method described above), then the data that Android Runtime has access to is easily extracted.
    11-28-21 11:57 PM

Similar Threads

  1. BlackBerry Hub on my Key1 has a major problem
    By humfred in forum BlackBerry KEYone
    Replies: 24
    Last Post: 11-27-21, 07:11 PM
  2. Pocket/folding keyboard experiences? (Moving on from BB....)
    By CrackBerry Question in forum Ask a Question
    Replies: 46
    Last Post: 11-23-21, 03:03 PM
  3. Replies: 2
    Last Post: 11-23-21, 08:51 AM
  4. Replies: 4
    Last Post: 11-22-21, 08:59 PM
  5. Cant get Appworld on my BB Curve 8520
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 11-22-21, 08:12 AM
LINK TO POST COPIED TO CLIPBOARD