The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols
- UPDATE / 8th of April: There is even a bigger problem with some implementations of TLS. Some of BlackBerry's servers and products were/are vulnerable.
Official BlackBerry statement
TL;DR
BlackBerry's choice of Internet Security Protocols to secure Internet connections made from a BlackBerry 10 device is not the greatest and the competition is doing much better. BlackBerry 10 is using TLS 1.0, the competition TLS 1.2.
I'll let you decide if TLS 1.0 is safe enough to protect your connection to sites and services you use. Cryptographers, the US National Institute of Standards and Technology (NIST), Microsoft all say it isn't.
Users on BES have an extra layer of protection which uses stronger cipher suites.
Long version
BlackBerry 10 is using TLS 1.0
While configuring devices to make sure they can safely connect to secure servers, I had the unpleasant surprise of discovering that BlackBerry 10 was only offering dated, weak Internet Security Protocols:
- SSL 2: Should be banned everywhere
- SSL 3: It's so bad, only XP uses it today
- TLS 1.0: Has been cracked and patched several times
Those protocols only contain cipher suites containing dangerous, treacherous or weak algorithms such as:
- RC4 (game over if your enemy has large resources)
- ECDSA (NIST curves, owned by BlackBerry)
- SHA1 (foundation is cracking, not recommended by BlackBerry, ECRYPT II, deprecated by FIPS)
- 3DES, DES (Forget it)
- DHE_DSS (Don't use DSS)
- AES CBC (bad things happen if TLS 1.0 is not patched)
- MD5 (cracked!)
But not the stronger ones such as
- AES GCM
- Camellia GCM
- SHA2 and
- DHE without DSS.
First I thought it was a general problem with smartphones, but iOS 7.0.6 (without the gotofail.com ), Chrome on Android 4.4 and the latest Firefox on Android all support TLS 1.2 and offer even stronger encryption than what you get on a typical Windows desktop:
DHE+AES256+GCM+SHA384
You can get the full list of cipher suites supported by your BlackBerry browser via :
https://cc.dcsec.uni-hannover.de/
Is TLS 1.0 considered weak cryptography?
To make up your mind regarding how safe those ciphers are to use today, you should do your research. There are plenty of links available on Google, Wikipedia, crypto forums, IRC channels, etc. or ask a cryptographer on what they think of TLS 1.0...
Here are a few links to get you started:
- TLS version 1.1 is required, at a minimum, in order to mitigate various attacks on version 1.0 of the TLS protocol. Support for TLS version 1.2 is strongly recommended. NIST
- RC4 in TLS is Broken: Now What? Qualys
- A roster of TLS cipher suites weaknesses. Google Online Security Blog
- Security Advisory: Recommendation to disable RC4 Microsoft
- Is TLS secure? Bristol Cryptography Blog
- "A double-byte bias attack on RC4 in TLS and SSL [...] was unveiled on 8 July 2013, and it was described as "feasible" [...] on August 15, 2013" Wikipedia
- "In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable" Wikipedia
- Cipher security against publicly known feasible attacks Wikipedia
The main problems are that the most secure suites on BB10 are:
- using AES CBC which has had a lot of problems these past years (BEAST, Lucky 13) and while some vulnerabilities have probably been patched on the devices, it's still best to move to AES GCM
- using SHA1 which shows more and more signs of weaknesses and is depcreciated by both ECRYPT II and FIPS.
The good news is that the stronger suites in TLS 1.0 support Perfect Forward Secrecy via DHE and ECDHE (if you don't mind the unexplained magic numbers in NIST approved curves...), which means that an attacker can't record traffic to decrypt it later.
What are the risks?
- If you're the target of a government agency, well, there is not much you can do. Stronger crypto might not even help you as they'll probably target your device directly or the services that you use
- If you use your device for business and you're connecting to company services using a combination of elliptic curves and ephemeral keys, only the US government and spies who have copied their keys will be able to intercept your conversations. Apart from that, you'll know when there is a SHA1 exploit or a new attack on CBC in the wild as banks will probably be the first targets, unless your business is very valuable
- If you're a consumer, your bank, email provider, cloud, etc. will choose the strength of the connection for you and they'll probably pick the one which costs them the least in terms of resources from the list of what BlackBerry 10 has to offer. As long as it's DHE or ECDHE (click on the lock in a secure connection to find out), that's probably good enough to protect you from hackers until TLS 1.0 falls again, but won't stop the US government from collecting data
Conclusions
So BlackBerry 10 is lagging behind the competition when it comes to establishing secure connections on the Internet, but you're the only one who can tell whether it's relevant for what you're using your devices for.
Let's just hope BlackBerry will soon follow Google, Apple, Opera, Microsoft, Firefox, etc. and upgrade BlackBerry 10 to the latest, safest version of TLS
Note 1: What about their FIPS140-2 certification? That's not just about ciphers, but about building a secure environment and BlackBerry still rules that area, but the next revision of FIPS is moving away from some of the weak algos mentioned above.
Note 2: If you're worried about governments casually monitoring your conversations, you can use Android chat apps like TextSecure or Surespot. They use one of the most promising cipher suite DHE+curve25519+xsalsa20+poly1305, which is fast and hasn't been influenced by the NSA or NIST. That's what security conscious sysadmins are migrating to today to manage servers.
Note 3: The screenshot is from howsmyssl.com which gives the BB10 browser a bad rating for its use of TLS 1.0 which is not recommended today. It also contains lots of "good" ratings in a few areas they test, because their list of secure cipher suites is not up to date and they blindly mark any ephemeral key support as good when some are known to be weak or are not trusted any more by the crypto community.Last edited by ofutur; 04-11-14 at 12:42 PM. Reason: Added a link to the BlackBerry's KB article
02-25-14 10:40 AMLike 18 - There's more to it than a website telling you it's "bad." I'll wait for someone who's an expert in this field to provide details.02-25-14 11:08 AMLike 4
- The website is there for people to get an idea of how good/bad their browser is. Show the list of ciphers to an expert and he'll tell you that it's just not good enough in the post-Snowden era.
Also, on the desktop, Firefox does not enable TLS 1.2 by default, so many people are not really better off.
And finally, if the servers don't support stronger encryption, then having it in the browser won't offer better protection. It's just much easier for an admin to paste a new cipher suite in the server's config than it is to force BlackBerry to upgrade BB10.02-25-14 11:44 AMLike 0 - interestingly, if I chose not to question what you're sharing with us... I'd read your post and think my blackberry is in trouble, using dated stuff... vulnerable and behind. Almost like reading a BGR article.
when I go to the website that you've listed, in one breath it mentions that version is "bad" and that it's possibly susceptible to the "BEAST" attack...
however...
if you scroll down the page, the same one that says that everything else is "good",... it says that "your client is not vulnerable to the BEAST attack" as it uses TLS 1.0 in conjuction with blah blah blah....
to me it looks like you're trolling.02-25-14 11:52 AMLike 7 -
- interestingly, if I chose not to question what you're sharing with us... I'd read your post and think my blackberry is in trouble, using dated stuff... vulnerable and behind. Almost like reading a BGR article.
when I go to the website that you've listed, in one breath it mentions that version is "bad" and that it's possibly susceptible to the "BEAST" attack...
however...
if you scroll down the page, the same one that says that everything else is "good",... it says that "your client is not vulnerable to the BEAST attack" as it uses TLS 1.0 in conjuction with blah blah blah....
to me it looks like you're trolling.
You can check this table to see that TLS 1.0 contains ZERO secure Ciphers.
https://en.wikipedia.org/wiki/Transp...ecurity#Cipher
It's clearly a complex matter and it's the combinations and implementation of algos which make a certain stack vulnerable.
The website I've listed is just used to get an overall rating. It's not taking into consideration the latest development in cryptography, but it has the advantage of being readable by novices. Having said that, several people have provided feedback similar to yours, because it's true, all this green make people think things are all right.02-25-14 12:31 PMLike 3 -
And it's OK for a device to support weak ones, for compatibility reasons, but it should offer the stronger ones, for those who need it.02-25-14 12:38 PMLike 2 - That's because it's not your field of expertise and you didn't do your due diligence by doing some simple Google or Wikipedia searches on the algorithms I've mentioned.
You can check this table to see that TLS 1.0 contains ZERO secure Ciphers.
https://en.wikipedia.org/wiki/Transp...ecurity#Cipher
It's clearly a complex matter and it's the combinations and implementation of algos which make a certain stack vulnerable.
The website I've listed is just used to get an overall rating. It's not taking into consideration the latest development in cryptography, but it has the advantage of being readable by novices. Having said that, several people have provided feedback similar to yours, because it's true, all this green make people think things are all right.
I won't pretend to be an expert in cryptography or mobile security, but I don't get the point of your finding.
The website says things are good, and things are bad. It does nothing to shed any light on any problem. You've shared nothing to confirm that there is an issue. You haven't shared a solution. In a way, you've come here to tell us that an M1A1 Abrams doesn't have an airbag, and as such isn't a safe vehicle.02-25-14 12:46 PMLike 4 -
- "A double-byte bias attack on RC4 in TLS and SSL [...] was unveiled on 8 July 2013, and it was described as "feasible" [...] on August 15, 2013" Wikipedia
- "In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable" Wikipedia
I did mention in my OP that the competition had upgraded to TLS 1.2 and that I was hoping that BlackBerry 10 would do the same. The only workaround would be to use an Android browser if it uses its own SSL stack.02-25-14 01:11 PMLike 2 - 02-25-14 01:59 PMLike 0
- imagine if the 'expert' consultant you just hired sat across the table and gave you Wikipedia as the source of their information.......02-25-14 04:56 PMLike 0
- Wikipedia isn't the source... it contains an easy to read collection of references for people who care to learn more.02-25-14 05:40 PMLike 2
- Of course it is desirable to have the latest version of TLS, However let's take your claim that TLS 1.0 has on trusted ciphers and howsmyssl.com is a good source to find out which ones are offered.
Chrome, which gets a score of "Probably OK" (the highest possible) offers the following as the number 1 and 2 chiphers:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
My Z10 browser offers these as the number 1 and 2 chiphers (they are offered as number 5 and 6 by Chrome):
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
After BEAST mitigation the following ciphers were recommended to be left in Firefox:
C02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
C02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
C009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
C013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
C00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
C014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
002F TLS_RSA_WITH_AES_128_CBC_SHA
0035 TLS_RSA_WITH_AES_256_CBC_SHA
I think you didn't read the foot notes on the "depends" state on the Wikipedia TLS article.
As we found out from the GOTO FAIL bug, and many before it doesn't matter how advanced your cryptography is if you screw up the implementation. There are known ways to mitigate the problems with TLS 1.0.
Edit:
This has been brought up before, this is what I had to say then:
The BEAST attack exploits problems discovered in TLS 1.0. While it is desirable for all clients to move to newer versions of TLS in order to be protected from the BEAST attack simply by using a later version of TLS requires that the server also support the later version. Servers are often even slower to upgrade than clients so many browsers have been patch to provide protection from BEAST while still using TLS 1.0. I do not know the status of the BB10 browser with respect to this.
Importantly this site is not a test for vulnerability to BEAST, it only looks at the version of TLS supported.
It would certainly be better for BlackBerry to move cryptographic support to TLS 1.2, but the servers of the sites you visit must also upgrade to this support. Test sites like this one perform a useful function of bringing the issue to the masses and act as a prod to bring about the upgrades, but should not be used as a reason to be over concerned.02-25-14 08:49 PMLike 5 - If your recommended process of DD is to do a "google search" or consult "Wikipedia", I question yours.
I won't pretend to be an expert in cryptography or mobile security, but I don't get the point of your finding.
The website says things are good, and things are bad. It does nothing to shed any light on any problem. You've shared nothing to confirm that there is an issue. You haven't shared a solution. In a way, you've come here to tell us that an M1A1 Abrams doesn't have an airbag, and as such isn't a safe vehicle.
Posted via CB1002-25-14 08:55 PMLike 0 - ofutur.
You're absolutely correct. BlackBerry 10 OS is not secure. You've proved it with absolute certainty with your wikipedia skills.
I'm calling NATO to ask them why they certified BlackBerry 10 to receive NATO RESTRICTED status.
I'm also going to demand the government to explain why they issued FIPS140-2 validation for BlackBerry 10 OS.
I'm going to call the UK National security authority and blast them for issuing RESTRICTED IL3 classification for BlackBerry 10 Cryptographic API.
I'm also going to email the Department of Defense and ask them for a reason they approved BlackBerry 10 for use in highly secure environments.
CLEARLY these organizations haven't read wikipedia.02-25-14 09:04 PMLike 5 - Exactly, but in this case, the limiting factor is the BlackBerry devices. Today's servers have no problem supporting much stronger encryption.
And it's OK for a device to support weak ones, for compatibility reasons, but it should offer the stronger ones, for those who need it.
Only offering a device with the strongest of encrypting techniques would leave it out in the cold and be left alone out in the world.
Like for example the switch the USB 3.0 is there but it's too slow and legacy devices are still available and most PC's are still on 2.0.
After Snowden I thought the world would get their act together. So they're actually pushing for better cryptographic methods in devices we use daily and rely on, but hey that hasn't happened.
Posted via CB1002-25-14 09:10 PMLike 0 - P.S.
On my desktop, I'm running the very latest beta release of firefox - and according to that site, it's "bad".
I'm taking this site with a grain of salt.
Not to mention, there's a LOT more to the security of a platform than the SSL version in the browser.02-25-14 09:15 PMLike 0 -
Posted via CB1002-25-14 09:20 PMLike 0 - ofutur.
You're absolutely correct. BlackBerry 10 OS is not secure. You've proved it with absolute certainty with your wikipedia skills.
I'm calling NATO to ask them why they certified BlackBerry 10 to receive NATO RESTRICTED status.
I'm also going to demand the government to explain why they issued FIPS140-2 validation for BlackBerry 10 OS.
I'm going to call the UK National security authority and blast them for issuing RESTRICTED IL3 classification for BlackBerry 10 Cryptographic API.
I'm also going to email the Department of Defense and ask them for a reason they approved BlackBerry 10 for use in highly secure environments.
CLEARLY these organizations haven't read wikipedia.
Furthermore to invalidate your point and emphasis on a government actually supporting a device. The United States of America Air Force last time I looked going to use iPhones. Last week 5 vulnerabilities were released and shown to work on iOS devices. So yes you should be doing something about that! Plus android and iOS have been cleared to be used on these networks.
Link : http://m.crackberry.com/us-air-force...evices-iphones
Facepalm time!
Posted via CB1002-25-14 09:41 PMLike 0 - I know nothing about encryption but I remember urgent flash player update recently and I do know blackberries didn't get it.
Posted.02-26-14 01:41 AMLike 0 -
After BEAST mitigation the following ciphers were recommended to be left in Firefox:
C02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
C02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
C009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
C013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
C00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
C014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
002F TLS_RSA_WITH_AES_128_CBC_SHA
0035 TLS_RSA_WITH_AES_256_CBC_SHA
10.2.1 was just launched and they've missed an opportunity to level up with the competition.techvisor likes this.02-26-14 07:08 AMLike 1 -
For reference, I said: "is not great at establishing secure connections" and Wikipedia is there so that people like you can get a grasp on what's going on.
I'm also going to demand the government to explain why they issued FIPS140-2 validation for BlackBerry 10 OS.
I'm going to call the UK National security authority and blast them for issuing RESTRICTED IL3 classification for BlackBerry 10 Cryptographic API.
I'm also going to email the Department of Defense and ask them for a reason they approved BlackBerry 10 for use in highly secure environments.
CLEARLY these organizations haven't read wikipedia.
Connecting to a secure site and decrypting documents on device are 2 separate things.... on top of that BES may create a more secure tunnel than what TLS offers for the browser and apps on device.
Originally Posted by higherdestinyP.S.
On my desktop, I'm running the very latest beta release of firefox - and according to that site, it's "bad".
I'm taking this site with a grain of salt.
Not to mention, there's a LOT more to the security of a platform than the SSL version in the browser.
Chrome and Opera support (c0, 2f) and Safari on Mac is ahead.
And yes, howsmyssl is to take with a grain of salt, it's mainly useful to get the list of cipher suites, but I've listed a better site for that, which should be less confusing.
And yes, security is about more than the version of TLS available on a device, that's what FIPS140-2 is for, but you can be FIPS compliant and still establish weak (by 2014's definition) connections with external websites.02-26-14 07:30 AMLike 2 - You're overlooking the biggest flaw in the security model and that is the imbecile pushing the buttons.
Posted via CB1002-26-14 07:41 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols
« It's probably already too late to worry about FREAK vulnerability
|
Update for BlackBerry 10 devices »
Similar Threads
-
Not Taking a Step Back
By JAS0NB0URNE in forum BlackBerry ClassicReplies: 11Last Post: 02-28-14, 02:05 PM -
BlackBerry ahead of Android 2 years back , hope we had the same thing now.
By rave1090 in forum General BlackBerry News, Discussion & RumorsReplies: 4Last Post: 02-25-14, 11:43 AM -
It's business as usual with app development on the BlackBerry Q20
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 1Last Post: 02-25-14, 11:12 AM
LINK TO POST COPIED TO CLIPBOARD