- Out of interest, does the microkernel design of the OS prevent against these attacks?
Does BB10 / QNX need patching in the same way as Linux / Windows?01-04-18 01:35 PMLike 0 - Although I don't know explicitly, it likely would, since the vulerability is at the HARDWARE level - it's the CPU itself, independent of the OS.01-04-18 01:56 PMLike 0
- This is an issue that affects Intel based x86 systems. BB10 uses a different instruction set entirely so mobile systems using ARM or other processor types aren't at risk. For QNX as a whole, it will likely depend on what it's running on, but as it was built primarily for embedded systems, it's likely on custom chipsets or other non-x86 systems for the most part.
Posted via CB1001-04-18 04:15 PMLike 0 - This is an issue that affects Intel based x86 systems. BB10 uses a different instruction set entirely so mobile systems using ARM or other processor types aren't at risk. For QNX as a whole, it will likely depend on what it's running on, but as it was built primarily for embedded systems, it's likely on custom chipsets or other non-x86 systems for the most part.
Posted via CB10
https://www.pcmag.com/news/358249/in...ix-means-slowe01-04-18 08:57 PMLike 0 - To the best of my knowledge, they maybe not be affected
1) For BB Classics which i own, uses snapdragon S4 plus, which is ARM Cortex A5
2) For Keyone which i am planning to purchase uses Snapdragon 625 , which is ARM Cortex-A53
Neither of them are listed in https://developer.arm.com/support/security-update
Of course, i am also waiting for the confirmation by a qualified BB personnel.
Refereces:
1) for Classics - https://www.gsmarena.com/blackberry_classic-6458.php
2) For Keyone - https://www.gsmarena.com/blackberry_keyone-8508.php01-05-18 06:34 AMLike 0 - Proable need to see if QNX makes any comment about their products... like with KRACK BlackBerry probable isn't talking about BB10 anymore.01-05-18 09:35 AMLike 0
- There are four CPUs underlying every BB10 device:
- TI OMAP 4470 (Z10 STL100-1): ARM Cortex A9 cores, which are vulnerable according to ARM.
- Qualcomm Snapdragon S4 (other Z10, Z30, Q10, Q5, Classic, Leap): Custom Qualcomm Krait cores; the ARM bulletin only lists their models instead of derivatives from other manufacturers (Qualcomm Krait/Kryo, Samsung Exynos custom cores, etc), but Krait does have speculative execution, so they're quite likely vulnerable to Spectre.
- Qualcomm Snapdragon 800 (Passport): Custom Qualcomm Krait 400 cores, ditto.
- Qualcomm Snapdragon 400 (Z3): Custom Qualcomm Krait 200 cores, ditto.
So that's all of them. Moreover, unless BlackBerry wills their development division back from the dead, software mitigations are unlikely.SoundChaser007 and Mecca EL like this.01-05-18 12:51 PMLike 2 -
If BlackBerry doesn't take any action, at least for the stock browser, I will replace all BB10 devices with iOS next month.
Posted via CB10anon(10218918) and Bee Gee like this.01-07-18 08:34 AMLike 2 - Assuming there is no mitigation, they will have to do something, otherwise millions of BB10 devices will be rendered useless.
If BlackBerry doesn't take any action, at least for the stock browser, I will replace all BB10 devices with iOS next month.
Posted via CB10
Malware has to be running locally on the device to take advantage of Spectre and Meltdown. If you don't install apps you don't trust, you'll probably be fine.01-07-18 09:15 AMLike 0 - They will not be useless. They will still work, but they will be potentially less secure than newer devices that receive regular security patches.
Malware has to be running locally on the device to take advantage of Spectre and Meltdown. If you don't install apps you don't trust, you'll probably be fine.
And I certainly don't want to change my passwords on a monthly base, so either BlackBerry provides a clear statement and reasonable mitigation, or BB10 is dead for me.
Posted via CB1001-07-18 09:27 AMLike 0 - Nope. Unfortunately javascript code in the browser can launch some of these attacks.
And I certainly don't want to change my passwords on a monthly base, so either BlackBerry provides a clear statement and reasonable mitigation, or BB10 is dead for me.
Posted via CB10
I was contemplating a return to BB10 (from iPhone) as a minimalist alternative to modern smartphones, but these and other unpatched vulnerabilities (KRACK) are making me reconsider.
As much as iOS frustrates me sometimes, even my ancient iPhone 5S still receives security patches.01-07-18 09:41 AMLike 0 - I hadn't read that javascript could exploit these vulnerabilities. If true, that's concerning, indeed.
I was contemplating a return to BB10 (from iPhone) as a minimalist alternative to modern smartphones, but these and other unpatched vulnerabilities (KRACK) are making me reconsider.
As much as iOS frustrates me sometimes, even my ancient iPhone 5S still receives security patches.
I don't care much about KRACK, because all sensitive connections on my devices are protected with TLS.
But Spectre is a very serious problem.
Web filters (adblockers, PAC files etc etc) can mitigate it to some extend, but I will no rely only on web filters.
If BlackBerry leaves us in the dark about Spectre, it's time to move on.
Posted via CB10anon(10218918) likes this.01-07-18 09:53 AMLike 1 - They are still in it! They don't produce hardware anymore, but they develope und update -sometimes- the software. Look at the statement from Alex Thurber in December.
Posted via CB1001-07-18 10:45 AMLike 0 - Assuming there is no mitigation, they will have to do something, otherwise millions of BB10 devices will be rendered useless.
If BlackBerry doesn't take any action, at least for the stock browser, I will replace all BB10 devices with iOS next month.
Posted via CB10
It wouldn't matter in this case because the only known mitigations are software patches.01-07-18 11:17 AMLike 0 - Nope. Unfortunately javascript code in the browser can launch some of these attacks.
And I certainly don't want to change my passwords on a monthly base, so either BlackBerry provides a clear statement and reasonable mitigation, or BB10 is dead for me.
Posted via CB10
I suspect a statement will come just as quickly as the one for KRACK did.
At this point, what's the point in waiting? Even if BlackBerry sent out a statement that they would patch BB10.... how long would it take them with nobody working on BB10 for a year almost, even then a small team that barley was able to get out 10.3.3 with it's known issues.Mecca EL likes this.01-08-18 09:25 AMLike 1 - Firefox got patched a few days ago, and Google Chrome will get patched 23 January.
I don't care much about KRACK, because all sensitive connections on my devices are protected with TLS.
But Spectre is a very serious problem.
Web filters (adblockers, PAC files etc etc) can mitigate it to some extend, but I will no rely only on web filters.
If BlackBerry leaves us in the dark about Spectre, it's time to move on.
Posted via CB10Dunt Dunt Dunt and Mecca EL like this.01-08-18 09:29 AMLike 2 -
- Had the same understanding.
Now Chrome doesn't really run on eg a Classic. A derivative like Jumpgo however does.
Posted via CB1001-08-18 03:11 PMLike 0 - There are four CPUs underlying every BB10 device:
- TI OMAP 4470 (Z10 STL100-1): ARM Cortex A9 cores, which are vulnerable according to ARM.
- Qualcomm Snapdragon S4 (other Z10, Z30, Q10, Q5, Classic, Leap): Custom Qualcomm Krait cores; the ARM bulletin only lists their models instead of derivatives from other manufacturers (Qualcomm Krait/Kryo, Samsung Exynos custom cores, etc), but Krait does have speculative execution, so they're quite likely vulnerable to Spectre.
- Qualcomm Snapdragon 800 (Passport): Custom Qualcomm Krait 400 cores, ditto.
- Qualcomm Snapdragon 400 (Z3): Custom Qualcomm Krait 200 cores, ditto.
So that's all of them. Moreover, unless BlackBerry wills their development division back from the dead, software mitigations are unlikely.
Secondly, BlackBerry just announced 2 years more support, which includes IMHO security patches.
They stopped the development and marketing of those devices.
Not the overall security support. Or did I missed that?01-08-18 04:02 PMLike 0 -
And as for "support", you must be new here.StephanieMaks and Mecca EL like this.01-08-18 04:08 PMLike 2 -
The fix for Spectre is much, much more involved than the fix for Krack, yet BB hasn't even given any official update on a fix for Krack for BB10, which is several months old at this point. The writing is right there on the wall, you just have to read it.01-09-18 01:52 AMLike 3
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Spectre / Meltdown - BB10 / QNX
Similar Threads
-
CrackBerry Forums app update --- BB10-ish!
By kyleheney in forum BlackBerry Android OSReplies: 12Last Post: 01-25-18, 07:34 AM -
Meltdown
By Soapm in forum BlackBerry PrivReplies: 19Last Post: 01-10-18, 10:23 PM -
Z30 BB10 - Android apps Storage ISSUE!
By BB30000 in forum BlackBerry Z30Replies: 10Last Post: 01-09-18, 09:08 PM -
Cancel BB10 upgrade (Q10)
By Go_rom in forum Ask a QuestionReplies: 12Last Post: 01-04-18, 10:34 PM -
Will Installing the Android WhatsApp on my BB10 overwrite the BB10 Version?
By CrackBerry Question in forum Ask a QuestionReplies: 2Last Post: 01-01-18, 04:37 AM
LINK TO POST COPIED TO CLIPBOARD