01-17-18 11:00 AM
756 ... 2526272829 ...
tools
  1. Invictus0's Avatar
    Yes. But there's nothing we don't know, so the comments don't really matter. We can be 99.99% certain that BB10 is vulnerable to KRACK, and we can similarly assume that there will be no more patches or updates.

    The "support" being offered is that BB10 will still be supported on BB's security platforms for another two years.

    So, users simply need to decide if BB10, in its current EOL state, meets their needs. Then, if BlackBerry surprises with additional updates, that will be an unexpected bonus.

    Posted with my trusty Z10
    Not just KRACK, we don't know about Broadpwn or Spectre either.

    There are millions, perhaps even billions of unsupported devices (i.e., devices no longer receiving updates) in use in the world so there isn't anything inherently wrong with still using BB10 as long as you're aware of what that means (I don't think everyone is). If the battery on my Z30 wasn't so degraded I'd probably still be rocking BB10 as my daily driver.
    01-12-18 07:09 PM
  2. co4nd's Avatar
    I have been wishing for a BB10 autoloader for a device which runs on a handset from a BlackBerry Android licensee. Both BB10 and BlackBerry's Android OS implement hardware root of trust. While the Android device may not be able to load BB10 that is installed by an autoloader because the key(s) may be owned by each manufacturer instead of BlackBerry, having the OS actually run is an issue of compatibility.

    It so happens that QNX has a BSP for the Snapdragon 820A (A is for automotive), but BlackBerry Mobile is using the 625. I had hoped someone here might know how compatible the 820 is to to the 820A and how compatible the 625 is to the 820.

    With the partnership on radios (for "automotive infotainment") between BlackBerry and Qualcomm and support for the 820A in Neutrino 7, perhaps more has been (or will be) done involving other projects that may greatly reduce the investment in producing an autoloader than people here may believe.
    Why do this to your self? You're trying to determine the feasibility of doing it, but even if it was easy Blackberry is not going to do it or allow anyone else to do it, they're done with BB10.
    01-12-18 07:24 PM
  3. DonHB's Avatar
    Why do this to your self? You're trying to determine the feasibility of doing it, but even if it was easy Blackberry is not going to do it or allow anyone else to do it, they're done with BB10.
    First of all they plan to be done with BB10 in just less than two years. A lot can happen in two years or nothing. With the spate of security issues occurring at the operating system level it would be interesting to know if QNX Neutrino, the basis of BB10, is more or less susceptible to KRACK, Meltdown and Spectre. BlackBerry's silence on these vulnerabilities suggests the story is not good.
    Last edited by DonHB; 01-12-18 at 09:22 PM.
    CrackPriv likes this.
    01-12-18 08:17 PM
  4. Chuck Finley69's Avatar
    A lot can happen in two years or nothing. With the spate of security issues occurring at the operating system level it would be interesting to know if QNX Neutrino, the basis of BB10, is more or less susceptible to KRACK, Meltdown and Spectre. BlackBerry's silence on these vulnerabilities suggests the story is not good.
    What does it matter? Assume they're saying nothing because they've just abandoned BB10 completely and just don't care.

    Do you think posting about it matters? It doesn't appear to matter because it doesn't matter to BB anymore. Forget debating or reasoning. Just accept it because it's fact. They've stated it's fact. Politely stated it. Actions speak louder than words.
    pdr733 likes this.
    01-12-18 08:34 PM
  5. DonHB's Avatar
    What's keeping you on BB10 that you can't already get from Sailfish (which has a lot of similarities with BB10 and your autoloader idea) or platforms like iOS and Android?
    Is Sailfish in a better state than BB10 is now? If not why should I believe that in two years it will be in a better situation than an EoL'd BB10?
    01-12-18 08:54 PM
  6. bb10adopter111's Avatar
    A lot can happen in two years or nothing. With the spate of security issues occurring at the operating system level it would be interesting to know if QNX Neutrino, the basis of BB10, is more or less susceptible to KRACK, Meltdown and Spectre. BlackBerry's silence on these vulnerabilities suggests the story is not good.
    IMO, BB10 without Android apps is probably more secure than a fully patched Android N or O for the majority of individuals in the real world for a simple reason: user behavior.

    Meltdown/Spectre requires malware to be running on the device, which can only be installed by the user. KRACK is an unlikely vector for the average person's personal phone. But social engineering, the most common compromise for more businesses these days, is much easier on a phone with third party apps.

    On paper, BB10 has significant vulnerabilities, without question, but in the real world, it's limited functionality makes it more secure than Android phones.

    Posted with my trusty Z10
    ppeters914 likes this.
    01-12-18 08:55 PM
  7. DonHB's Avatar
    What does it matter? Assume they're saying nothing because they've just abandoned BB10 completely and just don't care.

    Do you think posting about it matters? It doesn't appear to matter because it doesn't matter to BB anymore. Forget debating or reasoning. Just accept it because it's fact. They've stated it's fact. Politely stated it. Actions speak louder than words.
    It is silent on ALL versions of QNX Neutrino regarding these vulnerabibilities. So, by your logic, I should be expecting BlackBerry to announce that the EoL of QNX Neutrino will occur in two years or very soon?
    01-12-18 09:05 PM
  8. DonHB's Avatar
    ...On paper, BB10 has significant vulnerabilities, without question, but in the real world, it's limited functionality makes it more secure than Android phones.

    Posted with my trusty Z10
    I am more concerned about all the other products based upon QNX Nuetrino. BlackBerry's silence on these vulnerabilities should be of considerable concern and does not reflect well on the company.
    01-12-18 09:11 PM
  9. bb10adopter111's Avatar
    I am more concerned about all the other products based upon QNX Nuetrino. BlackBerry's silence on these vulnerabilities should be of considerable concern and does not reflect well on the company.
    If development is active these fixes are easy. If not, there are likely vulnerabilities, though the existence of a vulnerability alone does not imply a high level of risk.

    But if developme.t isn't active, that implies there is little business risk to BlackBerry. What exactly are your concerns in terms of specific devices and threat scenarios?

    Posted with my trusty Z10
    01-12-18 10:19 PM
  10. scubafan's Avatar
    Funny thing is BB10 is no Kardashian or Britney Spears.
    I had to step in for this one...
    Yes, you're correct that BB10 isn't a Kardashian! BB10 is lean, fast and does something very useful for those of us who it still reigns as the best (to us) way to get work done!

    Whereas Kardashian is hardly lean, and serves no useful purpose! Plus Britney shares something in common, as she too is better known for the many accidental displays of her "Brazilian wax job". I'm willing to admit that both have pretty faces & nice um, upper torsos. (Kim seems determined to show us everything on a regular basis, Britney has at least stopped having "oops" moments)

    But how on earth did a career develop just from being seen in a leaked "celebrity porn" video? Prior to the video AFAIK Kim just did makeup for a few music videos until being introduced to some rapper called R Kelly.

    Seriously though, BB10 continues to be the best OS for my needs. And I do have to agree with one of the points, in that I also have no idea why the vast number of sheeple decided that privacy had no value. For that alone I plan to keep using BB10 as long as I possibly can! There doesn't seem to be ANY other way to prevent 100 different companies from doing a digital colonoscopy just to have the bloody thing turn on!

    I know that a few users actually have to use social media for work. But there aren't any apps that aren't core of the OS that I "have to have". I just want the basic set that have made my life easier & more productive. There's not a single app that gives me any value strong enough to let it read my texts, use the camera or follow my location for a single minute. Not a question of secrecy, just none of their bleeping business!

    Just my $.02, YMMV ! ;-) sent via my Q10
    01-12-18 10:22 PM
  11. Invictus0's Avatar
    Is Sailfish in a better state than BB10 is now? If not why should I believe that in two years it will be in a better situation than an EoL'd BB10?
    How would creating BB10 autoloaders for BBMobile devices change that?

    As for Sailfish, it's still seeing new devices and OS updates so by that metric I guess it is in a better state than BB10. Betting on anything other than iOS or Android at this point will always be a risk though.
    01-12-18 10:35 PM
  12. stlabrat's Avatar
    hmm, interesting. if sailfish is better than BB10, why it not just ran over BB10 and take over the market share in the last few years? there must be a catch - easy to root? please enlightening me. thanks. (or the handset design not very tasteful?)
    01-13-18 06:01 AM
  13. Chuck Finley69's Avatar
    I had to step in for this one...
    Yes, you're correct that BB10 isn't a Kardashian! BB10 is lean, fast and does something very useful for those of us who it still reigns as the best (to us) way to get work done!

    Whereas Kardashian is hardly lean, and serves no useful purpose! Plus Britney shares something in common, as she too is better known for the many accidental displays of her "Brazilian wax job". I'm willing to admit that both have pretty faces & nice um, upper torsos. (Kim seems determined to show us everything on a regular basis, Britney has at least stopped having "oops" moments)

    But how on earth did a career develop just from being seen in a leaked "celebrity porn" video? Prior to the video AFAIK Kim just did makeup for a few music videos until being introduced to some rapper called R Kelly.

    Seriously though, BB10 continues to be the best OS for my needs. And I do have to agree with one of the points, in that I also have no idea why the vast number of sheeple decided that privacy had no value. For that alone I plan to keep using BB10 as long as I possibly can! There doesn't seem to be ANY other way to prevent 100 different companies from doing a digital colonoscopy just to have the bloody thing turn on!

    I know that a few users actually have to use social media for work. But there aren't any apps that aren't core of the OS that I "have to have". I just want the basic set that have made my life easier & more productive. There's not a single app that gives me any value strong enough to let it read my texts, use the camera or follow my location for a single minute. Not a question of secrecy, just none of their bleeping business!

    Just my $.02, YMMV ! ;-) sent via my Q10
    LMAO. In all fairness, my response was to some comment that had nothing to do with BB10 and security.

    I believe we're in the stage of some major apps are shutting down that people do use as basic texting function like WhatsApp.

    The other BB10 issue that we've crossed into was critical support for Meltdown / Sceptre. Basically, there doesn't appear to be any resources being spent on BB10 or BBOS in those areas. Economically, once the EOL statement was made, you can imagine that support would become minimal although it was almost there already.

    PS

    While I've always been a Britney fan, Kardashians are little too extreme for me.
    01-13-18 06:20 AM
  14. Invictus0's Avatar
    hmm, interesting. if sailfish is better than BB10, why it not just ran over BB10 and take over the market share in the last few years? there must be a catch - easy to root? please enlightening me. thanks. (or the handset design not very tasteful?)
    I'm not sure what their marketshare is, Gartner really only tracks Android and iOS marketshare these days. Everything else is thrown into "Other OS".

    https://www.gartner.com/newsroom/id/3725117

    Realistically though, if someone is in the "never iOS or Android" camp I doubt marketshare would matter much to them. Best you can hope for is a company that can carve out a profitable niche.
    01-13-18 10:27 AM
  15. DonHB's Avatar
    If development is active these fixes are easy. If not, there are likely vulnerabilities, though the existence of a vulnerability alone does not imply a high level of risk.

    But if developme.t isn't active, that implies there is little business risk to BlackBerry. What exactly are your concerns in terms of specific devices and threat scenarios?

    Posted with my trusty Z10
    This is not just about BB10. QNX Neutrino is used in products such as hospital equipment and other safety critical equipment such as cars. I would like more information as to why these Meltdown and Spectre vulnerabilities are issues only when an attacker has direct contact with the target system or device.

    Remember the issues BlackBerry highlighted with Jeep? The problem was a result of it's customer's product design. Hospital equipment are all networked and auto makers have or are working on OTA updates.

    I would expect some response from Blackberry regarding these vulnerabilities for supported Neutrino versions. That there hasn't been any, puts its claim to uncompromising security products and services in question.
    CrackPriv likes this.
    01-13-18 02:56 PM
  16. bb10adopter111's Avatar
    This is not just about BB10. QNX Neutrino is used in products such as hospital equipment and other safety critical equipment such as cars. I would like more information as to why these Meltdown and Spectre vulnerabilities are issues only when an attacker has direct contact with the target system or device.

    Remember the issues BlackBerry highlighted with Jeep? The problem was a result of it's customer's product design. Hospital equipment are all networked and auto makers have or are working on OTA updates.

    I would expect some response from Blackberry regarding these vulnerabilities for supported Neutrino versions. That there hasn't been any, puts its claim to uncompromising security products and services in question.
    Any announcements would be made directly to the companies that licensed QNX Neutrino from BlackBerry, i.e., the manufacturers of affected devices. The OEMS are responsible for their products, and, as a supplier, BlackBerry is responsible to the OEMs.

    Posted with my trusty Z10
    01-13-18 03:02 PM
  17. DonHB's Avatar
    How would creating BB10 autoloaders for BBMobile devices change that?

    As for Sailfish, it's still seeing new devices and OS updates so by that metric I guess it is in a better state than BB10. Betting on anything other than iOS or Android at this point will always be a risk though.
    From its introduction the future of BB10 (and its owner) has been in doubt which likely caused a wait and see approach on the part of developers and consumers alike. Having new hardware to run it is a step toward confirming BB10 has a future (BB's future is now less in doubt). It is also would require no hardware investment (but it could add a few sales for the licensees). I don't know how the work is divided between BB and its licensees in getting Android running on a device, but it could be that Blackberry has all the information needed.
    01-13-18 03:13 PM
  18. Chuck Finley69's Avatar
    This is not just about BB10. QNX Neutrino is used in products such as hospital equipment and other safety critical equipment such as cars. I would like more information as to why these Meltdown and Spectre vulnerabilities are issues only when an attacker has direct contact with the target system or device.

    Remember the issues BlackBerry highlighted with Jeep? The problem was a result of it's customer's product design. Hospital equipment are all networked and auto makers have or are working on OTA updates.

    I would expect some response from Blackberry regarding these vulnerabilities for supported Neutrino versions. That there hasn't been any, puts its claim to uncompromising security products and services in question.
    Are you a customer of BB QNX? If so, contact your sales rep with these questions. This informational topic isn't going to be conducted in the public domain. OEMs dealing with BB prefer these conversations in private.
    01-13-18 03:14 PM
  19. DonHB's Avatar
    Any announcements would be made directly to the companies that licensed QNX Neutrino from BlackBerry, i.e., the manufacturers of affected devices. The OEMS are responsible for their products, and, as a supplier, BlackBerry is responsible to the OEMs.

    Posted with my trusty Z10
    IBM fixing its Power CPUs was made public, why not BlackBerrys or QNX's response to these threats? Wouldn't it be useful for potential customers to know?
    01-13-18 03:18 PM
  20. bb10adopter111's Avatar
    IBM fixing its Power CPUs was made public, why not BlackBerrys or QNX's response to these threats? Wouldn't it be useful for potential customers to know?
    It's a processor vulnerability. That's why processor companies like IBM are disclosing it. Software vendors are only announcing the fixes to THEIR customers. There is no regulation or contract that would require a software supplier in the middle of the relationship between the processors (where the vulnerability exists) and the OEMs (who have the customer relationship) to make a public announcement about its mitigation plans.

    I have a car with a safety recall notice for a component in the front suspension. As the customer, I get a notice in the mail. The OEM (car manufacturer) takes care of me, and it's supplier (where the fault originated) takes care of its customer, the OEM.

    The supplier does not make a public announcement.

    Posted with my trusty Z10
    01-13-18 03:44 PM
  21. co4nd's Avatar
    IBM fixing its Power CPUs was made public, why not BlackBerrys or QNX's response to these threats? Wouldn't it be useful for potential customers to know?
    I would guess that Power CPUs have a broader and larger market than QNX.
    Last edited by co4nd; 01-13-18 at 04:01 PM.
    01-13-18 03:50 PM
  22. DonHB's Avatar
    It's a processor vulnerability. That's why processor companies like IBM are disclosing it. Software vendors are only announcing the fixes to THEIR customers. There is no regulation or contract that would require a software supplier in the middle of the relationship between the processors (where the vulnerability exists) and the OEMs (who have the customer relationship) to make a public announcement about its mitigation plans.

    I have a car with a safety recall notice for a component in the front suspension. As the customer, I get a notice in the mail. The OEM (car manufacturer) takes care of me, and it's supplier (where the fault originated) takes care of its customer, the OEM.

    The supplier does not make a public announcement.

    Posted with my trusty Z10
    In this case where the customer has no role in mitigation what is the benefit to me as a customer for the supplier not to be transparent? Also, as potential customer this lack of transparency being wide spread among suppliers would require me to contact every potential supplier about its plans. Not convenient for me and for a supplier that wants to be known as the go to company for security misses an opportunity to show how proactive it is (when all its competitors need mitigation).
    01-13-18 04:06 PM
  23. bb10adopter111's Avatar
    In this case where the customer has no role in mitigation what is the benefit to me as a customer for the supplier not to be transparent? Also, as potential customer this lack of transparency being wide spread among suppliers would require me to contact every potential supplier about its plans. Not convenient for me and for a supplier that wants to be known as the go to company for security misses an opportunity to show proactive it is (when all its competitor needs mitigation).
    If you are an OEM customer, contact your service rep. If you're just a person who might someday be a customer of someone else who is a customer of an OEM running software on a chip.with with a known vulnerability, you have no reason or right to know anything at all about other entities' business relationships.

    Companies are responsible to their customers and suppliers via contacts and to the public via government regulations. Beyond that, no one has to share information about vulnerabilities or mitigations.

    Posted with my trusty Z10
    01-13-18 04:12 PM
  24. DonHB's Avatar
    If you are an OEM customer, contact your service rep. If you're just a person who might someday be a customer of someone else who is a customer of an OEM running software on a chip.with with a known vulnerability, you have no reason or right to know anything at all about other entities' business relationships.

    Companies are responsible to their customers and suppliers via contacts and to the public via government regulations. Beyond that, no one has to share information about vulnerabilities or mitigations.

    Posted with my trusty Z10
    This is about good business practices not regulations.

    If I am considering a product that will be a component of a product I will be using internally or for resale I would be very interested in how a potential supplier reacts to vulnerabilities.

    As a consumer I would be similarly interested in how a supplier handles similar situations, though I would more likely than not would have to rely on regulations such as with cars.
    01-13-18 04:20 PM
  25. bb10adopter111's Avatar
    This is about good business practices not regulations.

    If I am considering a product that will be a component of a product I will be using internally or for resale I would be very interested in how a potential supplier reacts to vulnerabilities.

    As a consumer I would be similarly interested in how a supplier handles similar situations, though I would more likely than not have to rely on regulations such as with cars.
    If you're considering a product, talk to the rep for that product. If you don't like the answer your get, choose another product. But each partner in a supply chain is only connected to its immediate links. That's why it's referred to as a chain.

    Posted with my trusty Z10
    stlabrat likes this.
    01-13-18 04:24 PM
756 ... 2526272829 ...

Similar Threads

  1. How do you enable Group Texting on BB10 phone
    By DrEd14 in forum Ask a Question
    Replies: 5
    Last Post: 12-25-17, 06:03 PM
  2. Apps Gone. RBC and CTV news
    By Canuck671 in forum BlackBerry 10 OS
    Replies: 17
    Last Post: 12-20-17, 05:25 PM
  3. Is there an updated browser for BlackBerry 10?
    By Data547 in forum Ask a Question
    Replies: 5
    Last Post: 12-16-17, 05:01 PM
  4. How to enable Touch to back on the BlackBerry Motion
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 12-14-17, 02:00 PM
  5. DENSO and BlackBerry partner to develop world's first integrated automobile HMI Platform
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 12-14-17, 01:40 PM
LINK TO POST COPIED TO CLIPBOARD