1. llamax's Avatar
    Hi All,

    I recall that there was an avoidance of specifically mentioning BB10 in the BlackBerry Krack vulnerability impact to BlackBerry devices statement.

    Was BlackBerry's statement clarified or are we still in the dark as to if BB10 is vulnerable or not to Krack?
    01-05-18 01:10 PM
  2. thurask's Avatar
    Still in the dark, although with the ubiquity of KRACK it's safe to assume the platform is vulnerable.
    01-05-18 01:13 PM
  3. bb10adopter111's Avatar
    The assumption should be that BB10 is vulnerable. It would be strange if it weren't because that would mean WPA2 had not been implemented according to the standard.

    Also, the assumption should be that we're not going to see a fix for this.

    The actual impacts on security are very different for different users based on their risk profile.

    1) There is no impact on people using public, unsecured WiFi.

    2) To exploit KRACK, a threat actor has to specifically target a secure WiFi network and position a WiFi router close enough to impersonate that network. Unless you are a public figure, very high net worth individual, or an organization that is already being aggressively targeted by spies and/or criminals (most large companies and governments, defense supply chain contractors, critical infrastructure companies, etc.) you likely have little to worry about.

    I no longer connect to my clients' secure WiFi networks with my BB10 phones, out of an abundance of caution.

    Obviously, use of a VPN can secure transmission of information and mitigate this vulnerability as well.

    Hope that helps.


    Posted with my trusty Z10
    01-05-18 01:25 PM
  4. llamax's Avatar
    A main concern is if corporate credentials are used to authenticate via WPA2. Those credentials would be captured giving potential access to corporate systems.

    In this case, VPN would not help.

    Regardless, are there any VPN apps on BlackBerry World similar to Privacy Pro for IOS?
    01-05-18 03:09 PM
  5. Richard Buckley's Avatar
    A main concern is if corporate credentials are used to authenticate via WPA2. Those credentials would be captured giving potential access to corporate systems.

    In this case, VPN would not help.

    Regardless, are there any VPN apps on BlackBerry World similar to Privacy Pro for IOS?
    You don't need an application, just a provider that supports IPSEC. Witopia is one that I have used and been happy with. There are others.

    LeapSTR100-2/10.3.3.2205
    01-05-18 03:25 PM
  6. Jake2826's Avatar
    What is especially notable in this case, is that BlackBerry is not only simply failing to follow the industry standard best practice with the disclosure of vulnerabilities, but they also seemed to have stopped their own practice of timely security advisories on their products simply because it is inconvenient for them to do so.
    01-05-18 03:42 PM
  7. cyberdoggie's Avatar
    Blackberry states they are 'investigating' the impact of KRACK on BB10. That is answer I have been given for four months now. Such a period is, by all standards, unreasonable for an assessment of the actual risk (let alone for fixing it). KRACK is a serious security flaw and it is thus unexcusable for BlackBerry to keep giving this lame answer when asked about progress. Why can't they just be honest about their abilities and intents?
    CrackPriv likes this.
    01-11-18 01:08 AM
  8. bb10adopter111's Avatar
    Blackberry states they are 'investigating' the impact of KRACK on BB10. That is answer I have been given for four months now. Such a period is, by all standards, unreasonable for an assessment of the actual risk (let alone for fixing it). KRACK is a serious security flaw and it is thus unexcusable for BlackBerry to keep giving this lame answer when asked about progress. Why can't they just be honest about their abilities and intents?
    With whom are you communicating?

    Posted with my trusty Z10
    01-11-18 08:23 AM
  9. wingnut666's Avatar
    Blackberry states they are 'investigating' the impact of KRACK on BB10. That is answer I have been given for four months now. Such a period is, by all standards, unreasonable for an assessment of the actual risk (let alone for fixing it). KRACK is a serious security flaw and it is thus unexcusable for BlackBerry to keep giving this lame answer when asked about progress. Why can't they just be honest about their abilities and intents?
    this. lame duck company. the insecurity platform.

    Posted via CBX
    01-11-18 09:48 AM
  10. bb10adopter111's Avatar
    Meanwhile WPA2 Enhancements and WPA3 have been announced by the WiFi Alliance for routers in 2018.

    BlackBerry has supported BB10 admirably for almost five years in terms of security, but there are no more planned updates, so it's not reasonable to expect these new WiFi protocols on older phones.

    Many old iPhones and Android phones won't get them either.

    Posted with my trusty Z10
    01-11-18 10:47 AM
  11. Chuck Finley69's Avatar
    this. lame duck company. the insecurity platform.

    Posted via CBX
    Then why do you continue to support.? Just move on to a better more secure platform.
    01-11-18 10:51 AM
  12. eshropshire's Avatar
    Blackberry states they are 'investigating' the impact of KRACK on BB10. That is answer I have been given for four months now. Such a period is, by all standards, unreasonable for an assessment of the actual risk (let alone for fixing it). KRACK is a serious security flaw and it is thus unexcusable for BlackBerry to keep giving this lame answer when asked about progress. Why can't they just be honest about their abilities and intents?
    Where does BlackBerry state they are looking into KRACK and BB10?
    01-11-18 01:45 PM
  13. cyberdoggie's Avatar
    As mentioned earlier, this is what the Blackberry help is writing me when I am asking about the matter. They are giving the same reply in December as in November...
    01-11-18 01:53 PM
  14. cyberdoggie's Avatar
    With whom are you communicating?

    Posted with my trusty Z10
    As mentioned elsewhere, this is the written answer from Blackberry Help.
    01-11-18 01:55 PM
  15. wingnut666's Avatar
    it should take lone staffer all of an afternoon to assess which devices are and aren't affected, i would think.

    Posted via CBX
    cyberdoggie likes this.
    01-11-18 02:47 PM
  16. Chuck Finley69's Avatar
    it should take lone staffer all of an afternoon to assess which devices are and aren't affected, i would think.

    Posted via CBX
    I've asked this before, however you seem to have missed it,

    "Then why do you continue to support.? Just move on to a better more secure platform."

    It's a serious question....
    01-11-18 03:31 PM
  17. wingnut666's Avatar
    I've asked this before, however you seem to have missed it,

    "Then why do you continue to support.? Just move on to a better more secure platform."

    It's a serious question....
    bb10 IS my platform. i refuse to downgrade.

    Posted via CBX
    01-11-18 04:30 PM
  18. eshropshire's Avatar
    As mentioned elsewhere, this is the written answer from Blackberry Help.
    I can see the conversation in support, "hey boss someone is asking about KRACK again". Boss "give them the same reply, that we are looking into it".

    Since BlackBerry does not even address BB10 in any of posted responses and ignores BB10 when asked in public forums the support answer was probably generated by the support team after getting no response from engineering.
    Last edited by eshropshire; 01-11-18 at 08:08 PM.
    01-11-18 04:44 PM
  19. Chuck Finley69's Avatar
    bb10 IS my platform. i refuse to downgrade.

    Posted via CBX
    Good luck with that. Sounds they've moved on whether people complain or not for business reasons. When it's finally over, will you move to IOS for closed ecosystem benefits?
    01-11-18 05:35 PM
  20. wingnut666's Avatar
    Good luck with that. Sounds they've moved on whether people complain or not for business reasons. When it's finally over, will you move to IOS for closed ecosystem benefits?
    i'm waiting for something better to come along

    Posted via CBX
    DonHB likes this.
    01-12-18 05:52 AM
  21. llamax's Avatar
    Maybe the Android replacement that uses cards.
    01-17-18 08:41 PM

Similar Threads

  1. Amazfit watch app on BB10
    By radimak in forum BlackBerry 10 OS
    Replies: 14
    Last Post: 05-29-18, 10:07 AM
  2. Replies: 73
    Last Post: 01-27-18, 02:39 PM
  3. Decided on a KeyOne Black Edition over Motion
    By CandidBerrytales in forum BlackBerry KEYone
    Replies: 15
    Last Post: 01-06-18, 10:35 PM
  4. MrMobile goes hands-on – with a cell tower
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 01-05-18, 01:00 PM
  5. Are BB10 devices affected by Spectre?
    By CrackBerry Question in forum Ask a Question
    Replies: 3
    Last Post: 01-05-18, 07:37 AM
LINK TO POST COPIED TO CLIPBOARD