[HaberNik]

If, in fact, this vulnerability exists on BlackBerry Android, the next questions would be: would it achieve a persistent root (unlikely), and would DTEK/Integrity Detection catch it (likely)?

If it got to the point where Dtek/Integrity caught it, would the information it is trying to harvest be already gone and mission accomplished?

I get that it would not likely be able to reboot.

Posted via CB10

[zensen]

I read that this particular hack was specific only to the pixel. Maybe the app was able to brute force something that was related to nougat only.

Not many phones are on nougat yet


Posted via CB10

[zensen]

Looks like it was a Chrome bug, so using Chrome browser on a DTEK or Priv might expose you if you haven't updated.

There were two hacks one that gave them access to the whole system and the latter to allow them to exploit the chrome browser to spread their tag/name.

It does make you wonder how far they would have got using similar tactics on a BlackBerry android that is all about securing it at a low level; 'hardening the os'.

Posted via CB10

[Ganesh Vu]

Hahaha its soon to be possible Google may buy BLACKBERRY security solutions for its upcoming devices

[Resilience]

Nice thought but unfortunately ya dreamin'......one thing you learn in IT -nothing is impossible to hack - difficult, yes but not impossible

An interesting thread though. Had a look at that Hacker News website and did a search for 'BlackBerry '. Only recent result was April 2016 where the Canadian Police obtained a master key, rest of the articles were from 2013....that looks pretty good for BlackBerry :-)

Posted via CB10

A key that only relate to BBM on legacy blackberry devices of bbos7 and lower.

Nothing to see here .

[Troy Tiscareno]

Do the companies being hacked have to volunteer their system or device?

Not necessarily, but they sometimes do. In this case, it was selected for "attack" (by the show) because it was a popular, high-profile new release.

Is the money already up for grabs?

Google has long had Bug Bounty programs to pay white-hats for discovering and reporting bugs of various types, including security bugs. Microsoft, Facebook, Amazon, and many other companies do this. Not sure if BB does it.

Why are they not hacking BlackBerry?

Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

Again, keep in mind that these are white-hats who are looking for both notoriety as well as bounty cash, and you get that by going after the big boys. If you were doing an expose on car manufacturers, you'd probably target Ford or GM or Toyota, and not Suzuki or Kia, for the same reason.

[HaberNik]

Not necessarily, but they sometimes do. In this case, it was selected for "attack" (by the show) because it was a popular, high-profile new release.



Google has long had Bug Bounty programs to pay white-hats for discovering and reporting bugs of various types, including security bugs. Microsoft, Facebook, Amazon, and many other companies do this. Not sure if BB does it.



Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

Again, keep in mind that these are white-hats who are looking for both notoriety as well as bounty cash, and you get that by going after the big boys. If you were doing an expose on car manufacturers, you'd probably target Ford or GM or Toyota, and not Suzuki or Kia, for the same reason.

Well stated. Thanks for your input. With bb10 still being used at finance and top government levels (albeit waning), you would think that this would still be a juicy target.

For the new BlackBerry Android lines, the whole obscurity argument become moot does it not? Market share based on OS no longer separates BlackBerry from the others.

As to the money, maybe BlackBerry does not really want to risk their historical claim to being the most secure. I just don't get it; with a claim like that, you would think every white and black hat would be trying to disprove.

Until then, it's a little naive to believe BlackBerry is the most secure.

Posted via CB10

[BB_PP]

Oh boy - are you serious!? That was a joke, hence the smile/wink at the end of my JOKE!

Posted via CB10

See likes on his comments and decide how your joke or his comments well received

[HaberNik]

See likes on his comments and decide how your joke or his comments well received

Let's stay on topic.

Posted via CB10

[Troy Tiscareno]

Well stated. Thanks for your input. With bb10 still being used at finance and top government levels (albeit waning), you would think that this would still be a juicy target.

Generally, phones aren't targets of targeted hacking, because in most cases, they contain too little valuable information. The real targets are the servers/services they attach to - a good example being the iCloud hack, or Clinton's email server, or Target's servers.

For the new BlackBerry Android lines, the whole obscurity argument become moot does it not? Market share based on OS no longer separates BlackBerry from the others.

For the most part, that's correct, though BB has made some significant changes from stock Android. This could enhance security, but it's also possible that these unique changes introduce vulnerabilities that don't exist in Google's version too. It's hard to know for sure.

As to the money, maybe BlackBerry does not really want to risk their historical claim to being the most secure. I just don't get it; with a claim like that, you would think every white and black hat would be trying to disprove.

Not sure their brand image could afford a public vulnerability, even though Bug Bounties are ultimately healthy for overall security.

Until then, it's a little naive to believe BlackBerry is the most secure.

I agree - though to be fair, BB does take security seriously (from a technical perspective, anyway) and it's a primary focus, so overall, their security is likely pretty good.

The problem with security is that their are hundreds or even thousands of attack vectors, and even if you are brilliant at securing 999 of them, the one you miss can be the one that does you in. Security on something as complex as a smartphone is NOT easy, for anyone.

[Johnny Dollar]

Listening to the news today it seems Google has patched the vulnerability 24 hours after the phone was hacked.

[Makaveli@Beta]

That's a ridiculous comment

Ridiculous and a low blow but funny as hell

 Z30 STA100-5/10.3.2.2474

[Makaveli@Beta]

There is no better OS in regards to the key metric they use... which isn't security.

Bingo you don't want a super secure os when you primary goal is data mining.

 Z30 STA100-5/10.3.2.2474

[conite]

Bingo you don't want a super secure os when you primary goal is data mining.

 Z30 STA100-5/10.3.2.2474

Argh. You're confusing privacy with security.

[thurask]

Argh. You're confusing privacy with security.

Bulletproof glass houses...

[HaberNik]

Bulletproof glass houses...

Lol

Posted via CB10

[howarmat]

Bulletproof glass houses...

that is a great way to look at it

[HaberNik]

that is a great way to look at it

But, can we at least draw the blinds? Tint the glass to limo dark?

Posted via CB10

[Aju]

Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

What about blackphone which was hacked in the 1st week of its release? I don't think they have neither a bounty program nor marketshare. And what I know is they too claimed the same as BlackBerry. Most secure Android!


Q10SQN100-3/10.3.2.2888

[dguy123]

Google : hack bounty of 540k for our new pixel phone! Good luck you white hats!

60 seconds later..

White hats: cracked! Pay up Google!

Google : good job! (mumble mumble mumble)
24 hrs later...

Google : Patched!

Google : hack bounty of $50.00. Good luck you white hats!

....


Posted via CB10

[axeman1000]

Or not.

Yep, and people tried American dns codes for netflix once, didn't get it to work, and just gave up.........

Yes that does sound as stupid as your thought that someone would not try to hack the most,secure phone os for bragging rights and media exposure.

They try. They can't. Accept that bb10 is most secure os and stop saying foolish remarks.

Posted via CB10

[axeman1000]

Not necessarily, but they sometimes do. In this case, it was selected for "attack" (by the show) because it was a popular, high-profile new release.



Google has long had Bug Bounty programs to pay white-hats for discovering and reporting bugs of various types, including security bugs. Microsoft, Facebook, Amazon, and many other companies do this. Not sure if BB does it.



Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

Again, keep in mind that these are white-hats who are looking for both notoriety as well as bounty cash, and you get that by going after the big boys. If you were doing an expose on car manufacturers, you'd probably target Ford or GM or Toyota, and not Suzuki or Kia, for the same reason.

Market share irrelevance, Umm no. They can't do it. A hacker lives to get the toughest most invincible thing to Crack that others can't for bragging rights!!!

To think otherwise and say it is foolish. Your crazy if you think cause the market isn't there!

Posted via CB10

[conite]

Market share irrelevance, Umm no. They can't do it. A hacker lives to get the toughest most invincible thing to Crack that others can't for bragging rights!!!

To think otherwise and say it is foolish. Your crazy if you think cause the market isn't there!

Posted via CB10

http://www.cellebrite.com/Pages/blac...kberry-devices

[HaberNik]

http://www.cellebrite.com/Pages/blac...kberry-devices

In other words, nothing is unhackable

Posted via CB10

[keyboardweeb]

Market share irrelevance, Umm no. They can't do it. A hacker lives to get the toughest most invincible thing to Crack that others can't for bragging rights!!!

To think otherwise and say it is foolish. Your crazy if you think cause the market isn't there!

Posted via CB10

Delicious irony.

Posted via CB10