11-20-16 09:49 AM
53 123
tools
  1. HaberNik's Avatar
    If, in fact, this vulnerability exists on BlackBerry Android, the next questions would be: would it achieve a persistent root (unlikely), and would DTEK/Integrity Detection catch it (likely)?
    If it got to the point where Dtek/Integrity caught it, would the information it is trying to harvest be already gone and mission accomplished?

    I get that it would not likely be able to reboot.

    Posted via CB10
    11-12-16 07:02 PM
  2. zensen's Avatar
    I read that this particular hack was specific only to the pixel. Maybe the app was able to brute force something that was related to nougat only.

    Not many phones are on nougat yet


    Posted via CB10
    11-12-16 07:50 PM
  3. zensen's Avatar
    Looks like it was a Chrome bug, so using Chrome browser on a DTEK or Priv might expose you if you haven't updated.
    There were two hacks one that gave them access to the whole system and the latter to allow them to exploit the chrome browser to spread their tag/name.

    It does make you wonder how far they would have got using similar tactics on a BlackBerry android that is all about securing it at a low level; 'hardening the os'.

    Posted via CB10
    11-12-16 07:55 PM
  4. Ganesh Vu's Avatar
    Hahaha its soon to be possible Google may buy BLACKBERRY security solutions for its upcoming devices
    11-13-16 10:23 AM
  5. Resilience's Avatar
    Nice thought but unfortunately ya dreamin'......one thing you learn in IT -nothing is impossible to hack - difficult, yes but not impossible

    An interesting thread though. Had a look at that Hacker News website and did a search for 'BlackBerry '. Only recent result was April 2016 where the Canadian Police obtained a master key, rest of the articles were from 2013....that looks pretty good for BlackBerry :-)

    Posted via CB10
    A key that only relate to BBM on legacy blackberry devices of bbos7 and lower.

    Nothing to see here .
    Menage likes this.
    11-13-16 01:47 PM
  6. Troy Tiscareno's Avatar
    Do the companies being hacked have to volunteer their system or device?
    Not necessarily, but they sometimes do. In this case, it was selected for "attack" (by the show) because it was a popular, high-profile new release.

    Is the money already up for grabs?
    Google has long had Bug Bounty programs to pay white-hats for discovering and reporting bugs of various types, including security bugs. Microsoft, Facebook, Amazon, and many other companies do this. Not sure if BB does it.

    Why are they not hacking BlackBerry?
    Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

    Again, keep in mind that these are white-hats who are looking for both notoriety as well as bounty cash, and you get that by going after the big boys. If you were doing an expose on car manufacturers, you'd probably target Ford or GM or Toyota, and not Suzuki or Kia, for the same reason.
    krazyatom likes this.
    11-13-16 04:24 PM
  7. HaberNik's Avatar
    Not necessarily, but they sometimes do. In this case, it was selected for "attack" (by the show) because it was a popular, high-profile new release.



    Google has long had Bug Bounty programs to pay white-hats for discovering and reporting bugs of various types, including security bugs. Microsoft, Facebook, Amazon, and many other companies do this. Not sure if BB does it.



    Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

    Again, keep in mind that these are white-hats who are looking for both notoriety as well as bounty cash, and you get that by going after the big boys. If you were doing an expose on car manufacturers, you'd probably target Ford or GM or Toyota, and not Suzuki or Kia, for the same reason.
    Well stated. Thanks for your input. With bb10 still being used at finance and top government levels (albeit waning), you would think that this would still be a juicy target.

    For the new BlackBerry Android lines, the whole obscurity argument become moot does it not? Market share based on OS no longer separates BlackBerry from the others.

    As to the money, maybe BlackBerry does not really want to risk their historical claim to being the most secure. I just don't get it; with a claim like that, you would think every white and black hat would be trying to disprove.

    Until then, it's a little naive to believe BlackBerry is the most secure.

    Posted via CB10
    11-13-16 04:32 PM
  8. BB_PP's Avatar
    Oh boy - are you serious!? That was a joke, hence the smile/wink at the end of my JOKE!

    Posted via CB10
    See likes on his comments and decide how your joke or his comments well received
    11-13-16 04:47 PM
  9. HaberNik's Avatar
    See likes on his comments and decide how your joke or his comments well received
    Let's stay on topic.

    Posted via CB10
    11-13-16 04:48 PM
  10. Troy Tiscareno's Avatar
    Well stated. Thanks for your input. With bb10 still being used at finance and top government levels (albeit waning), you would think that this would still be a juicy target.
    Generally, phones aren't targets of targeted hacking, because in most cases, they contain too little valuable information. The real targets are the servers/services they attach to - a good example being the iCloud hack, or Clinton's email server, or Target's servers.

    For the new BlackBerry Android lines, the whole obscurity argument become moot does it not? Market share based on OS no longer separates BlackBerry from the others.
    For the most part, that's correct, though BB has made some significant changes from stock Android. This could enhance security, but it's also possible that these unique changes introduce vulnerabilities that don't exist in Google's version too. It's hard to know for sure.

    As to the money, maybe BlackBerry does not really want to risk their historical claim to being the most secure. I just don't get it; with a claim like that, you would think every white and black hat would be trying to disprove.
    Not sure their brand image could afford a public vulnerability, even though Bug Bounties are ultimately healthy for overall security.

    Until then, it's a little naive to believe BlackBerry is the most secure.
    I agree - though to be fair, BB does take security seriously (from a technical perspective, anyway) and it's a primary focus, so overall, their security is likely pretty good.

    The problem with security is that their are hundreds or even thousands of attack vectors, and even if you are brilliant at securing 999 of them, the one you miss can be the one that does you in. Security on something as complex as a smartphone is NOT easy, for anyone.
    11-13-16 06:46 PM
  11. Johnny Dollar's Avatar
    Listening to the news today it seems Google has patched the vulnerability 24 hours after the phone was hacked.
    11-17-16 12:54 PM
  12. Makaveli@Beta's Avatar
    That's a ridiculous comment
    Ridiculous and a low blow but funny as hell

     Z30 STA100-5/10.3.2.2474
    11-17-16 01:23 PM
  13. Makaveli@Beta's Avatar
    There is no better OS in regards to the key metric they use... which isn't security.
    Bingo you don't want a super secure os when you primary goal is data mining.

     Z30 STA100-5/10.3.2.2474
    11-17-16 01:26 PM
  14. conite's Avatar
    Bingo you don't want a super secure os when you primary goal is data mining.

     Z30 STA100-5/10.3.2.2474
    Argh. You're confusing privacy with security.
    11-17-16 01:41 PM
  15. thurask's Avatar
    Argh. You're confusing privacy with security.
    Bulletproof glass houses...
    howarmat likes this.
    11-17-16 01:45 PM
  16. HaberNik's Avatar
    Bulletproof glass houses...
    Lol

    Posted via CB10
    11-17-16 03:00 PM
  17. howarmat's Avatar
    Bulletproof glass houses...
    that is a great way to look at it
    11-17-16 03:06 PM
  18. HaberNik's Avatar
    that is a great way to look at it
    But, can we at least draw the blinds? Tint the glass to limo dark?

    Posted via CB10
    11-17-16 03:12 PM
  19. Aju's Avatar


    Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

    What about blackphone which was hacked in the 1st week of its release? I don't think they have neither a bounty program nor marketshare. And what I know is they too claimed the same as BlackBerry. Most secure Android!


    Q10SQN100-3/10.3.2.2888
    11-17-16 03:15 PM
  20. dguy123's Avatar
    Google : hack bounty of 540k for our new pixel phone! Good luck you white hats!

    60 seconds later..

    White hats: cracked! Pay up Google!

    Google : good job! (mumble mumble mumble)
    24 hrs later...

    Google : Patched!

    Google : hack bounty of $50.00. Good luck you white hats!

    ....


    Posted via CB10
    11-17-16 06:41 PM
  21. axeman1000's Avatar
    Or not.
    Yep, and people tried American dns codes for netflix once, didn't get it to work, and just gave up.........

    Yes that does sound as stupid as your thought that someone would not try to hack the most,secure phone os for bragging rights and media exposure.

    They try. They can't. Accept that bb10 is most secure os and stop saying foolish remarks.

    Posted via CB10
    11-17-16 07:33 PM
  22. axeman1000's Avatar
    Not necessarily, but they sometimes do. In this case, it was selected for "attack" (by the show) because it was a popular, high-profile new release.



    Google has long had Bug Bounty programs to pay white-hats for discovering and reporting bugs of various types, including security bugs. Microsoft, Facebook, Amazon, and many other companies do this. Not sure if BB does it.



    Market-share irrelevance, mostly. I'm not saying they could or couldn't succeed (we don't know either way), just that BB's share of the market is so small that it wouldn't make a good enough story. It shouldn't be a surprise that Apple, Google, and Samsung are always the primary targets in these things, or that BB was one of those targets back in their heyday.

    Again, keep in mind that these are white-hats who are looking for both notoriety as well as bounty cash, and you get that by going after the big boys. If you were doing an expose on car manufacturers, you'd probably target Ford or GM or Toyota, and not Suzuki or Kia, for the same reason.
    Market share irrelevance, Umm no. They can't do it. A hacker lives to get the toughest most invincible thing to Crack that others can't for bragging rights!!!

    To think otherwise and say it is foolish. Your crazy if you think cause the market isn't there!

    Posted via CB10
    11-17-16 07:36 PM
  23. conite's Avatar
    Market share irrelevance, Umm no. They can't do it. A hacker lives to get the toughest most invincible thing to Crack that others can't for bragging rights!!!

    To think otherwise and say it is foolish. Your crazy if you think cause the market isn't there!

    Posted via CB10
    http://www.cellebrite.com/Pages/blac...kberry-devices
    11-17-16 07:56 PM
  24. HaberNik's Avatar
    In other words, nothing is unhackable

    Posted via CB10
    11-17-16 10:40 PM
  25. keyboardweeb's Avatar
    Market share irrelevance, Umm no. They can't do it. A hacker lives to get the toughest most invincible thing to Crack that others can't for bragging rights!!!

    To think otherwise and say it is foolish. Your crazy if you think cause the market isn't there!

    Posted via CB10
    Delicious irony.

    Posted via CB10
    11-18-16 11:20 AM
53 123

Similar Threads

  1. This Netflix android app. Is working on BlackBerry passport.
    By DaViLiVe in forum BlackBerry Passport
    Replies: 10
    Last Post: 11-30-16, 03:55 PM
  2. Please post picture of your Priv with a case
    By heading4tomorrow in forum BlackBerry Priv
    Replies: 30
    Last Post: 11-25-16, 11:41 AM
  3. New BlackBerry phone coming
    By stevec66 in forum BlackBerry KEYone
    Replies: 11
    Last Post: 11-19-16, 06:06 PM
  4. The Last BlackBerry phone will be a Passport Android
    By Insync in forum BlackBerry Passport
    Replies: 1
    Last Post: 11-11-16, 10:45 PM
  5. pixel wont work
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 11-11-16, 03:27 PM
LINK TO POST COPIED TO CLIPBOARD