-
No one is suggesting full-Knox or BlackBerry Android is bullet proof. They are just undeniably better than the rest.
I have no reason to call Samsung and BlackBerry liars. I will take them at (or near) their words until it is proven otherwise. Both companies have pedigrees, are respected, and are public - which govern what they can say in law.Last edited by conite; 01-02-18 at 07:51 AM.
01-02-18 07:22 AMLike 0 - No logical fallacy.
My argument is that Blackberry's actual (and/or perceived) improvements to Android security are trivial in the grand scheme of things when one understands that the most egregious exploits are baked into the hardware and software that is not under Blackberry's control.
Even their claim to fame of being un-rootable is nothing to brag about. The 3 recent exploits that I used as examples show that persistent roots are not necessary and Blackberry has no value add when exploits run this deep. It's not their fault really. It's just how it is.
The bottom line: When making cell phone purchases, consumers should not make trade-offs for this trivial value add.01-02-18 07:44 AMLike 0 -
There are a bunch of low hanging fruit in terms of security on your device though, like minimizing the # of apps that you use and only those from major publishers. Get yourself an anti-virus solution for your phone, i.e. Kaspersky, ESET, etc. Backup often to cold storage (i.e. photos, SMS, MMS, etc) to blunt the effects of crypto-malware since it's only a mater of time 'till those gain the capabilities to encrypt cloud contents just like the desktop variants. Don't sideload anything ever unless you are a developer/advanced-use.
At home, secure your network devices by updating to latest firmware and applying strong passwords (including printers.) I recommend the Ubiquiti UniFi solution for this. Inexpensive and very very good. Segment your network into 2 or more VLANs, where your desktops, printer, and network assets are on one VLAN, and your mobile/wifi devices are on the other. Implement AP isolation if you can, assuming you don't have appliances like AV Receivers and such that you command with a phone/tablet.
Update your machines to latest BIOS, Intel ME software, etc on your PCs. Create 2 accounts on your PCs. One Admin and one regular User. Always use the regular user account. Teach family the same. Add an ad-blocker extension to Chrome like Disconnect. Instead of the built in Windows Defender, pay for Kasperspy, ESET, etc. Don't watch porn on your PCs, use file sharing apps, don't download software "crackers," or any number of tools to avoid paying for legit software.
Bonus points #1 : Keep a PC/laptop as backup/cold-storage for your most important files (or use an external drive for this that you keep *unplugged*) Use a separate (3rd) VLAN as a management network that use you to manage your network assets. You can use this known-good/secure PC as the management console. This will save your *** if your home network gets taken by crypto-ransomware.
Bonus points #2 : Create a Windows Server 2016 box on your network and join all your devices to Active Directory. Use group policy to lock 'em down. Implement a RADIUS service on same box and connect your gateway to it. Now implement VPN on your gateway with RADIUS authentication. You can use this in different ways: connect to your home network from another PC or use it as a tunnel to isolate you from whatever wifi your mobile device is connected to.
Bonus point #3 : Disable BT and wifi on your wired devices so a bridge cannot be created from your wifi VLAN to your wired VLAN by an exploit like BlueBorn.
Some of these are much more important in the grand scheme of things than Blackberry's "hardening," even if serial apologist Conite objects vehemently.01-02-18 12:22 PMLike 0 - From a device perspective, buy whatever is updated regularly, so anything Apple or Android mid-range and above. A Pixel or anything running near-AOSP is best bet by lowering attack surface, i.e. OnePlus, Motorola, Essential, etc. Find the one that makes the right trade-offs in your budget, and Blackberry's "hardening" shouldn't be a consideration. If you need a physical keyboard though, you pretty much rule out anything other than a key1. Helps that it's running near-AOSP itself.
There are a bunch of low hanging fruit in terms of security on your device though, like minimizing the # of apps that you use and only those from major publishers. Get yourself an anti-virus solution for your phone, i.e. Kaspersky, ESET, etc. Backup often to cold storage (i.e. photos, SMS, MMS, etc) to blunt the effects of crypto-malware since it's only a mater of time 'till those gain the capabilities to encrypt cloud contents just like the desktop variants. Don't sideload anything ever unless you are a developer/advanced-use.
At home, secure your network devices by updating to latest firmware and applying strong passwords (including printers.) I recommend the Ubiquiti UniFi solution for this. Inexpensive and very very good. Segment your network into 2 or more VLANs, where your desktops, printer, and network assets are on one VLAN, and your mobile/wifi devices are on the other. Implement AP isolation if you can, assuming you don't have appliances like AV Receivers and such that you command with a phone/tablet.
Update your machines to latest BIOS, Intel ME software, etc on your PCs. Create 2 accounts on your PCs. One Admin and one regular User. Always use the regular user account. Teach family the same. Add an ad-blocker extension to Chrome like Disconnect. Instead of the built in Windows Defender, pay for Kasperspy, ESET, etc. Don't watch porn on your PCs, use file sharing apps, don't download software "crackers," or any number of tools to avoid paying for legit software.
Bonus points #1 : Keep a PC/laptop as backup/cold-storage for your most important files (or use an external drive for this that you keep *unplugged*) Use a separate (3rd) VLAN as a management network that use you to manage your network assets. You can use this known-good/secure PC as the management console. This will save your *** if your home network gets taken by crypto-ransomware.
Bonus points #2 : Create a Windows Server 2016 box on your network and join all your devices to Active Directory. Use group policy to lock 'em down. Implement a RADIUS service on same box and connect your gateway to it. Now implement VPN on your gateway with RADIUS authentication. You can use this in different ways: connect to your home network from another PC or use it as a tunnel to isolate you from whatever wifi your mobile device is connected to.
Bonus point #3 : Disable BT and wifi on your wired devices so a bridge cannot be created from your wifi VLAN to your wired VLAN by an exploit like BlueBorn.
Some of these are much more important in the grand scheme of things than Blackberry's "hardening," even if serial apologist Conite objects vehemently.01-02-18 12:32 PMLike 0 -
- I'm not an IT guy so I don't understand 3/4 of what you typed above. What I'm curious about with BBAndroid is the device has boot up process that is supposed to be turned on through some kernel thing. I also understand device can't be rooted and there's a million dollar bounty paid out if someone roots BBAndroid. Has the kernel thing been disproven? Has anyone rooted BBAndroid, thus collecting the million dollar bounty?01-02-18 12:35 PMLike 0
-
- You are right, they do not. Their marginal usefulness comes from identifying apps that contain malware that the play store misses. Even once found, the Play Store is not that great in removing all instances.01-02-18 12:39 PMLike 0
-
- I asked simple question because I'm simple person. I have no idea what your above reply even means. I was interested more in the idea of whether a million dollar reward was ever collected on. If not collected on, that has to count for something important. Think about it, million bucks just sitting there for taking, and you've made it seem easy. Simple guy like me finds that intriguing.01-02-18 04:24 PMLike 0
- I asked simple question because I'm simple person. I have no idea what your above reply even means. I was interested more in the idea of whether a million dollar reward was ever collected on. If not collected on, that has to count for something important. Think about it, million bucks just sitting there for taking, and you've made it seem easy. Simple guy like me finds that intriguing.01-02-18 05:02 PMLike 0
-
I wasn't debating other security measures or weaknesses. Just observing. Is a million dollars not that big a deal anymore?01-02-18 05:12 PMLike 0 - You're reading way too much into this. I don't see the big deal. It was the question of rooting devices and I remembered the bounty. I correlated nobody collecting a million dollar hacking bounty as something that suggested a unique type / level of security. For such a large bounty to remain uncollected, if not a big deal to accomplish, why does it remain uncollected?
I wasn't debating other security measures or weaknesses. Just observing. Is a million dollars not that big a deal anymore?
https://forum.xda-developers.com/bla...ounty-t3243716
Either it is HARD to root a blackberry, or no one really cares.01-02-18 05:25 PMLike 0 - I have no idea where you got a $1,000,000 bounty for rooting a BB. XDA put together a small bounty of a $1000.
https://forum.xda-developers.com/bla...ounty-t3243716
Either it is HARD to root a blackberry, or no one really cares.01-02-18 06:09 PMLike 0 -
The bright spot here is Apple actually. Once they kick to the curb the various chipset makers (Qualcomm, Broadcomm, Intel, etc) and take over making every piece of silicon in their handsets, they will be the only ones having full control of the stack.01-02-18 06:57 PMLike 0 - Sorry to break your dreams, but if you think about it, It's liberating not be loyal to the brand that could have been the security champion of Android, but it simply isn't. Consider the kind of passion and ingenuity that goes into making something like a Note 8 or an Essential PH-1. Even the Priv is an example of this as it tried to deliver on a no-compromise experience. Simply feel free to buy the Android or Apple device that suits your needs knowing that they are just just about the same. I know some would say that Apple devices are more secure, and that may still be true, but over time, since the death of Steve Jobs, Apple is just not hitting the same standards of quality in their software that they used to. At the same time, Android security has improved a lot.
The bright spot here is Apple actually. Once they kick to the curb the various chipset makers (Qualcomm, Broadcomm, Intel, etc) and take over making every piece of silicon in their handsets, they will be the only ones having full control of the stack.01-02-18 07:05 PMLike 0 - As has been mentioned, the DTEKs are orphaned, they are officially 'legacy devices', so think yourself lucky to get sporadic security updates (when they work!!) and if they ever arrive....
Personally, I think that BB/TCL/BBMo (or whatever todays name is) are deliberately making it as difficult as they can regarding updates, in the hope we will all get fed up with the mess, and 'upgrade' to their latest offering, so they can 'rip us off some more' in the future..
Posted via CB1002-06-18 07:37 AMLike 0
- Forum
- Android BlackBerry Phones & OS
- BlackBerry DTEK60
Upgrade OS to Nougat for DTEK60?
Similar Threads
-
We didn't quit BB10...we were forced. It doesnt fade...It was for real
By Zeeshan Ali7 in forum BlackBerry 10 OSReplies: 23Last Post: 12-30-17, 01:36 AM -
Why not able to get GCM registration token using updated GCM packages?
By CrackBerry Question in forum Ask a QuestionReplies: 0Last Post: 12-29-17, 01:37 AM -
Using multiple accounts for contacts
By Si14 in forum BlackBerry KEYoneReplies: 3Last Post: 12-28-17, 08:45 PM -
Can I try to sell my BB Classic Q20 here ?
By Jaarno in forum Ask a QuestionReplies: 1Last Post: 12-28-17, 06:30 PM
LINK TO POST COPIED TO CLIPBOARD