-
-
Personally, I think that BB/TCL/BBMo (or whatever todays name is) are deliberately making it as difficult as they can regarding updates, in the hope we will all get fed up with the mess, and 'upgrade' to their latest offering, so they can 'rip us off some more' in the future..12-31-17 08:19 AMLike 0 - My next device will likely be whatever Google's offering is at the time I decide to upgrade so I know I'll get support for at least two years or more. Will more than likely shell out money for the BlackBerry App Suite and maybe the launcher (or Nova, haven't decided). What I really want though is a device manufactured through Google and it's partners, with BlackBerry stepping in to secure the OS.12-31-17 10:20 AMLike 0
- Other than marketing hyperbole, there is scant evidence that Blackberry has any magic sauce to secure Android any better than what it already is. Some of the worst vulnerabilities are in the Qualcomm binaries, and no-one got visibility into those. Our devices are security swiss cheese, full of zero-day exploits. Only secure devices are pen/paper and old school typewriters. Also, I am not aware of any enterprise or Google Play store app that has taken advantage of the BlackBerry Integrity Detection other than the DTEK app itself. Raise your hand if your DTEK app has been telling you the OS is compromised since November 2016 and you have completely ignored it for the past year.....
Other than that, you got the right idea. Get yourself whatever you like, slap on it Nova, etc. Also, Google is now promising 3 years of updates for the Pixel line, and with Project Treble, you could have Lineage OS running it for much longer still.
For myself, I am now using a LG G6 and the wife was migrated last week from a Nexus 5X to an Essential PH-1 (also getting Project Treble with the 8.1 update.)01-01-18 01:31 AMLike 2 - You mean apart from the fact that no one has ever achieved super user or persistent root on a BlackBerry Android device EVER?01-01-18 02:04 AMLike 0
-
For those not versed, a few links to educate, first on Broadpwn:
https://www.wired.com/story/broadpwn...y-ios-android/
For those who got an hour, here is the presentation from BlackHat 2017
And who could forget BlueBorne? Winner of the sexiest bluetooth worm of 2017... video of exploit included.
https://arstechnica.com/information-...king-required/
Blackberry's response was to patch just like everyone else. I guess that hardened kernel just didn't cut it.
BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products
There will be many more like this in the coming years. For those of you still believing Blackberry's voodoo magic security sauce, I got a bridge to nowhere I would like to sell you.01-01-18 03:14 AMLike 0 -
BlackBerry was the first to patch Quadrooter, but it was generally accepted at the time that BlackBerry Android would not have been compromised.Last edited by conite; 01-01-18 at 09:36 AM.
01-01-18 09:07 AMLike 0 - Other than marketing hyperbole, there is scant evidence that Blackberry has any magic sauce to secure Android any better than what it already is. Some of the worst vulnerabilities are in the Qualcomm binaries, and no-one got visibility into those. Our devices are security swiss cheese, full of zero-day exploits. Only secure devices are pen/paper and old school typewriters. Also, I am not aware of any enterprise or Google Play store app that has taken advantage of the BlackBerry Integrity Detection other than the DTEK app itself. Raise your hand if your DTEK app has been telling you the OS is compromised since November 2016 and you have completely ignored it for the past year.....
Other than that, you got the right idea. Get yourself whatever you like, slap on it Nova, etc. Also, Google is now promising 3 years of updates for the Pixel line, and with Project Treble, you could have Lineage OS running it for much longer still.
For myself, I am now using a LG G6 and the wife was migrated last week from a Nexus 5X to an Essential PH-1 (also getting Project Treble with the 8.1 update.)anon(9803228) and elfabio80 like this.01-01-18 01:45 PMLike 2 -
BSRT-2016-007 Vulnerability in Qualcomm kernel driver impacts BlackBerry powered by Android smartphoneselfabio80 likes this.01-01-18 05:06 PMLike 1 - Here is the advisory for QuadRooter. Again, a reading of it suggest that the exploit works the same on all affected devices. No mention of mitigating factors special to Blackberry, so we can safely assume that there simply aren't any. Therefore, I see no reason to believe that it "...was generally accepted at the time...." Accepted by whom?
BSRT-2016-007 Vulnerability in Qualcomm kernel driver impacts BlackBerry powered by Android smartphones
"The Priv and the DTEK50 also have a secure boot process that verifies the system hasn't been tampered with. In other words, this wasn't going to go far in the first place."
This is the whole raison d'être of Integrity Detection - to prevent a persistent root.01-01-18 08:17 PMLike 0 - BlackBerry Priv and DTEK50 first to be fully patched against all QuadRooter vulnerabilities https://www.crackberry.com/blackberr...ulnerabilities
"The Priv and the DTEK50 also have a secure boot process that verifies the system hasn't been tampered with. In other words, this wasn't going to go far in the first place."
This is the whole raison d'être of Integrity Detection - to prevent a persistent root.
There does not exist today a hardware platform that is transparent and makes all hardware and software logic open source or at least audit-able. What we got today is zero visibility into the hardware logic, zero visibility into the CPU/GPU microcode, zero visibility into system firmware, zero visibility into system management (think Intel ME), no visibility into the TPM, and so forth and so forth. So it is in this environment of uncertainty and opaqueness that we are sold security solutions that can never deliver on their promises because they are compromised by their very own nature. BroadPwn, BlueBorn, and QuadRooter are great demonstration of this.01-01-18 09:21 PMLike 0 -
Assuming you can't close every attack vector, Integrity Detection and Secure Boot Chain will prevent boot if any system files have been modified - requiring a factory reset.01-01-18 09:26 PMLike 0 - But the clever thing about BlackBerry Android (and to a lesser extent, Knox), is that you don't have to.
Assuming you can't close every attack vector, Integrity Detection and Secure Boot Chain will prevent boot if any system files have been modified - requiring a factory reset.
Besides, imagine you had 2 devices, you could use BlueBorn, for example, to ping pong between the devices as you occasionally reboot them. Now expand that to dozens of devices that you come into regular proximity. That's what I would call "soft persistence." Unless we rethink security wholesale, saying that Blackberry does anything special is snake oil at worst, splitting hairs at best.01-01-18 09:48 PMLike 0 -
You seem to just pick this notion out of thin air, without any reasonable proof or citation.01-01-18 09:54 PMLike 0 - Except... you are wrong.
https://blog.acolyer.org/2017/09/21/...gy-management/
and there is also this...
https://arxiv.org/ftp/arxiv/papers/1707/1707.05082.pdf
(whenever you read "root" as the needed pre-requisite for this exploit to work, just substitute something like BlueBorn or one of the yet to be disclosed zero-day's to accomplish the same.)
Both of these papers are from 2017. I can find many more if you wish, going back years.
My citations are the advisories Blackberry put out for BlueBorne, BroadPwn, and QuadRooter. They are just a vulnerable as anyone else and they patch just like everyone else. They themselves provided no statement regarding mitigating effects of their "hardening," blunting the effects of these exploits. If anything they did would have had a mitigating effect, you bet they would have paraded that.01-02-18 12:16 AMLike 0 - Except... you are wrong.
https://blog.acolyer.org/2017/09/21/...gy-management/
and there is also this...
https://arxiv.org/ftp/arxiv/papers/1707/1707.05082.pdf
(whenever you read "root" as the needed pre-requisite for this exploit to work, just substitute something like BlueBorn or one of the yet to be disclosed zero-day's to accomplish the same.)
Both of these papers are from 2017. I can find many more if you wish, going back years.
My citations are the advisories Blackberry put out for BlueBorne, BroadPwn, and QuadRooter. They are just a vulnerable as anyone else and they patch just like everyone else. They themselves provided no statement regarding mitigating effects of their "hardening," blunting the effects of these exploits. If anything they did would have had a mitigating effect, you bet they would have paraded that.
Picking 3 vulnerabilities that were patched as part of the standard AOSP patching program says absolutely nothing about whether or not BlackBerry Android is more resilient to these or any number of other threats. Your logic does not follow.
Thurber did specifically say that many "vulnerabilities" were patched on the Priv, as part of the regular program, but that the Priv wouldn't have been affected anyway because of its increased security posture.01-02-18 12:22 AMLike 0 -
To the contrary, it illustrates the point perfectly. Blackberry and all other OEMs can't do jack squat about hardware and software that is not in their control.01-02-18 12:33 AMLike 0 - If you want to get hung up on whether a Blackberry device was ever persistently rooted as your benchmark for Android security, go ahead a delude yourself with that. Persistent roots are not required to pawn a device. What the BlueBorn exploit shows that any device can be slayed without the OS knowing and all data can be exfiltrated from such a device. It can be used to infect other devices as well.
To the contrary, it illustrates the point perfectly. Blackberry and all other OEMs can't do jack squat about hardware and software that is not in their control.01-02-18 12:38 AMLike 0 -
My argument is that Blackberry's actual (and/or perceived) improvements to Android security are trivial in the grand scheme of things when one understands that the most egregious exploits are baked into the hardware and software that is not under Blackberry's control.
Even their claim to fame of being un-rootable is nothing to brag about. The 3 recent exploits that I used as examples show that persistent roots are not necessary and Blackberry has no value add when exploits run this deep. It's not their fault really. It's just how it is.
The bottom line: When making cell phone purchases, consumers should not make trade-offs for this trivial value add.01-02-18 02:02 AMLike 0
- Forum
- Android BlackBerry Phones & OS
- BlackBerry DTEK60
Upgrade OS to Nougat for DTEK60?
Similar Threads
-
We didn't quit BB10...we were forced. It doesnt fade...It was for real
By Zeeshan Ali7 in forum BlackBerry 10 OSReplies: 23Last Post: 12-30-17, 01:36 AM -
Why not able to get GCM registration token using updated GCM packages?
By CrackBerry Question in forum Ask a QuestionReplies: 0Last Post: 12-29-17, 01:37 AM -
Using multiple accounts for contacts
By Si14 in forum BlackBerry KEYoneReplies: 3Last Post: 12-28-17, 08:45 PM -
Can I try to sell my BB Classic Q20 here ?
By Jaarno in forum Ask a QuestionReplies: 1Last Post: 12-28-17, 06:30 PM
LINK TO POST COPIED TO CLIPBOARD