02-06-18 07:37 AM
42 12
tools
  1. conite's Avatar

    The bottom line: When making cell phone purchases, consumers should not make trade-offs for this trivial value add.
    Again, you have made a leap by saying the value-add is trivial.

    No one is suggesting full-Knox or BlackBerry Android is bullet proof. They are just undeniably better than the rest.

    I have no reason to call Samsung and BlackBerry liars. I will take them at (or near) their words until it is proven otherwise. Both companies have pedigrees, are respected, and are public - which govern what they can say in law.
    Last edited by conite; 01-02-18 at 07:51 AM.
    01-02-18 07:22 AM
  2. Leatherfacez10's Avatar
    No logical fallacy.

    My argument is that Blackberry's actual (and/or perceived) improvements to Android security are trivial in the grand scheme of things when one understands that the most egregious exploits are baked into the hardware and software that is not under Blackberry's control.

    Even their claim to fame of being un-rootable is nothing to brag about. The 3 recent exploits that I used as examples show that persistent roots are not necessary and Blackberry has no value add when exploits run this deep. It's not their fault really. It's just how it is.

    The bottom line: When making cell phone purchases, consumers should not make trade-offs for this trivial value add.
    Okay, following your logic, which magical secure phone do you suggest we all purchase then? BlackBerry 10 device perhaps (as in security through obscurity?). I enjoy good conversations like this. Kudos to both of you for keeping it civil. Most enjoyable reads!
    01-02-18 07:44 AM
  3. dirk_ddiggler's Avatar
    Okay, following your logic, which magical secure phone do you suggest we all purchase then? BlackBerry 10 device perhaps (as in security through obscurity?). I enjoy good conversations like this. Kudos to both of you for keeping it civil. Most enjoyable reads!
    From a device perspective, buy whatever is updated regularly, so anything Apple or Android mid-range and above. A Pixel or anything running near-AOSP is best bet by lowering attack surface, i.e. OnePlus, Motorola, Essential, etc. Find the one that makes the right trade-offs in your budget, and Blackberry's "hardening" shouldn't be a consideration. If you need a physical keyboard though, you pretty much rule out anything other than a key1. Helps that it's running near-AOSP itself.

    There are a bunch of low hanging fruit in terms of security on your device though, like minimizing the # of apps that you use and only those from major publishers. Get yourself an anti-virus solution for your phone, i.e. Kaspersky, ESET, etc. Backup often to cold storage (i.e. photos, SMS, MMS, etc) to blunt the effects of crypto-malware since it's only a mater of time 'till those gain the capabilities to encrypt cloud contents just like the desktop variants. Don't sideload anything ever unless you are a developer/advanced-use.

    At home, secure your network devices by updating to latest firmware and applying strong passwords (including printers.) I recommend the Ubiquiti UniFi solution for this. Inexpensive and very very good. Segment your network into 2 or more VLANs, where your desktops, printer, and network assets are on one VLAN, and your mobile/wifi devices are on the other. Implement AP isolation if you can, assuming you don't have appliances like AV Receivers and such that you command with a phone/tablet.

    Update your machines to latest BIOS, Intel ME software, etc on your PCs. Create 2 accounts on your PCs. One Admin and one regular User. Always use the regular user account. Teach family the same. Add an ad-blocker extension to Chrome like Disconnect. Instead of the built in Windows Defender, pay for Kasperspy, ESET, etc. Don't watch porn on your PCs, use file sharing apps, don't download software "crackers," or any number of tools to avoid paying for legit software.

    Bonus points #1 : Keep a PC/laptop as backup/cold-storage for your most important files (or use an external drive for this that you keep *unplugged*) Use a separate (3rd) VLAN as a management network that use you to manage your network assets. You can use this known-good/secure PC as the management console. This will save your *** if your home network gets taken by crypto-ransomware.

    Bonus points #2 : Create a Windows Server 2016 box on your network and join all your devices to Active Directory. Use group policy to lock 'em down. Implement a RADIUS service on same box and connect your gateway to it. Now implement VPN on your gateway with RADIUS authentication. You can use this in different ways: connect to your home network from another PC or use it as a tunnel to isolate you from whatever wifi your mobile device is connected to.

    Bonus point #3 : Disable BT and wifi on your wired devices so a bridge cannot be created from your wifi VLAN to your wired VLAN by an exploit like BlueBorn.

    Some of these are much more important in the grand scheme of things than Blackberry's "hardening," even if serial apologist Conite objects vehemently.
    01-02-18 12:22 PM
  4. Chuck Finley69's Avatar
    From a device perspective, buy whatever is updated regularly, so anything Apple or Android mid-range and above. A Pixel or anything running near-AOSP is best bet by lowering attack surface, i.e. OnePlus, Motorola, Essential, etc. Find the one that makes the right trade-offs in your budget, and Blackberry's "hardening" shouldn't be a consideration. If you need a physical keyboard though, you pretty much rule out anything other than a key1. Helps that it's running near-AOSP itself.

    There are a bunch of low hanging fruit in terms of security on your device though, like minimizing the # of apps that you use and only those from major publishers. Get yourself an anti-virus solution for your phone, i.e. Kaspersky, ESET, etc. Backup often to cold storage (i.e. photos, SMS, MMS, etc) to blunt the effects of crypto-malware since it's only a mater of time 'till those gain the capabilities to encrypt cloud contents just like the desktop variants. Don't sideload anything ever unless you are a developer/advanced-use.

    At home, secure your network devices by updating to latest firmware and applying strong passwords (including printers.) I recommend the Ubiquiti UniFi solution for this. Inexpensive and very very good. Segment your network into 2 or more VLANs, where your desktops, printer, and network assets are on one VLAN, and your mobile/wifi devices are on the other. Implement AP isolation if you can, assuming you don't have appliances like AV Receivers and such that you command with a phone/tablet.

    Update your machines to latest BIOS, Intel ME software, etc on your PCs. Create 2 accounts on your PCs. One Admin and one regular User. Always use the regular user account. Teach family the same. Add an ad-blocker extension to Chrome like Disconnect. Instead of the built in Windows Defender, pay for Kasperspy, ESET, etc. Don't watch porn on your PCs, use file sharing apps, don't download software "crackers," or any number of tools to avoid paying for legit software.

    Bonus points #1 : Keep a PC/laptop as backup/cold-storage for your most important files (or use an external drive for this that you keep *unplugged*) Use a separate (3rd) VLAN as a management network that use you to manage your network assets. You can use this known-good/secure PC as the management console. This will save your *** if your home network gets taken by crypto-ransomware.

    Bonus points #2 : Create a Windows Server 2016 box on your network and join all your devices to Active Directory. Use group policy to lock 'em down. Implement a RADIUS service on same box and connect your gateway to it. Now implement VPN on your gateway with RADIUS authentication. You can use this in different ways: connect to your home network from another PC or use it as a tunnel to isolate you from whatever wifi your mobile device is connected to.

    Bonus point #3 : Disable BT and wifi on your wired devices so a bridge cannot be created from your wifi VLAN to your wired VLAN by an exploit like BlueBorn.

    Some of these are much more important in the grand scheme of things than Blackberry's "hardening," even if serial apologist Conite objects vehemently.
    I'm not an IT guy so I don't understand 3/4 of what you typed above. What I'm curious about with BBAndroid is the device has boot up process that is supposed to be turned on through some kernel thing. I also understand device can't be rooted and there's a million dollar bounty paid out if someone roots BBAndroid. Has the kernel thing been disproven? Has anyone rooted BBAndroid, thus collecting the million dollar bounty?
    01-02-18 12:32 PM
  5. thurask's Avatar
    *snip*
    Pretty good tips overall, but I doubt that mobile AV has any teeth to it, since it's not running with root access like a system app would.

    I'd add HTTPS Everywhere for the desktop browsers.
    01-02-18 12:35 PM
  6. dirk_ddiggler's Avatar
    I'm not an IT guy so I don't understand 3/4 of what you typed above. What I'm curious about with BBAndroid is the device has boot up process that is supposed to be turned on through some kernel thing. I also understand device can't be rooted and there's a million dollar bounty paid out if someone roots BBAndroid. Has the kernel thing been disproven? Has anyone rooted BBAndroid, thus collecting the million dollar bounty?
    Your question suggests you didn't read through this thread. Start from the top and you will be answered.
    01-02-18 12:35 PM
  7. Chuck Finley69's Avatar
    Your question suggests you didn't read through this thread. Start from the top and you will be answered.
    So that would be a no on both counts. Thanks for clarification.
    01-02-18 12:38 PM
  8. dirk_ddiggler's Avatar
    Pretty good tips overall, but I doubt that mobile AV has any teeth to it.
    You are right, they do not. Their marginal usefulness comes from identifying apps that contain malware that the play store misses. Even once found, the Play Store is not that great in removing all instances.
    01-02-18 12:39 PM
  9. dirk_ddiggler's Avatar
    So that would be a no on both counts. Thanks for clarification.
    As long as you are not suggesting that gaining persistent root is the apex of Android security and nothing else matters.
    01-02-18 12:42 PM
  10. Chuck Finley69's Avatar
    As long as you are not suggesting that gaining persistent root is the apex of Android security and nothing else matters.
    I asked simple question because I'm simple person. I have no idea what your above reply even means. I was interested more in the idea of whether a million dollar reward was ever collected on. If not collected on, that has to count for something important. Think about it, million bucks just sitting there for taking, and you've made it seem easy. Simple guy like me finds that intriguing.
    01-02-18 04:24 PM
  11. dirk_ddiggler's Avatar
    I asked simple question because I'm simple person. I have no idea what your above reply even means. I was interested more in the idea of whether a million dollar reward was ever collected on. If not collected on, that has to count for something important. Think about it, million bucks just sitting there for taking, and you've made it seem easy. Simple guy like me finds that intriguing.
    Chuck, I can't distill the world into simple concepts for you. Go read my posts in this thread, read the PDFs, watch the videos. If you don't come away understanding that all our familiar computing platforms are built on sand, then I really can't help you.
    01-02-18 05:02 PM
  12. Chuck Finley69's Avatar
    Chuck, I can't distill the world into simple concepts for you. Go read my posts in this thread, read the PDFs, watch the videos. If you don't come away understanding that all our familiar computing platforms are built on sand, then I really can't help you.
    You're reading way too much into this. I don't see the big deal. It was the question of rooting devices and I remembered the bounty. I correlated nobody collecting a million dollar hacking bounty as something that suggested a unique type / level of security. For such a large bounty to remain uncollected, if not a big deal to accomplish, why does it remain uncollected?

    I wasn't debating other security measures or weaknesses. Just observing. Is a million dollars not that big a deal anymore?
    01-02-18 05:12 PM
  13. dirk_ddiggler's Avatar
    You're reading way too much into this. I don't see the big deal. It was the question of rooting devices and I remembered the bounty. I correlated nobody collecting a million dollar hacking bounty as something that suggested a unique type / level of security. For such a large bounty to remain uncollected, if not a big deal to accomplish, why does it remain uncollected?

    I wasn't debating other security measures or weaknesses. Just observing. Is a million dollars not that big a deal anymore?
    I have no idea where you got a $1,000,000 bounty for rooting a BB. XDA put together a small bounty of a $1000.

    https://forum.xda-developers.com/bla...ounty-t3243716

    Either it is HARD to root a blackberry, or no one really cares.
    01-02-18 05:25 PM
  14. Chuck Finley69's Avatar
    I have no idea where you got a $1,000,000 bounty for rooting a BB. XDA put together a small bounty of a $1000.

    https://forum.xda-developers.com/bla...ounty-t3243716

    Either it is HARD to root a blackberry, or no one really cares.
    You're killing my dreams. All I'll have left is PowerBall and MegaMillions ...
    01-02-18 06:09 PM
  15. dirk_ddiggler's Avatar
    You're killing my dreams. All I'll have left is PowerBall and MegaMillions ...
    Sorry to break your dreams, but if you think about it, It's liberating not be loyal to the brand that could have been the security champion of Android, but it simply isn't. Consider the kind of passion and ingenuity that goes into making something like a Note 8 or an Essential PH-1. Even the Priv is an example of this as it tried to deliver on a no-compromise experience. Simply feel free to buy the Android or Apple device that suits your needs knowing that they are just just about the same. I know some would say that Apple devices are more secure, and that may still be true, but over time, since the death of Steve Jobs, Apple is just not hitting the same standards of quality in their software that they used to. At the same time, Android security has improved a lot.

    The bright spot here is Apple actually. Once they kick to the curb the various chipset makers (Qualcomm, Broadcomm, Intel, etc) and take over making every piece of silicon in their handsets, they will be the only ones having full control of the stack.
    01-02-18 06:57 PM
  16. Chuck Finley69's Avatar
    Sorry to break your dreams, but if you think about it, It's liberating not be loyal to the brand that could have been the security champion of Android, but it simply isn't. Consider the kind of passion and ingenuity that goes into making something like a Note 8 or an Essential PH-1. Even the Priv is an example of this as it tried to deliver on a no-compromise experience. Simply feel free to buy the Android or Apple device that suits your needs knowing that they are just just about the same. I know some would say that Apple devices are more secure, and that may still be true, but over time, since the death of Steve Jobs, Apple is just not hitting the same standards of quality in their software that they used to. At the same time, Android security has improved a lot.

    The bright spot here is Apple actually. Once they kick to the curb the various chipset makers (Qualcomm, Broadcomm, Intel, etc) and take over making every piece of silicon in their handsets, they will be the only ones having full control of the stack.
    I'm sorry but the only stacks I cared about having full control of where thousand stacks of thousand dollars I was dreaming of. LOL. Sadly, you've crushed those dreams. HAHA.
    01-02-18 07:05 PM
  17. DamianWarS's Avatar
    As has been mentioned, the DTEKs are orphaned, they are officially 'legacy devices', so think yourself lucky to get sporadic security updates (when they work!!) and if they ever arrive....
    Personally, I think that BB/TCL/BBMo (or whatever todays name is) are deliberately making it as difficult as they can regarding updates, in the hope we will all get fed up with the mess, and 'upgrade' to their latest offering, so they can 'rip us off some more' in the future..
    DTEK50 is the STH100-x and DTEK60 is BBA100-x. I know an update seems unlikely but these product numbers seem to suggest that the DTEK50 was the last of old BlackBerry lines and the DTEK60 the first of the new lines.

    Posted via CB10
    02-06-18 07:37 AM
42 12

Similar Threads

  1. Replies: 23
    Last Post: 12-30-17, 01:36 AM
  2. Why not able to get GCM registration token using updated GCM packages?
    By CrackBerry Question in forum Ask a Question
    Replies: 0
    Last Post: 12-29-17, 01:37 AM
  3. Using multiple accounts for contacts
    By Si14 in forum BlackBerry KEYone
    Replies: 3
    Last Post: 12-28-17, 08:45 PM
  4. Can I try to sell my BB Classic Q20 here ?
    By Jaarno in forum Ask a Question
    Replies: 1
    Last Post: 12-28-17, 06:30 PM
LINK TO POST COPIED TO CLIPBOARD