[bh7171]

#1 rule in security of any type is to have every available type of security used be up to date.

Don't allow known unprotected vulnerable entry points. When known, don't publicly advertise those vulnerable weak spots.

Then, ironically, both Microsoft and Google publish these lists constantly with the fixes and the updates....

We've made a new key for a door or window lock. Here's where the key is hidden on your property. Then puts door hangers on the 1.5 million front doors in my county.... All the safe, informed behaviors I've practiced don't mean so much

Well like most people don't have adequate security on their homes doesn't mean they should move or abandon their houses.

Similarly 3/4 of the world's Android phones do not run on Android 10 with the latest patch. Doesn't mean the device(s) are not usable for the persons in possession.

I am certain EVERYONE here on these forums knows the latest and greatest is always the best but not having it does not render it useless or unsafe if you use common sense.

[conite]

Well like most people don't have adequate security on their homes doesn't mean they should move or abandon their houses.

Similarly 3/4 of the world's Android phones do not run on Android 10 with the latest patch. Doesn't mean the device(s) are not usable for the persons in possession.

I am certain EVERYONE here on these forums knows the latest and greatest is always the best but not having it does not render it useless or unsafe if you use common sense.

You don't have to be on Android 10. Just be up-to-date on patches. In the case of Samsung (flagships), Pixels, and Nokias, that means 3 years of ownership. Technology changes enough that people are ready for something new anyway.

And of course, the day patches stop doesn't mean your phone becomes instantly useless. It only means that it becomes more and more unsafe as each month passes.

[Chuck Finley69]

Well like most people don't have adequate security on their homes doesn't mean they should move or abandon their houses.

Similarly 3/4 of the world's Android phones do not run on Android 10 with the latest patch. Doesn't mean the device(s) are not usable for the persons in possession.

I am certain EVERYONE here on these forums knows the latest and greatest is always the best but not having it does not render it useless or unsafe if you use common sense.

I'm not saying abandon. I'm saying don't call something it's not. People are saying it like it's a validation of some kind. When I was first married at 22, we lived in a trailer in a trailer park. It wasn't a safe place despite my telling my parents and my in-laws repeatedly that it was. I had guns but a better neighborhood definitely would've been safer.

[bh7171]

I'm not saying abandon. I'm saying don't call something it's not. People are saying it like it's a validation of some kind. When I was first married at 22, we lived in a trailer in a trailer park. It wasn't a safe place despite my telling my parents and my in-laws repeatedly that it was. I had guns but a better neighborhood definitely would've been safer.

Are thieves (hackers) more likely to steal from the trailer park or the gated mansions?

I suspect hackers too move on to the latest and greatest. And good ole email (Ransomware) and applications seem to be the vector direction most often taken irrespective of OS version or patch level.

[jtrx7]

Regardless, security is as effective as the user makes it to be.

[conite]

Regardless, security is as effective as the user makes it to be.

No it's not. There are too many things outside of user control.

You need BOTH - secure hardware/software and secure usage habits.

[conite]

Are thieves (hackers) more likely to steal from the trailer park or the gated mansions?

I suspect hackers too move on to the latest and greatest. And good ole email (Ransomware) and applications seem to be the vector direction most often taken irrespective of OS version or patch level.

Look at the Android security bulletins. Most vulnerabilities affect multiple Android versions.

Many are related to closed-source hardware like Qualcomm SoCs. The August bulletin ALONE shows 22 high, and 5 critical exploits - regardless of software.

[Chuck Finley69]

Are thieves (hackers) more likely to steal from the trailer park or the gated mansions?

I suspect hackers too move on to the latest and greatest. And good ole email (Ransomware) and applications seem to be the vector direction most often taken irrespective of OS version or patch level.

Thieves go where there's least chance of getting caught in some crimes. That's why you "bad neighborhoods" having the high crime rates. It doesn't mean the others don't and won't be targeted as well. But the lower or have less are easier prey.

Statistically, without the latest security updates or "security in general" you're just raising your risk profile for damage costs to be incurred.

Everyone here knows I drive a 2000 Ford Excursion with two airbags and my better half drives a 2008 Ford Expedition with four airbags. My oldest daughter just got a 2020 Kia Soul with the umpteen airbags.

I'm not throwing away either of the Ford SUVs but I realize from airbags standpoint, I'm taking risks.

[bh7171]

Look at the Android security bulletins. Most vulnerabilities affect multiple Android versions.

Many are related to closed-source hardware like Qualcomm SoCs. The August bulletin ALONE shows 22 high, and 5 critical exploits - regardless of software.

And all are usually hypothetical means to achieve the breach. Such as if user x does y and z something may happen IF z was opened on a unsecure WiFi and the users device is stolen while left unlocked, lacks a PIN and or fingerprint or face id.

With good 2FA on apps and the security means built into all Key2 devices people can continue to safely use them with good common sense practices.

I still mobile deposit checks through our local Credit Union app on my BE KeyOne and I log into our business banking account with a major US Bank. I don't open nefarious emails. I use Signal with my wife for all communications that entail sensitive business information. I also make occasional purchases through Amazon. Our home and business alarm app is used daily. I use Blokada with a DNS and Microsoft Edge in its most locked down state.

I use my BE in the exact same manner as my S9 and will continue to do so without one ounce of fear or trepidation. If anything were to happen with any banking institution accounts are insured and backed.

I am FAR more concerned providing vendors and people with my physical CC or debt card. Any one had their CC skimmed at a gas station?

Do you think Samsung would allow Samsung Pay to work on a S7 if that app and people's information was not secure or was not able to be secured through their app? S7's are no longer patched but my mother in law continues to use hers because her phone still does everything she needs it to do. Like Billions of other Android phones/users on older devices with former OS versions.

I did read the Qualcom SOC issues were likely going to be addressed through Google Play Store. How many other fixes are done in this manner?

[conite]

And all are usually hypothetical means to achieve the breach. Such as if user x does y and z something may happen IF z was opened on a unsecure WiFi and the users device is stolen while left unlocked, lacks a PIN and or fingerprint or face id.

With good 2FA on apps and the security means built into all Key2 devices people can continue to safely use them with good common sense practices.

I still mobile deposit checks through our local Credit Union app on my BE KeyOne and I log into our business banking account with a major US Bank. I don't open nefarious emails. I use Signal with my wife for all communications that entail sensitive business information. I also make occasional purchases through Amazon. Our home and business alarm app is used daily. I use Blokada with a DNS and Microsoft Edge in its most locked down state.

I use my BE in the exact same manner as my S9 and will continue to do so without one ounce of fear or trepidation. If anything were to happen with any banking institution accounts are insured and backed.

I am FAR more concerned providing vendors and people with my physical CC or debt card. Any one had their CC skimmed at a gas station?

Do you think Samsung would allow Samsung Pay to work on a S7 if that app and people's information was not secure or was not able to be secured through their app? S7's are no longer patched but my mother in law continues to use hers because her phone still does everything she needs it to do. Like Billions of other Android phones/users on older devices with former OS versions.

I did read the Qualcom SOC issues were likely going to be addressed through Google Play Store. How many other fixes are done in this manner?

The point is, the vulnerability is published after being patched. It's no longer theoretical, but has in fact become a detailed recipe.

Why would Samsung become involved if you continue to use one of their phones after the support commitment is over? I don't see a connection. There is no legal obligation to provide patches or upgrades at all in fact. The user simply agrees to Samsung's terms of use when setting up the phone for the first time - whatever is in there is what both parties legally (under contract law) agree to.

These particular SoC issues were dealt with by the August patch - that's why they are posted in the August security bulletin. Most system-level issues can't be dealt with any other way.

There were 54 high-severity flaws patched in August alone.

https://threatpost.com/high-severity...update/158049/

"The most severe vulnerability in this section (framework) could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.". The package can be delivered any number of ways that could seem totally benign.

[Troy Tiscareno]

Are thieves (hackers) more likely to steal from the trailer park or the gated mansions?

The gated mansions definitely have much better stuff to steal - yet, you'll find that the trailer parks have NO END of thefts, even of crappy junk. There will always be people who will go after the low-hanging fruit just because it's easy - and because they lack the skills and experience to go after the tougher but much more profitable crimes.

[jtrx7]

In the mobile device workspace, technology advancements have been good enough recently that most people don't really care to get a new phone every 3 years.

There is nothing special anymore about a new iPhone or Samsung these days.

Point is, security risks greatly increase as a result of unsafe and reckless end-user behavior.

End user education is far more effective than just sending monthly security updates and calling it a day.

Most end users are not educated on mobile device security and are not aware of the consequences of unsafe device usage.

For example, most users do not:

- Change their password every 90 days.
- Scan their devices for malware.
- Backup their data.
- Encrypt sensitive data.
- Have an emergency plan for device data loss.

User behavior creates the biggest security risks by being too trusting with monthly security updates.

The vast majority believe just having the latest security updates makes their device bullet proof.

End user training on device usage behavior has not been a priority for most manufacturers.

This needs to change.

[StJohnSmythe]

What is a good site to sell the Key2? I have one almost new (I.e. never carried as daily driver) plus another one unopened in box. Suggestions?

[conite]

End user education is far more effective than just sending monthly security updates and calling it a day.

Why do you feel these are mutually exclusive?

[conite]

What is a good site to sell the Key2? I have one almost new (I.e. never carried as daily driver) plus another one unopened in box. Suggestions?

This one?

[Chuck Finley69]

In the mobile device workspace, technology advancements have been good enough recently that most people don't really care to get a new phone every 3 years.

There is nothing special anymore about a new iPhone or Samsung these days.

Point is, security risks greatly increase as a result of unsafe and reckless end-user behavior.

End user education is far more effective than just sending monthly security updates and calling it a day.

Most end users are not educated on mobile device security and are not aware of the consequences of unsafe device usage.

For example, most users do not:

- Change their password every 90 days.
- Scan their devices for malware.
- Backup their data.
- Encrypt sensitive data.
- Have an emergency plan for device data loss.

User behavior creates the biggest security risks by being too trusting with monthly security updates.

The vast majority believe just having the latest security updates makes their device bullet proof.

End user training on device usage behavior has not been a priority for most manufacturers.

This needs to change.

Yet the majority of consumers support the status quo of the quick obsolescence. Cheap and instant gratification is society. For everything around us. Society actions speak much louder than words.

You can stand on tracks, yelling louder and louder at the oncoming train. It’s still unable to stop and wouldn’t anyway. Things change only when it’s REALLY desired. Look how quickly Android/iOS exploded when affordably offered to consumers as PC/Laptop alternative.

Humans operate under WIIFM and have since beginning of time

[Dunt Dunt Dunt]

What is a good site to sell the Key2? I have one almost new (I.e. never carried as daily driver) plus another one unopened in box. Suggestions?

Depends on where you are in the world.....

eBay and swappa are great sites here in the USA.

CrackBerry does have a marketplace as well...

[Chuck Finley69]

What is a good site to sell the Key2? I have one almost new (I.e. never carried as daily driver) plus another one unopened in box. Suggestions?

I’d start here since you have the audience without listing costs. If no response, I’d suggest Amazon, eBay Letgo and Swappa here in USA space

[zabalestmsm]

Not worth it as your daily driver mainly because of the outdated Android OS version. As a second phone, it is a great option though, better than the old BlackBerry phones.

[breacher0]

I appreciate all of the good info I have received so far, thank you.

Going forward, having the latest Android software is a bonus not a requirement for me. I don't even like Android! If BB had their act together we wouldn't be debating Android.

Rant, FU BB for dropping the ball so many times and not having the courage to pick it up and save your loyal users from iOS and Android.

Moving forward, a few questions have been asked:
- I'm in British Columbia CANADA.
- budget is up to $1000 (Canadian) or new or used in excellent condition
- If a Key2 becomes available I am open to it.

I tried out the Motorola Edge Plus for a few days and didn't really like it. The entire phone is glass. Front and back. Its fragile and slippery as ****.

[Dunt Dunt Dunt]

I appreciate all of the good info I have received so far, thank you.

Going forward, having the latest Android software is a bonus not a requirement for me. I don't even like Android! If BB had their act together we wouldn't be debating Android.

Rant, FU BB for dropping the ball so many times and not having the courage to pick it up and save your loyal users from iOS and Android.

Moving forward, a few questions have been asked:
- I'm in British Columbia CANADA.
- budget is up to $1000 (Canadian) or new or used in excellent condition
- If a Key2 becomes available I am open to it.

I tried out the Motorola Edge Plus for a few days and didn't really like it. The entire phone is glass. Front and back. Its fragile and slippery as ****.

I don't care if it's glass or plastic.... $1,000 (US or CAN) phone deserves a case to protect it. My iPhone XR is fragile as well... which is why it's in a nice OtterBox case that make it easy to hold on to.

Doesn't matter if you like Android or not.... it's your data that's going to be on it. Protecting that should be something that you are worried about - best way to do that is having a phone that's up to date and will keep getting updates through out your usage of that device.

Still say the best thing is to ask Family, Friends, Workmates... that way you get a device that works on your network and you have something in common with these people.

[jtrx7]

That is not the best way to protect device data.

It's part of it...

Safe device usage is far more important than obtaining the latest security updates.

Security updates alone will not do the trick!

Purchasing a new device every 3 years will not do the trick either!

User education on safe device usage above everything!

[jdelvalle56]

My advice to OP is to not get a key2 now. Waste of money.

[jtrx7]

Why is it a waste?

Curious.

[Chuck Finley69]

Why is it a waste?

Curious.

The BBTax for just a PKB is too much in many people's opinion when you consider current Nokia offerings for instance.