[RLeeSimon]

Is the KEYᵒⁿᵉ vulnerable to ransomware? This evening on u.s. CBS network 60 Minutes broadcast an interview occurred with a Blackberry manager of cyber security claiming there is no protection against ransomware. Is this being addressed?

[conite]

Is the KEYᵒⁿᵉ vulnerable to ransomware? This evening on u.s. CBS network 60 Minutes broadcast an interview occurred with a Blackberry manager of cyber security claiming there is no protection against ransomware. Is this being addressed?

You need to be running a program that has acquired elevated privileges. It's more difficult to do on a BlackBerry Android device, but, of course, nothing is invulnerable.

It's computers though that are the main targets.

[anon(10622733)]

Is the KEYᵒⁿᵉ vulnerable to ransomware? This evening on u.s. CBS network 60 Minutes broadcast an interview occurred with a Blackberry manager of cyber security claiming there is no protection against ransomware. Is this being addressed?

Well if you want to download and install apps that are not from recognized or accepted sources, that is not anybody else's concern.

[wmatsura]

Is the KEYᵒⁿᵉ vulnerable to ransomware? This evening on u.s. CBS network 60 Minutes broadcast an interview occurred with a Blackberry manager of cyber security claiming there is no protection against ransomware. Is this being addressed?

AFAIK, no device is safe from ransomware. Also, it is not a vulnerability in the system, it's more related to a virus, so I don't think anyone is going to be adressing ransomware vulnerabilities, not BBmo, Apple or Samsung.

If you wanna mitigate the risk, install an antivirus or something like that, but the best way to be safe is to not click on suspicious links or visit shady websites (most ransomware attacks rely on human error).

[RLeeSimon]

AFAIK, no device is safe from ransomware. Also, it is not a vulnerability in the system, it's more related to a virus, so I don't think anyone is going to be adressing ransomware vulnerabilities, not BBmo, Apple or Samsung.

If you wanna mitigate the risk, install an antivirus or something like that, but the best way to be safe is to not click on suspicious links or visit shady websites (most ransomware attacks rely on human error).

Yes. But why would BlackBerry state the vulnerability is high but not offer any approach to mitigation? The piece made them look weak...

[conite]

Yes. But why would BlackBerry state the vulnerability is high but not offer any approach to mitigation? The piece made them look weak...

BlackBerry couldn't give a rat's behind about devices - that's someone else's problem now.

Besides, they have already done what they can in that regard - Integrity Detection and kernel hardening. The rest is up to the user.

[TgeekB]

AFAIK, no device is safe from ransomware. Also, it is not a vulnerability in the system, it's more related to a virus, so I don't think anyone is going to be adressing ransomware vulnerabilities, not BBmo, Apple or Samsung.

If you wanna mitigate the risk, install an antivirus or something like that, but the best way to be safe is to not click on suspicious links or visit shady websites (most ransomware attacks rely on human error).

Agree, or upload apps not on an official App Store.

[wmatsura]

Yes. But why would BlackBerry state the vulnerability is high but not offer any approach to mitigation? The piece made them look weak...

Well, I didn't watch the interview you're referring to, but if it was someone from BlackBerry, they were probably talking about their software products, not about smartphones (as conite said, that's someone else problem now).

And I don't know about the "looking weak" part. Acknowledging the high risk of ransomwares is just stating the obvious, it's not a BlackBerry problem, it's a everyone problem.

Besides, BlackBerry is in the business of selling solutions for that, they're not going to just give away the answers.

[RLeeSimon]

Well, I didn't watch the interview you're referring to, but if it was someone from BlackBerry, they were probably talking about their software products, not about smartphones (as conite said, that's someone else problem now).

And I don't know about the "looking weak" part. Acknowledging the high risk of ransomwares is just stating the obvious, it's not a BlackBerry problem, it's a everyone problem.

Besides, BlackBerry is in the business of selling solutions for that, they're not going to just give away the answers.

It was a man from Blackberry but from that subsidiary that they just bought that I think begins with the letter c that has to do with security and was recently purchased. And I wish you could see the interview because the feeling of weakness was not mostly in the words as much as the body language and the way of expressing it by that representative allegedly in charge of cyber security. If you tell me what country you're in I might be able to give you a link where you can see that program online. It's on the CBS television network in the United States which would be cbs.com and the name of the program is 60 minutes and it was transmitted yesterday evening. It could be that 60 Minutes has a way to stream their program which usually is up within 24 hours of the original transmission. If not I might be able to stream it to my device, create a video file from it and get it to you somehow. I don't know if you can open CBS streaming outside the United States unless you're on a virtual private network with a base in the USA. You can let me know what would be helpful for that it was the first time I saw a Blackberry representative on American television speaking about an issue apparently an executive in charge of a division of blackberry as I stated above. I was a little underwhelmed.

[wmatsura]

Agree, or upload apps not on an official App Store.

Just keep in mind that even the apps on the official stores can contain some kind of cyber threat (maybe not a ransomware, but spyware and malware are more common).

So stick to official stores and avoid sketchy/shady apps.

On a more conspiracy theory side, when apps are concerned, it doesn't even need to have to come to cyber threats. We give them permissions that allow them to potentially spy on us. That harmless faceapp that made you look old is also sharing a great deal of user info with other private companies, and you agreed to their terms of service.

[TgeekB]

Just keep in mind that even the apps on the official stores can contain some kind of cyber threat (maybe not a ransomware, but spyware and malware are more common).

So stick to official stores and avoid sketchy/shady apps.

On a more conspiracy theory side, when apps are concerned, it doesn't even need to have to come to cyber threats. We give them permissions that allow them to potentially spy on us. That harmless faceapp that made you look old is also sharing a great deal of user info with other private companies, and you agreed to their terms of service.

Agree, it ultimately comes down to the user.

[mikeath]

my work has been infected twice in the last three years with ransomware. both targeted windows operating systems. The first was the result of clicking a dodgy link, changing all files to the etxension .onion. The second attack was the result of a brute force exploit of a very weak password, changing all files to .banjo.

In both cases a wipe of individual machines and our server was required, rolling back to a previous system restore from a few days previous. it is worth noting that most recently we experienced file duplication on Sharepoint meaning that we did not lose the most recent files. I just had to delete the duplicates.

in both instances no files on phones were infected (the first time was windows phones, this time Android devices).

I don't doubt at some point there will be more phone based ransomware, but at the moment large companies who have older IT systems running on old OS (NHS still on XP!), and some companies pay up everytime just to keep their business running.

You can mitigate by keeping frequent back-ups and maybe an air-gapped storage facility. on computers I use both the Pro version of MalwareBytes and AVG Pro.

[RLeeSimon]

my work has been infected twice in the last three years with ransomware. both targeted windows operating systems. The first was the result of clicking a dodgy link, changing all files to the etxension .onion. The second attack was the result of a brute force exploit of a very weak password, changing all files to .banjo.

In both cases a wipe of individual machines and our server was required, rolling back to a previous system restore from a few days previous. it is worth noting that most recently we experienced file duplication on Sharepoint meaning that we did not lose the most recent files. I just had to delete the duplicates.

in both instances no files on phones were infected (the first time was windows phones, this time Android devices).

I don't doubt at some point there will be more phone based ransomware, but at the moment large companies who have older IT systems running on old OS (NHS still on XP!), and some companies pay up everytime just to keep their business running.

You can mitigate by keeping frequent back-ups and maybe an air-gapped storage facility. on computers I use both the Pro version of MalwareBytes and AVG Pro.

First of all something that worries me is I do have a 2tb backup and I use it and it is a complete backup of my whole phone including what's on the better than 400gb on the 512gb secure digital card I have in the phone. But what worries me is that the ransomware would be transmitted across with the backup and wood allow them to lock up the backup as well... You would think they thought of that. Also my purpose in this discussion and raising these points was not to diminish Blackberry or its subsidiaries. It was to indicate that the peace emphasized the vulnerability to ransomware and it's spreading potentially very soon to Portable devices in cell phones and such and I felt like Blackberry poo poo the ability to defend against it while you would think they would see it as a profit Center and get busy addressing the ability to sell there's cybersecurity software to prevent that and to make it capable in terms of ransomware intervention. If they want to make money they need to be the first in the market for anti-ransomware for portable devices. That's what I meant. I think your advice is good and I don't go on sketchy websites. But apparently ransomware is also transmitted through mainstream websites through opening emails advertising well-known websites or well-designed puppets of such websites or other attractive items that seem to get people to click. Sometimes that can even come through fake banking or other familiar websites or email spoofed to seem like emanating from persons or businesses known to the recipient. The world is a mess and it's a jungle out there.

[conite]

First of all something that worries me is I do have a 2tb backup and I use it and it is a complete backup of my whole phone including what's on the better than 400gb on the 512gb secure digital card I have in the phone. But what worries me is that the ransomware would be transmitted across with the backup and wood allow them to lock up the backup as well... You would think they thought of that. Also my purpose in this discussion and raising these points was not to diminish Blackberry or its subsidiaries. It was to indicate that the peace emphasized the vulnerability to ransomware and it's spreading potentially very soon to Portable devices in cell phones and such and I felt like Blackberry poo poo the ability to defend against it while you would think they would see it as a profit Center and get busy addressing the ability to sell there's cybersecurity software to prevent that and to make it capable in terms of ransomware intervention. If they want to make money they need to be the first in the market for anti-ransomware for portable devices. That's what I meant. I think your advice is good and I don't go on sketchy websites. But apparently ransomware is also transmitted through mainstream websites through opening emails advertising well-known websites or well-designed puppets of such websites or other attractive items that seem to get people to click. Sometimes that can even come through fake banking or other familiar websites or email spoofed to seem like emanating from persons or businesses known to the recipient. The world is a mess and it's a jungle out there.

Same as anti-virus. Without root, any software you install on your device would be pretty ineffective. That's why DTEK/BBID is built into BlackBerry Android.

[wmatsura]

Also my purpose in this discussion and raising these points was not to diminish Blackberry or its subsidiaries. It was to indicate that the peace emphasized the vulnerability to ransomware and it's spreading potentially very soon to Portable devices in cell phones and such and I felt like Blackberry poo poo the ability to defend against it while you would think they would see it as a profit Center and get busy addressing the ability to sell there's cybersecurity software to prevent that and to make it capable in terms of ransomware intervention. If they want to make money they need to be the first in the market for anti-ransomware for portable devices. That's what I meant.

I get what you're saying.

But the thing is that it is impossible to prevent ransomware from infecting any kind of device beforehand. Much like viruses/spyware/malware, ransomwares are always changing and evolving, using new exploits and attack vectors. Only after it has already been introduced to the web is that cyber security companies can adress the issue and release a fix for that.

That being said, we can't really expect anything from Blackberry on the subject, they have their own market plan.

All we can do is to be cautious, keep all our devices and software updated as much as possible and rely on specialized software (AVG, McAffe, karspersky, Malwarebytes etc.).

Specifically about ransomware, I'm not aware of any kind that has the capability of locking the infected machine and also the cloud storage (I could be wrong, or that may change in the near future). Anyhow, it's safer to keep your files on the cloud than in your SD card if you're worried about ransomware.

[RLeeSimon]

I get what you're saying.

But the thing is that it is impossible to prevent ransomware from infecting any kind of device beforehand. Much like viruses/spyware/malware, ransomwares are always changing and evolving, using new exploits and attack vectors. Only after it has already been introduced to the web is that cyber security companies can adress the issue and release a fix for that.

That being said, we can't really expect anything from Blackberry on the subject, they have their own market plan.

All we can do is to be cautious, keep all our devices and software updated as much as possible and rely on specialized software (AVG, McAffe, karspersky, Malwarebytes etc.).

Specifically about ransomware, I'm not aware of any kind that has the capability of locking the infected machine and also the cloud storage (I could be wrong, or that may change in the near future). Anyhow, it's safer to keep your files on the cloud than in your SD card if you're worried about ransomware.

As for antivirus software, much of it slows the device down. Norton Antivirus for instance will drag a Windows 10 computer into the mud. Also some of the countries of origin and groups that produce these antivirus routines are sometimes reported as being of dubious distinction. I don't choose to add virus protection software on my phone at this time. I hope it doesn't become necessary. I'm pretty careful about opening unsolicited emails and visiting websites that are not of adequate reputation. Thank you for your suggestions.

[Bla1ze]

Yes. But why would BlackBerry state the vulnerability is high but not offer any approach to mitigation? The piece made them look weak...

Much of the piece, which was a re-run of the last one they did, was focused on computers and networks, not mobile devices.

https://crackberry.com/blackberry-cy...are-60-minutes

If they want to make money they need to be the first in the market for anti-ransomware for portable devices. That's what I meant.

https://play.google.com/store/apps/d...r.zips.android

[bb10adopter111]

AFAIK, no device is safe from ransomware. Also, it is not a vulnerability in the system, it's more related to a virus, so I don't think anyone is going to be adressing ransomware vulnerabilities, not BBmo, Apple or Samsung.

If you wanna mitigate the risk, install an antivirus or something like that, but the best way to be safe is to not click on suspicious links or visit shady websites (most ransomware attacks rely on human error).

One of the biggest problems with mobile phonessecurity is the consumer model itself, where each of us is logged in with administrative privileges on our phones, even when we're just using apps. This means that it's easier for malware to escalate privileges in general.

Posted with my trusty Z10

[RLeeSimon]

One of the biggest problems with mobile phonessecurity is the consumer model itself, where each of us is logged in with administrative privileges on our phones, even when we're just using apps. This means that it's easier for malware to escalate privileges in general.

Posted with my trusty Z10

Goodnight point. Windows 10 separates that. Why don't phones? Is that one of the conduits via which Google snoops and sells data to anyone waving cash, allegedly?

[wmatsura]

One of the biggest problems with mobile phonessecurity is the consumer model itself, where each of us is logged in with administrative privileges on our phones, even when we're just using apps. This means that it's easier for malware to escalate privileges in general

Yeah, my post was kinda simplistic, but you're right.

As for antivirus software, much of it slows the device down. Norton Antivirus for instance will drag a Windows 10 computer into the mud. Also some of the countries of origin and groups that produce these antivirus routines are sometimes reported as being of dubious distinction.

Also true. I've been using McAffe on my desktop, laptop, Key2 LE and S7. The Windows software is kinda heavy, not excessively, though. The Android app works really well, I haven't noticed any drag on both smartphones or excessive battery drain. Yeah, McAffe is not the best, but it works and it is an Intel company, US based. I've seen pretty good reviews of Avira (Germany based) and Malwarebytes (US based), but I've never tested those.

[i_plod_an_dr_void]

Yeah, my post was kinda simplistic, but you're right.



Also true. I've been using McAffe on my desktop, laptop, Key2 LE and S7. The Windows software is kinda heavy, not excessively, though. The Android app works really well, I haven't noticed any drag on both smartphones or excessive battery drain. Yeah, McAffe is not the best, but it works and it is an Intel company, US based. I've seen pretty good reviews of Avira (Germany based) and Malwarebytes (US based), but I've never tested those.

So BlackBerry's approach to personal (and corporate) desktop anti-virus protection takes a different twist on detection.....
Here's their description.....emphasizing lightweight and fast (not qualities associated with the current batch of anti-virus providers. Blackberry aside, I think we all recognize current AV software as bulky, slow and frequently work efficiency impeding and frustrating.
https://shop.cylance.com/us

[wmatsura]

So BlackBerry's approach to personal (and corporate) desktop anti-virus protection takes a different twist on detection.....
Here's their description.....emphasizing lightweight and fast (not qualities associated with the current batch of anti-virus providers. Blackberry aside, I think we all recognize current AV software as bulky, slow and frequently work efficiency impeding and frustrating.
https://shop.cylance.com/us

Nice! To be honest, I wasn't aware that Cylance antivirus was available for consumers (I though they were focusing on corporate).

But I'll wait for them to release the mobile app and subscriptions in Brazilian currency before testing it.

[Bla1ze]

Oh right, here's the 60 Mins segment.

[Sigewif]

Much of the piece, which was a re-run of the last one they did, was focused on computers and networks, not mobile devices.

https://crackberry.com/blackberry-cy...are-60-minutes



https://play.google.com/store/apps/d...r.zips.android

This is cool. I didn't know they were developing Cylance for Android devices.
PS Have you tried this app?

[PantherBlitz]

Yes. But why would BlackBerry state the vulnerability is high but not offer any approach to mitigation? The piece made them look weak...

They most certainly offer an approach to mitigation. Cylance has clients that have hired them to aid in cybersecurity strengthening and recovery.

As to them looking weak, I'm not sure what you wanted him to say. He appeared quite knowledgeable and professional in that segment.