1. flexmaen's Avatar
    A new bluetooth vulnerability was revealed:
    https://www.welivesecurity.com/2020/...h-flaw-attack/

    Will self-proclaimed secuity master Blackberry provide an update?
    whatnow00 likes this.
    02-15-20 06:08 AM
  2. bb10adopter111's Avatar
    BlackBerry Mobile, owned by TCL, sold the phone. They are responsible, and I don't expect they will provide any more patches for the KEYone. BlackBerry Limited would only do the work if TCL paid for it.

    Z10 = BB10 + VKB > iOS + Android
    02-15-20 06:56 AM
  3. ajokurvanyad's Avatar
    'One way to lessen the risk is ensure that your phone is in non-discoverable mode when Bluetooth is on. Alternatively, enable Bluetooth only if necessary and remember to turn it off when not in use.'

    Seems reasonably easy to avoid the vulnerability.



    Posted via CB10
    02-15-20 10:57 AM
  4. conite's Avatar
    Will self-proclaimed secuity master Blackberry provide an update?
    You can skip the passive aggressive bit though. This is just a fan-site

    Nor does BlackBerry Limited have anything to do with TCL's devices apart from being one of their many vendors.
    02-15-20 11:15 AM
  5. flexmaen's Avatar
    Well, in general I like the product and am glad that still someone is doing keyboard phones.

    The claim to deliver security however is kind of ridiculous. One side is the usual problem with Android updates, like most phone brands have. The oder side is the comments of the boss, although he denies a backdoor.

    However I'm glad that they did not update to Android 9 or 10, since it is not possible to record calls there.
    02-16-20 11:53 AM
  6. HughJarsse's Avatar
    'One way to lessen the risk is ensure that your phone is in non-discoverable mode when Bluetooth is on. Alternatively, enable Bluetooth only if necessary and remember to turn it off when not in use.'

    Seems reasonably easy to avoid the vulnerability.



    Posted via CB10
    So what happens if, like me, you have a smartwatch, permanently connected via bluetooth??
    Either stop using it, or take the 'chance' nothing happens??
    Can't seem to find a way to check if using the watch means that the phone is always discoverable or not??
    02-17-20 05:23 AM
  7. RLeeSimon's Avatar
    A new bluetooth vulnerability was revealed:
    https://www.welivesecurity.com/2020/...h-flaw-attack/

    Will self-proclaimed secuity master Blackberry provide an update?
    Superciliousness supercedes superior security…
    02-17-20 07:12 AM
  8. bb10adopter111's Avatar
    So what happens if, like me, you have a smartwatch, permanently connected via bluetooth??
    Either stop using it, or take the 'chance' nothing happens??
    Can't seem to find a way to check if using the watch means that the phone is always discoverable or not??
    No. Once a device is paired with your phone, you can turn off scanning for new devices if your phone allows it, and leave Bluetooth on to work with your watch.

    Z10 = BB10 + VKB > iOS + Android
    02-17-20 07:14 AM
  9. RLeeSimon's Avatar
    BlackBerry Mobile, owned by TCL, sold the phone. They are responsible, and I don't expect they will provide any more patches for the KEYone. BlackBerry Limited would only do the work if TCL paid for it.

    Z10 = BB10 + VKB > iOS + Android
    The name emblazoned on every TCL model we are discussing here is "BlackBerry," not TCL
    whatnow00 likes this.
    02-17-20 07:15 AM
  10. RLeeSimon's Avatar
    but the KEYᵒⁿᵉ is a pretty good device
    02-17-20 07:17 AM
  11. RLeeSimon's Avatar
    but the KEYᵒⁿᵉ is a pretty good device
    Oops, I let that slip out …
    pnfitz likes this.
    02-17-20 07:18 AM
  12. Dunt Dunt Dunt's Avatar
    So what happens if, like me, you have a smartwatch, permanently connected via bluetooth??
    Either stop using it, or take the 'chance' nothing happens??
    Can't seem to find a way to check if using the watch means that the phone is always discoverable or not??
    Yeah, it's not that easy to say just leave Bluetooth off.

    Watch, Car, Smart speakers, smartlock features..... these days I don't ever turn Bluetooth off.

    As I understand it, Bluetooth for Android is only discoverable when you go into the settings...


    The problem is keeping up with the different vulnerabilities that become know as time marches on.
    02-17-20 07:35 AM
  13. bb10adopter111's Avatar
    The name emblazoned on every TCL model we are discussing here is "BlackBerry," not TCL
    What's your point? Companies license brands all the time. If you buy a Frozen pajama set licensed from Disney by a clothing manufacturer for your kid and it falls apart, you can return it to the retailer or seek a replacement from the manufacturer, but Disney can't do anything for you. They just licensed the brand.

    The Brand name has nothing to do with the legal responsibility.

    Z10 = BB10 + VKB > iOS + Android
    Last edited by bb10adopter111; 02-17-20 at 08:09 AM.
    02-17-20 07:54 AM
  14. falbo's Avatar
    Oh no, Disney is doing the security updates. I should have guessed as it was a bit Mickey mouse!

    Sorry, rant over.

    Posted via my Awesome passport
    whatnow00 likes this.
    02-17-20 08:02 AM
  15. bb10adopter111's Avatar
    Oh no, Disney is doing the security updates. I should have guessed as it was a bit Mickey mouse!

    Sorry, rant over.

    Posted via my Awesome passport
    It was a good rant, though! Wit is always appreciated.

    Z10 = BB10 + VKB > iOS + Android
    02-17-20 08:08 AM
  16. falbo's Avatar
    It was a good rant, though! Wit is always appreciated.

    Z10 = BB10 + VKB > iOS + Android
    I'm glad you see it that way. I'm sure others may not.

    Posted via my Awesome passport
    02-17-20 08:10 AM
  17. bb10adopter111's Avatar
    I'm glad you see it that way. I'm sure others may not.

    Posted via my Awesome passport
    With the exception of Google's own phones, all Android updates seem like Mickey Mouse operations. Windows, Mac OS, iOS and Linux can all update devices directly as needed. Only Android has a byzantine approach that leaves users vulnerable to known threats with no way to mitigate them.

    Z10 = BB10 + VKB > iOS + Android
    02-17-20 08:14 AM
  18. Dunt Dunt Dunt's Avatar
    With the exception of Google's own phones, all Android updates seem like Mickey Mouse operations. Windows, Mac OS, iOS and Linux can all update devices directly as needed. Only Android has a byzantine approach that leaves users vulnerable to known threats with no way to mitigate them.

    Z10 = BB10 + VKB > iOS + Android
    I hear that by the time Android 15 gets here they will have the issue resolved....

    Sadly Google just doesn't want to take the necessary stand that they should. They don't want to alienate OEMs or Carriers or be seen as bullies in this time when many are looking at them as Monopolistic.
    02-17-20 01:42 PM
  19. HughJarsse's Avatar
    Interestingly, the link only states
    'The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0)'.
    So, assume if you are running something like a Dtek, which was on Marshmallow, or an un-updated Priv on Nougat, then you should be OK??
    Maybe there is some benefits from owning an 'EOL piece of equipment' might not get updates, but, might also be less prone to those in newer OS's perhaps???
    (also assume by dear old Z10 is unaffected, (no android!! ) Currently being utilised as a work phone, it outlived my Dtek , that's for sure!!)
    02-17-20 03:32 PM
  20. conite's Avatar
    Interestingly, the link only states
    'The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0)'.
    So, assume if you are running something like a Dtek, which was on Marshmallow, or an un-updated Priv on Nougat, then you should be OK??
    Maybe there is some benefits from owning an 'EOL piece of equipment' might not get updates, but, might also be less prone to those in newer OS's perhaps???
    (also assume by dear old Z10 is unaffected, (no android!! ) Currently being utilised as a work phone, it outlived my Dtek , that's for sure!!)
    Google only lists as far back as 8.0.

    As of Aug/Sep of 2020, they will only list back to 9.
    02-17-20 03:35 PM
  21. ajokurvanyad's Avatar
    So what happens if, like me, you have a smartwatch, permanently connected via bluetooth??
    Either stop using it, or take the 'chance' nothing happens??
    Can't seem to find a way to check if using the watch means that the phone is always discoverable or not??
    I get it man, I use bluetooth headphones everyday on public transport in a major metropolitan area. As others have stated here and also the way I understand this whole wireless wizzardry works is your only discoverable when you go to pair a New device, not when connecting to a saved device. But there's also a chance that I might have already been hacked, so take all that I said with a grain a salt. I keep my important apps up tó date and hopefully that keeps me safe.

    Posted via CB10
    02-17-20 06:36 PM
  22. RLeeSimon's Avatar
    It's all about the branding as the alsecurity company" that isn't… laughable irony
    pnfitz likes this.
    02-18-20 02:23 AM

Similar Threads

  1. Replies: 33
    Last Post: 03-25-20, 10:02 PM
  2. Which security patch should my BBB100-1 be at?
    By skstrials in forum BlackBerry KEYone
    Replies: 6
    Last Post: 02-08-20, 02:11 PM
  3. Replies: 2
    Last Post: 02-08-20, 08:03 AM
  4. Latest Security Update KEY2LE in UK
    By BoldLAD in forum Ask a Question
    Replies: 1
    Last Post: 02-05-20, 01:14 PM
  5. Replies: 2
    Last Post: 02-01-20, 04:54 PM
LINK TO POST COPIED TO CLIPBOARD