OnePlus Security Fail Makes Case for BlackBerry Motion
-
The major vulnerabilities that were discovered this year hit Android particularly hard compared to iOS. All Android OEM's basically had to wait for Google to patch them.11-16-17 11:50 PMLike 0 -
That's why Google is trying to separate the "system" from the customized part (where the phone makers apply their changes) on Android so they can at least force the update of the core. You can have vulnerabilities at other level like GUI that depends on maker, but at least the core will be fairly safe.11-17-17 12:41 AMLike 0 - Hit particularly hard in what way? The news has a habit of selective reporting. Comparing apples and droids, the potential is pretty equal.11-17-17 06:20 AMLike 0
-
The problem with generic Android manufacturers is that they really don't invest in cybersecurity, which affects every part of their process, from hardware design to the manufacturing supply chain to Android implementation and configuration to patching.
There are 10s of thousands of enterprises who are targeted every day by armies of highly qualified hackers in criminal organizations, nation states. And non nation state actors. They are not just running known exploits they picked up in a hacker fanzine. To defend against these threat agents requires more than just having the right version of Android, even though that is obviously critical.
If you are responsible for cybersecurity in one of those organizations, the only way to allow BYOD with generic Android is to lock down information assets so tight as to limit people's ability to work via their mobile phones.
Posted with my trusty Z10Dunt Dunt Dunt likes this.11-17-17 08:30 AMLike 1 - The problem with Android lies in its design (things like Mediaserver, for example) and cannot be fixed without breaking backward compatibility with all existing Android apps.
Google knows this and doesn't care. Google basically had a team of monkeys write Android in the first place; it's an ungodly mess by any standard, and if you've worked on the code and actually do coding for a living you know what I'm talking about. It sucks, period.
But it is what it is -- and that both corporate and individuals users keep buying it tells you everything you need to know about stupidity in the marketplace, plus how the big companies have gamed the legal process as had they not both Google (and Microsoft, for that matter) would have been out of business a decade ago.11-17-17 09:45 AMLike 0 - The real problem is not waiting for Google but to really apply the patches. Most makers don't have a monthly patching policy for their devices.
That's why Google is trying to separate the "system" from the customized part (where the phone makers apply their changes) on Android so they can at least force the update of the core. You can have vulnerabilities at other level like GUI that depends on maker, but at least the core will be fairly safe.
Google themselves are also kinda lax with patching,
KRACK patch for Pixel and Nexus devices due in December | Pocketnow
https://www.androidheadlines.com/201...c-in-2017.html11-17-17 09:59 AMLike 0 - In the Cybersecurity world, companies have long known that Android is inferior to iOS. Samsung, and now BlackBerry Mobile, are the only Android Manufacturers making a case for serious consideration by organizations with a focus on cybersecurity (which is quickly becoming everyone due to the big companies demanding their lower tier partners meet cybersecurity standards).
The problem with generic Android manufacturers is that they really don't invest in cybersecurity, which affects every part of their process, from hardware design to the manufacturing supply chain to Android implementation and configuration to patching.
There are 10s of thousands of enterprises who are targeted every day by armies of highly qualified hackers in criminal organizations, nation states. And non nation state actors. They are not just running known exploits they picked up in a hacker fanzine. To defend against these threat agents requires more than just having the right version of Android, even though that is obviously critical.
If you are responsible for cybersecurity in one of those organizations, the only way to allow BYOD with generic Android is to lock down information assets so tight as to limit people's ability to work via their mobile phones.
Posted with my trusty Z10
Getting back to your original post, if a consumer properly sets up security on their phone, even if someone gains possession, are they going to be able to gain access?
If we just look at the past few weeks, BlueBorne didn't impact iOS 10+ and KRACK was mitigated to some extent before Apple patched it. Android had to patch both and KRACK was particularly bad on Android 6+ devices. There's also the seemingly never ending StageFright problem,
https://www.androidheadlines.com/201...c-in-2017.html
I'm not saying there isn't reason to be concerned. Everyone should as I previously stated use common sense. Android definitely has it's share of vulnerabilities, and just like all other aspects of life, one should think before purchase. Same could be said for the lock they choose on their door, alarm system, quality of the tires on their vehicle, etc. You don't think I made my tinfoil hat out of cheap aluminum, do you?11-17-17 09:00 PMLike 0 - You're talking enterprise, and I understand. That's your field. Reality is though, I'm much more concerned about them hacking a server than my phone. I've taken a hit from Yahoo and Equifax. We've also seen Target, Sony, the DNC and Home Depot hacked, to name a few. It's all troublesome, but none of those attacks have come through a phone to my knowledge.
Getting back to your original post, if a consumer properly sets up security on their phone, even if someone gains possession, are they going to be able to gain access?
And yet, what is the most infamous case of hacking in the phone world? Which again was not through the phones.
I'm not saying there isn't reason to be concerned. Everyone should as I previously stated use common sense. Android definitely has it's share of vulnerabilities, and just like all other aspects of life, one should think before purchase. Same could be said for the lock they choose on their door, alarm system, quality of the tires on their vehicle, etc. You don't think I made my tinfoil hat out of cheap aluminum, do you?
As a consumer, the most important things to do are straightforward:
Use unique and strong passwords for each account.
Use multi-factor authentication
Use a VPN
Don't use Flash.
Use antivirus
Don't open emails from anyone you don't know, and don't click on attachments unless you're sure you know what they are.
Use browser plug ins to block unwanted ads, cookies and scripts
Set up a restricted account on PCS (don't use administration accounts for general use.)
And, honestly, for most non-technical consumers, use an iPhone. (I really, really, really hate iPhones but they are more secure than Android for the average user.)
Posted with my trusty Z10BigBadWulf likes this.11-17-17 09:22 PMLike 1 - We both know the average user doesn't give a rat's rectum about security. They use weak passwords, tons of location based social media, download warez, post their email, phone number, IMEI, leave their babies in the car while running, get plastered and trust someone in an Uber to take them home, run red lights, and any number of other foolish things that put them in danger of a myriad of exploitations.11-17-17 10:16 PMLike 0
- We both know the average user doesn't give a rat's rectum about security. They use weak passwords, tons of location based social media, download warez, post their email, phone number, IMEI, leave their babies in the car while running, get plastered and trust someone in an Uber to take them home, run red lights, and any number of other foolish things that put them in danger of a myriad of exploitations.
Posted with my trusty Z1011-18-17 01:17 AMLike 0 - Well if we are talking about security, on my BlackDroid I'm still on the September security patch...now at the end of November... So yeah, it seems like security is not high on the list of BlackBerry either, especially it's hollowed out incarnation of BlackBerry Mobile...11-21-17 07:09 PMLike 0
-
- Forum
- Android BlackBerry Phones & OS
- BlackBerry Motion
OnePlus Security Fail Makes Case for BlackBerry Motion
Similar Threads
-
Sales numbers for TCL made BlackBerry?
By jgrobertson in forum General BlackBerry News, Discussion & RumorsReplies: 36Last Post: 02-20-18, 08:34 AM -
blackberry z10 bberror10 0015
By Dranialz in forum BlackBerry Z10Replies: 7Last Post: 11-28-17, 04:32 AM -
Blackberry id registration
By Kems1 in forum BlackBerry PassportReplies: 2Last Post: 11-23-17, 11:53 PM -
Alleged BlackBerry KEYone successor appears on GeekBench
By FishhPoohh in forum BlackBerry KEYoneReplies: 1Last Post: 11-22-17, 07:09 AM
LINK TO POST COPIED TO CLIPBOARD