[anon8656116]

First, this is only iMessage vs. BBM. This is NOT about overall device security.
Second, this doesn't mean BBM is not secure. It's just that Apple has added some new security layers after "The Fappening" with iCloud.

Catchy headline but ultimately nothing to see here.

Correct. One comment: these new security layers were part of iOS 8 already. The iCloud leaks had nothing to do with this, although it did affect the company�s position with respect to privacy and account security. What people here often seem to forget is that Apple is not standing still with respect to enterprise support and security. iOS is already deemed secure enough for businesses with sensitive data (I did an internship with a big law firm that switched to iPhone).

[undone]

Correct. One comment: these new security layers were part of iOS 8 already. The iCloud leaks had nothing to do with this, although it did affect the company’s position with respect to privacy and account security. What people here often seem to forget is that Apple is not standing still with respect to enterprise support and security. iOS is already deemed secure enough for businesses with sensitive data (I did an internship with a big law firm that switched to iPhone).

The iCloud leak stemmed from Apple not applying some common logic with regards to security. Who gives unlimited attempts to reset/guess a password. No one. Shouldn't have ever happened. With the integration of Cloud with platforms its no longer just the device that has to be questioned, but the cloud as well. This means ANY provider of Cloud services needs to have a tight game. Azure, iCloud, Amazon....etc.

Just like any good auditor or inspector, when you have one critical failure they will (or should) start question more and more things.

When security isn't the top priority, it can be 'lacking' because it gets over ridden by other design issues. The inverse is true as well, RIM for years just couldn't buy a clue what the true consumer market wanted, sure as sh1t wasn't security.

[Bluenoser63]

Correct. One comment: these new security layers were part of iOS 8 already. The iCloud leaks had nothing to do with this, although it did affect the company’s position with respect to privacy and account security. What people here often seem to forget is that Apple is not standing still with respect to enterprise support and security. iOS is already deemed secure enough for businesses with sensitive data (I did an internship with a big law firm that switched to iPhone).

And what did they use for MDM to ACTUALLY secure the iPhones. If they didn't use an MDM, then please tell us the name of the firm so people can stay away from them.

[anon8656116]

And what did they use for MDM to ACTUALLY secure the iPhones.

They switched to Good after BES 10.

[BigAl_BB9900]

Apple Inc. (NASDAQ:AAPL) News Analysis: Apple: More Secure Than BlackBerry?

Was reading through the Stocks app articles when I came upon this misinformed article with the most ridiculous looking picture downplaying BlackBerry security!
I would have hoped by now that the Blackberry bashing had stopped. This is just over the top.

Via The BlackBerry Z30 experience!

Disingenuous is a nice way of putting it....

If Apple products/OS are so secure - why do they not have Certificates of Validation for FIPS 140-2..... (and other non-US equivalents.....)?
FIPS 140-2 - Wikipedia, the free encyclopedia

[anon8656116]

If Apple products/OS are so secure - why do they not have Certificates of Validation for FIPS 140-2..... (and other non-US equivalents.....)?
FIPS 140-2 - Wikipedia, the free encyclopedia

http://forums.crackberry.com/news-ru...kberry-804366/

[Jdane07]

This can't be fappening!

Thread should've ended here! Lol

Posted via the CrackBerry App for Android

[mnns]

Hi guys, I'm a 'hacker' since 20 years ago, I conduct security research for many major brands.
There isn't a single phone out there which I will call "secure". The encryption is pretty much worthless on each and every phone out there.
Those "encryption algorithms" are inserted only for the sole reason of marketing and making you, simple customers, feel "secure".
There is no need to argue about security on those phones, they are both - not secure.

(My brother wrote that)

[BigAl_BB9900]

http://forums.crackberry.com/news-ru...kberry-804366/

Thanks for this - but I would love some clarification, if that is okay.... as my understanding is that only BlackBerry (amongst mobile phone OS's) have the higher level of FIPS 140-2.

In April 2013 I attended a Mobile Device Security convention (invitation only) in the US - one of the main speakers was from the FBI, another one was from some US Federal Technology Department (can't remember what this department is actually called)....
Note: I was on the 'management' track, NOT the 'techie' track..... so they probably used much simpler language, definitions & examples for us.....

My understanding of what the speakers told us, is that there are 4 main parts/levels within FIPS 140-2, and only BlackBerry mobile device OS's pass more than one of the four parts. (For example, Samsung passed 1 of the 4 parts, for it's Knox encrypted storage - but had no hope of passing the rest of FIPS 140-2).

Back then (c. 18 months ago) BlackBerry was seen to be in a terrible financial state, and the speakers were very worried that RIM/BlackBerry would go bust - leaving them no alternative for receiving and storing confidential email/data on a mobile phone - the FBI guy was explicit about this, saying that the only work emails he would be allowed/able to receive on an Android phone (eg Samsung with Knox) would be ones about the coffee machine being repaired. For all confidential emails/data, he would have to lug around a laptop (in lieu of his BlackBerry).....

Can anyone else shed any light on this please?

[tchocky77]

Telling people HOW you secure data should not make it less secure.

Maybe that's blackberry's problem?

[insandouts]

The default level of security offered by BBM today is already very secure, offering two layers of encryption for messages sent between BBM contacts. First, BBM uses a TLS to establish a secure connection between the smartphone and the server. TLS is a common web standard that is used for online shopping and internet banking. Additionally, BBM messages are encrypted using a triple DES 168-bit BBM scrambling key which encrypts messages leaving the sender?s phone, and authenticates and decrypts messages on the recipient?s phone. These two layers working together mean that you have secure messages flowing through a secure pipe. BBM Protected adds an additional layer of advanced encryption to this security model helping to meet the needs of the most security conscious organizations.

BBM Protected | eBBM Secure Messaging & Encrypted Chat | BlackBerry - Canada

Via The BlackBerry Z30 experience!

"BBM, is encrypted. However, it is encrypted using a global key. RIM has written that,

The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives.
This means that RIM can decrypt consumers� messages that are encrypted with the global key. Consumer devices include all RIM offerings that are not integrated with a BlackBerry Enterprise Server (BES). "

BBM is not secure because of this..keep the lies going

The Danger of Fetishizing BlackBerry Messenger Security | Technology, Thoughts & Trinkets

[rambo47]

The fact remains that BlackBerry is the only mobile platform certified to operate on secure DoD networks. iOS, WP, and Android have NOT received this certification.

[CherokeeMarty]

Telling people HOW you secure data should not make it less secure.

Maybe that's blackberry's problem?

That's like telling your opponent in a football game what play you're going to run. You'll lose every time.

[CherokeeMarty]

Hi guys, I'm a 'hacker' since 20 years ago, I conduct security research for many major brands.
The isn't a single phone out there which I will call "secure". The encryption is pretty much worthless on each and every phone out there.
Those "encryption algorithms" are inserted only for the sole reason of marketing and making you, simple customers, feel "secure".
There is no need to argue about security on those phones, they are both - not secure.

(My brother wrote that)

If that really was the case, then why did the Government of Bangladesh ban Blackberry phones?
Regulator directs GP, Airtel to discontinue BlackBerry services

[CherokeeMarty]

Seeing as how a large number of BB10 users are side-loading to get the Android apps they want these days the same type of thing could happen for BB10 users if coders were so inclined.

Your statements make it obvious that you have no idea how BB deals with Android apps. Are you familiar with the term "Sandbox"? All Android apps that are ported through Snap or Amazon App Store are sandboxed. And they are scanned with Guardian before being downloaded. Android downloaded from these two sources pose no threat.

[anon8656116]

The fact remains that BlackBerry is the only mobile platform certified to operate on secure DoD networks. iOS, WP, and Android have NOT received this certification.

That may very well be true (I do not know), but the fact remains, BlackBerry devices are not the only ones secure enough for many businesses, organisations and even governmental institutions. That market is contested and can eventually be lost as well. What this article also espouses is that even consumers are not necessarily better off by using a BlackBerry device, as the iMessage example shows. The danger is that BlackBerry may become even more of a niche in the future.

[CherokeeMarty]

why don't you tell me the reason BB released BBM Protected if the regular BBM was secure?

BBM Protected is a BES12 product, and is a BES12 license holder specific product. Plain BBM is not contained within the BES12 envelope that is company server specific. So there.

[CherokeeMarty]

"BBM, is encrypted. However, it is encrypted using a global key. RIM has written that,

This means that RIM can decrypt consumers’ messages that are encrypted with the global key. Consumer devices include all RIM offerings that are not integrated with a BlackBerry Enterprise Server (BES). "

BBM is not secure because of this..keep the lies going

The Danger of Fetishizing BlackBerry Messenger Security | Technology, Thoughts & Trinkets

Then why did Bangladesh ban all blackberry phones? Bangladesh didn't ban iPhones, did they?
Regulator directs GP, Airtel to discontinue BlackBerry services

[BergerKing]

How about this? You do realize that by sharing this story, which is mostly rehashed hash that has been slung around for a couple of weeks now, you have provided another site with valuable hits that they'd have not gotten otherwise? You want it to stop? Don't give them free page hits!

[tchocky77]

Then why did Bangladesh ban all blackberry phones? Bangladesh didn't ban iPhones, did they?
Regulator directs GP, Airtel to discontinue BlackBerry services

Apple doesn't manufacture any phones cheap enough for the Bangladeshi market.

[collinc93]

why don't you tell me the reason BB released BBM Protected if the regular BBM was secure?

oh lordy.....

[collinc93]

those iCloud stored celebrity nude pictures should be quite safe after this. What? No more fapping then

[anon(8063781)]

As I understand it, the EFF argument is based on the premise that true security is based on good code, and that understanding the code will not permit you to crack the encryption it produces. In fact, open source code and open audits will improve the chance that mistakes -- if they're made -- are rectified. That's what happened with OpenSSL.

The other facet of the EFF argument is that you shouldn't trust a private corporation to maintain your privacy. You're better off if no one, including the company, can see your messages or crack the encryption.

It's a good argument, and the EFF has been making it for years: https://www.eff.org/deeplinks/2010/0...cary-precedent

I love my BlackBerries. They're great phones. But I wouldn't trust any company to maintain my privacy, especially under legal pressure.

[tchocky77]

those iCloud stored celebrity nude pictures should be quite safe after this. What? No more fapping then

I still see this a lot. I thought everyone understood by now. All the security in the world won't help you if you set a password that can be guessed.

[mnns]

It has to do with politics and regulations (which are mostly *** covering), period.
Security in phones means several things: data encryption strength (when your phone is stolen), unlocking security and external networking security.
A phone is very much prone to Bluetooth, WiFi & NFC vulnerabilities, especially Blackberry (which I had done a quite significant research on, although on older versions, but the infrastructure usually won't change).
In terms of sheer exploits, Blackberry is basically more vulnerable than iPhones, because iOS has a built in virtual memory, virtual kernel & virtual disk access which is very successful keeping hackers off the kernel-mode (which is the highest permission, will allow hackers to install rootkits etc on your phone).

Just know that your phone is definitely not secure.

In terms of data encryption, the problem is not the encryption (which is sufficient), it's the mechanism that decrypt that data on daily use, which any hacker can get to in seconds (RAM cloning, reversing the mechanism etc).
In terms of exploits and vulnerabilities, they exists nowadays for each and every phone, although iOS are the hardest to find.

If security is a real issue for you (bigger issue than just losing your credit card number etc.), then use an unpopular brand with an unpopular OS, because hackers are buying exploits and are creating exploits only for popular OSes. No hacker will spend weeks trying to reverse engineer an unknown OS with few users. Also, do not, by any means, store your data on the "cloud", an external data hosting which future intrusion is inevitable.

If the Israeli intelligence "Unit 8200" got to the Iranian nuclear facilities which are not connected to the internet, trust me, your BB isn't really secure.