[lawguyman]

Not true. A Hypervisor device meets the OHA qualifications as they're presented publicly.

Not true. The OHA agreement specifies that Android is to be the only OS on the device.

Posted via CB10

[Dunt Dunt Dunt]

It's fascinating, each time I begin to think the horror stories about Android have come to an end and that Android is perhaps "secure enough" news like these pops up and remind me that most Android versions are a no go.

Going Android is just a bad idea, if you are a security company.


Posted via CB10

They question is could that "bug" access a secured container on a device? From a company standpoint if that container remains secured, then the device might be secure enough for them?

But they who's to say that if BlackBerry had 70% of the smartphone market, if "researchers" couldn't find holes in it's security? BBOS turned out not to be a secure as we all taught it was....

My biggest take away from all this, is you need a device that will get regular updates.

[Superdupont 2_0]

They question is could that "bug" access a secured container on a device? From a company standpoint if that container remains secured, then the device might be secure enough for them?

But they who's to say that if BlackBerry had 70% of the smartphone market, if "researchers" couldn't find holes in it's security? BBOS turned out not to be a secure as we all taught it was....

My biggest take away from all this, is you need a device that will get regular updates.

Android typically get bad press all 6-8 weeks, BlackBerry maybe all 6-8 months (yes, BlackBerry products or 3rd party products within BlackBerry solutions have security holes, occasionally).
The moment they would start with Android, they will have to deal with the bad press.

You remember Justin Case, the guy who hacked the BlackPhone?
He announced to try BB 10 next just to show that every OS is vulnerable...I am still waiting how things have worked out for him since the announcement (he bought two Z10s, if I remember correctly).



Posted via CB10

[chuck188]

I think you could make an application that is more secured than Google Play. Its boring when you don't have an app store.

[DenverRalphy]

they better figure this out first before BBRY can make any custom android os phone. but it's just another reason why i wouldn't touch anything by the way of android, ever.

Supposedly there's already a fix. What isn't clear are the details of the deployment of the fix. Nexus devices are supposed to be receiving it soon if they haven't already (because Google can push OS updates directly to them). How much Google will have to rely upon carriers to push the updates hasn't been publicly addressed yet, though I imagine it may (probably) be a headache. With any luck, for older devices unlikely to ever see an update from their carriers Google may be able to add something to Google Play Services that intercepts any MMS (or anything containing a video for that matter) message notifications, checks for the exploit, and reject it if it tests positive. Supposedly the exact details of the exploit and the fix will be announced at BlackHat this weekend (at which point Google will probably pay out a bounty).

In any case, if BBRY is indeed working on an Android phone, I wouldn't sweat it as they're probably developing it with the next version of Android (Android M) since it will already have the fix in place, and because it's a Security Development Focus version (granular permissions finally being added, OS layer hardening, etc..).

[BCITMike]

i just read it this morning, surprised no one's posted it on CB Yet:

Stagefright: SMS Text Message Can Hack Android Phones

"A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices�that�s 950 million gadgets�exposed to attack. The computer bug, nicknamed �Stagefright� after a vulnerable media library in the operating system�s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on."

they better figure this out first before BBRY can make any custom android os phone. but it's just another reason why i wouldn't touch anything by the way of android, ever.

It has been posted, yesterday.

Posted via CB10

[extisis]

Supposedly there's already a fix. What isn't clear are the details of the deployment of the fix. Nexus devices are supposed to be receiving it soon if they haven't already (because Google can push OS updates directly to them). How much Google will have to rely upon carriers to push the updates hasn't been publicly addressed yet, though I imagine it may (probably) be a headache. With any luck, for older devices unlikely to ever see an update from their carriers Google may be able to add something to Google Play Services that intercepts any MMS (or anything containing a video for that matter) message notifications, checks for the exploit, and reject it if it tests positive. Supposedly the exact details of the exploit and the fix will be announced at BlackHat this weekend (at which point Google will probably pay out a bounty).

In any case, if BBRY is indeed working on an Android phone, I wouldn't sweat it as they're probably developing it with the next version of Android (Android M) since it will already have the fix in place, and because it's a Security Development Focus version (granular permissions finally being added, OS layer hardening, etc..).

so you're good with this one vulnerability and who know what else is there to find out... either way stuff like this doesn't happen with BB10 OS so that's what i'm sticking with. Good luck, android lovers.

[extisis]

It has been posted, yesterday.

Posted via CB10

[DenverRalphy]

so you're good with this one vulnerability and who know what else is there to find out... either way stuff like this doesn't happen with BB10 OS so that's what i'm sticking with. Good luck, android lovers.

Nope... not good with it. The vulnerability is a very valid concern. However, I was simply responding to a very specific question of which you had asked, with a well reasoned response. As far as "what else is there", well, that's true of any OS be it mobile, desktop, or embedded. BB10 isn't invulnerable either... every OS is vulnerable. It's simply a matter of manpower to find it. Was BB10 immune from Heartbleed? Not so much. And in this particular instance.. it took an entire research team of a well educated think-tank to find the flaw. It's not like script kiddies stumbled blindly upon it. If Google hadn't offered their bounty program, I'd be willing to bet it'd be years before anybody else found it.

[extisis]

Nope... not good with it. The vulnerability is a very valid concern. However, I was simply responding to a very specific question of which you had asked, with a well reasoned response. As far as "what else is there", well, that's true of any OS be it mobile, desktop, or embedded. BB10 isn't invulnerable either... every OS is vulnerable. It's simply a matter of manpower to find it. Was BB10 immune from Heartbleed? Not so much. And in this particular instance.. it took an entire research team of a well educated think-tank to find the flaw. It's not like script kiddies stumbled blindly upon it. If Google hadn't offered their bounty program, I'd be willing to bet it'd be years before anybody else found it.

Heartbleed affected many programs, however, this is an-OS specific vulnerability but to no surprise in an open OS. It could have taken a team to find it out, but one hacker to do them all in. To compare appropriately, BBOS nor BB10 were vulnerable to attack via text msg.

Posted via CB10

[Tre Lawrence]

Heartbleed affected many programs, however, this is an-OS specific vulnerability but to no surprise in an open OS. It could have taken a team to find it out, buy one hacker to do them all in. To compare appropriately, BBOS nor BB10 were vulnerable to attack via text msg.

Posted via CB10

That's why many options are great. Long live BB10.

[DenverRalphy]

Heartbleed affected many programs, however, this is an-OS specific vulnerability but to no surprise in an open OS. It could have taken a team to find it out, buy one hacker to do them all in. To compare appropriately, BBOS nor BB10 were vulnerable to attack via text msg.

A few things...

First... Heartbleed was an attack on a uniform basis that pretty much every OS is built upon. It wasn't OS specific, but it was a very simple demonstration that NO operating system is safe from anybody who's determined to find a flaw. This will continue for as long as operating systems are built.

Second... open OS development has historically proven to be more secure than closed development.

Third... The "stagefright" flaw took over 6 years to be discovered (in the tech world, that's an eon) dating back to Android OS version 2.2. And the biggest reason it was discovered was because of the bounty system Google recently placed to encourage hackers to find any OS flaws. Given enough encouragement (substantial money), any and every OS will be revealed to have flaws that can be exploited.

I'm not discounting the severity of the recently discovered flaw by any means. It's ugly, it's been fixed, and the world will continue to revolve around the sun. Especially when it concerns an exploit that has yet to demonstrate so much as one active practical usage or attack.

[extisis]

A few things...

First... Heartbleed was an attack on a uniform basis that pretty much every OS is built upon. It wasn't OS specific, but it was a very simple demonstration that NO operating system is safe from anybody who's determined to find a flaw. This will continue for as long as operating systems are built.

Second... open OS development has historically proven to be more secure than closed development.

Third... The "stagefright" flaw took over 6 years to be discovered (in the tech world, that's an eon) dating back to Android OS version 2.2. And the biggest reason it was discovered was because of the bounty system Google recently placed to encourage hackers to find any OS flaws. Given enough encouragement (substantial money), any and every OS will be revealed to have flaws that can be exploited.

I'm not discounting the severity of the recently discovered flaw by any means. It's ugly, it's been fixed, and the world will continue to revolve around the sun. Especially when it concerns an exploit that has yet to demonstrate so much as one active practical usage or attack.

the fact that google needs said bounty system immediately turns me off. i'm not saying BlackBerry isn't vulnerable to any attack... it's just not as common. with android this is common.

[grahamf]

They question is could that "bug" access a secured container on a device? From a company standpoint if that container remains secured, then the device might be secure enough for them?

The problem is that the entire OS and all applications running inside it would still be inside that container. In order to have an application independent of the Android container you would have to have independent APIs and a window manager for the apps to function (unless you want to shut down Android every time you wish to check a work email).

Strip out everything from the Android OS container that the Hypervisor needs to work effectively, and you get BB10.

[Superdupont 2_0]

A few things...

First... Heartbleed was an attack on a uniform basis that pretty much every OS is built upon. It wasn't OS specific, but it was a very simple demonstration that NO operating system is safe from anybody who's determined to find a flaw.

Second... open OS development has historically proven to be more secure than closed development.

I disagree with point one.
You are making it sound like every OS has the same number of severe vulnerabilities and is equally vulnerable, but that is not the case.
I have chosen BB 10, because I expect that the number of vulnerabilities is significantly smaller and statistical chances to get hacked are simply low.

With regards to point 2: Well, history is changing dynamically.

Apple's 'goto fail' tells us nothing good about Cupertino's software delivery process | ZDNet

Quote: "Also, this code is open source. Apparently, no one outside Cupertino using it spotted the issue either. So maybe we shouldn't give the Apple developers a hard time for that."

Sounds like a d�j� vu?

[keithhackneysmullet]

the fact that google needs said bounty system immediately turns me off. i'm not saying BlackBerry isn't vulnerable to any attack... it's just not as common. with android this is common.

The bounty system is great as it allows exploits to brought out into the open and fixed. How many unknown exploits exist in bb10? Who knows but since BlackBerry doesn't have a bounty in place they won't ever be fixed until the hack is made public, but by then the damage is already done.

Think about how much higher the level of talent is at Microsoft, Apple, and Google in comparison to BlackBerry. Now think about how many exploits have been found in Windows, ios, osx, and android. It's pretty scary thinking of the mistakes BlackBerry software engineers make that aren't known publicly and will never be fixed.

Posted via CB10

[BrooklynBerryAddict]

You remember Justin Case, the guy who hacked the BlackPhone?
He announced to try BB 10 next just to show that every OS is vulnerable...I am still waiting how things have worked out for him since the announcement (he bought two Z10s, if I remember correctly).

I remember that as well. I was thinking of tweeting him and asking why he has not provided any updates on that endeavor

[Abhishek Chaudhary619]

just saw this video with BlackBerry passport on android

Posted via CB10

[extisis]

The bounty system is great as it allows exploits to brought out into the open and fixed. How many unknown exploits exist in bb10? Who knows but since BlackBerry doesn't have a bounty in place they won't ever be fixed until the hack is made public, but by then the damage is already done.

Think about how much higher the level of talent is at Microsoft, Apple, and Google in comparison to BlackBerry. Now think about how many exploits have been found in Windows, ios, osx, and android. It's pretty scary thinking of the mistakes BlackBerry software engineers make that aren't known publicly and will never be fixed.

Posted via CB10

There's plenty of vulnerability to be had as we've seen on Android over the years hence why the bounty system is even needed. Exploits are android's main thing. You're talking about Exploits on BB10 what about BBOS? Any major Exploits happen in that system?

Not every entity is on the same playing field.

Posted via CB10

[Cynycl]

You're right. Some have a global market presence and some don't.

Sent from my Nexus 7 using Tapatalk

[extisis]

just saw this video with BlackBerry passport on android

Posted via CB10

ugliest thing I've seen in a while... not the casing of course.

[ray689]

Yes, you need to meet OHA guidelines to have Google Play Services.

To meet OHA rules (among other things) a non-forked version of Android must be the base OS, it must say "powered by Android" on the boot screen, it must have many of the Google Apps pre-installed, it must have the Google Play Store as the default and primary app store, and it must pass a series of compatibility checks.

The differentiation would be a dedicated bb10 launcher (skin) with a bb10 app suite. This could still be quite significant if done well. The HUB would be a huge distinction.

Z30STA100-5/10.3.2.2339

That would be a great differentiator had the app suite such as hub and keyboard not been available for third parties like it will be.

Posted via CB10

[conite]

That would be a great differentiator had the app suite such as hub and keyboard not been available for third parties like it will be.

Posted via CB10

We have no idea what features will be available on BlackBerry branded phones versus the simple app suite. We'll have to wait and see. I'm guessing a significantly richer "bb10" experience on the branded phones.

Z30STA100-5/10.3.2.2339

[The Big Picture]

just saw this video with BlackBerry passport on android

Posted via CB10

Err is this for real?

Edit. It's a launcher. Booooo

Posted via CB10

[kenzo_44]

The word secure and Android don't fit together in the same line - Law of the Universe!

Posted via CB10