- I am very disappointed with BlackBerry's decision to stop security updates for the Priv, so much so that I am considering a Pixel for my next phone as apparently Google gives longer security update timelines.
Question though, would a Priv without the patches but with the root-of-trust, kernel-hardening, disc encryption, integrity detection etc be more, less, or equally as secure as a non BlackBerry without these features but with security patches?12-20-17 08:56 PMLike 2 - BB Android's main advantage is root protection so an unpatched BB Android device would have some level of protection against root based exploits compared to regular Android (as in the case of QuadRooter).
For other exploits I guess it would depend but the major vulnerabilities from this year (BlueBorne, KRACK, etc) required patching on BB Android and regular Android.skinnymike1 and hamilgs like this.12-20-17 09:21 PMLike 2 - I am very disappointed with BlackBerry's decision to stop security updates for the Priv, so much so that I am considering a Pixel for my next phone as apparently Google gives longer security update timelines.
Question though, would a Priv without the patches but with the root-of-trust, kernel-hardening, disc encryption, integrity detection etc be more, less, or equally as secure as a non BlackBerry without these features but with security patches?gebco and skinnymike1 like this.12-20-17 09:25 PMLike 2 -
- Both.
BlackBerry Android is certainly more resilient to many threats, and real-time monitoring can detect unusual behaviour and changes to system files, but some vulnerabilities may just need to be patched.12-20-17 09:46 PMLike 0 - So essentially we will have to see if BlackBerry steps up as they said they will when vulnerabilities are discovered.12-20-17 09:50 PMLike 0
-
- I don't know why anyone would assume the PRIV would still be patched in the event a new exploit like KRACK is discovered? No more updates means no more updates.
If that kind of emergency security patching has real meaning to you, as does hanging on to one if the last real BlackBerry devices for as long as possible...you might as well go back to a BB10 or BBOS device. At least for those products they have guaranteed support until the end of 2019.andy957 likes this.12-21-17 06:44 AMLike 1 - I don't know why anyone would assume the PRIV would still be patched in the event a new exploit like KRACK is discovered? No more updates means no more updates.
If that kind of emergency security patching has real meaning to you, as does hanging on to one if the last real BlackBerry devices for as long as possible...you might as well go back to a BB10 or BBOS device. At least for those products they have guaranteed support until the end of 2019.
With respect to the Priv, Thurber did say: "Third, should a critical vulnerability be exposed we will engage our partners as needed to develop and deliver necessary patches."skinnymike1 likes this.12-21-17 07:13 AMLike 1 -
I stick with my original premise. No updates means no updates. I truly feel sorry for anyone who sticks with a PRIV believing they are ever going to see another security update, or that somehow it is still more secure than other Android devices without them.
Too much 'secret sauce' clouds the mind, lol.skinnymike1 and Mecca EL like this.12-21-17 07:53 AMLike 2 - Yeah I read that too...and I actually thought it meant something until he qualified it by inserting the weasel phrase 'as needed' into the sentence.
I stick with my original premise. No updates means no updates. I truly feel sorry for anyone who sticks with a PRIV believing they are ever going to see another security update, or that somehow it is still more secure than other Android devices without them.
Too much 'secret sauce' clouds the mind, lol.
But i'm almost certain that if there is a large vulnerability like KRACK discovered within the next year BlackBerry will patch it on the priv and dteks.skinnymike1 likes this.12-21-17 10:10 AMLike 1 -
If BB10 with a larger install base than the Priv doesn't have a KRACK patch or comment yet it doesn't fill me with much hope that we'll see timely updates on the Priv moving forward.skinnymike1 likes this.12-21-17 10:29 AMLike 1 - The BB10 infrastructure and expertise to deal with updates is almost nonexistent.skinnymike1 and jakie55 like this.12-21-17 10:35 AMLike 2
- They certainly do as .3057 was released recently and there was some recent movement in the spotted OS thread. Whether or not they want to or see it as urgent is a different question, and I guess the same would apply to the Priv moving forward as well.12-21-17 10:42 AMLike 0
- Obviously BlackBerry is more interested in it's bottom line than its device customers. When BlackBerry said they would support PRIV for two years, I don't think anyone thought this meant literally exactly two years, and especially if Google was still supporting the OS with security patches. This is total hypocrisy. And the only remedy they have to the sudden about face regarding patching is the secret sauce? Shame on them.
PRIV abandoned once the minimum commitment fulfilled, and no OS update for either of the DTEKs. Heck of a way to kick off their licensing strategy...by booting consumers in their rear end so they can inflate their balance sheet.HughJarsse and Kat580 like this.12-21-17 10:42 AMLike 2 -
The only change was a few bytes in the radio file to accommodate a Vodafone LTE issue.
There has been zero activity since.12-21-17 10:56 AMLike 0 -
Even if we ignore that, BlackBerry didn't even release a bulletin to advise BB10 users (which still includes government and enterprise) on the status of KRACK and what they can do moving forward. BlackBerry's track record for dealing with "maintenance mode" software is pretty mixed so I don't have high hopes for the Priv (I'd love to be proven wrong though).12-21-17 11:13 AMLike 0 - And from Android Authority, no less:
"No matter which way you slice it, BlackBerry failing to properly update the Priv to Nougat, not even Oreo, and refusing to extend important security updates beyond the “standard” 2 years promised by everyone else is an undeniable sign that the company isn’t willing to go the distance with security. That’s more than a little disappointing."
https://www.androidauthority.com/bla...pdates-824374/
Obviously just another crapdroid article looking for a senseless excuse to slag BlackBerry for its inflated price and poor hardware specs, lol.12-21-17 11:20 AMLike 0 - KRACK was disclosed to QNX in early August IIRC so it's highly unlikely that they didn't have the people to do anything about it less than a month later. They also tested for BlueBorne in September and released a bulletin so I think it's reasonable to assume they at least have the resources even if they don't consider it a priority.
Even if we ignore that, BlackBerry didn't even release a bulletin to advise BB10 users (which still includes government and enterprise) on the status of KRACK and what they can do moving forward. BlackBerry's track record for dealing with "maintenance mode" software is pretty mixed so I don't have high hopes for the Priv (I'd love to be proven wrong though).12-21-17 11:36 AMLike 0 -
Moreover Android is full of unpatched devices from other companies and they stay that way until the end of times. That's something inherent to Android due to fragmentation and a good excuse for BB to do nothing when a critical flaw affects the PRIV since now.
Moreover you still need to convince "the partners" to give a hand if needed.
Nah! I think you already show the last patch for Priv.12-21-17 11:36 AMLike 0 - Is KRACK patched on BB10?. I don't think so.
Moreover Android is full of unpatched devices from other companies and they stay that way until the end of times. That's something inherent to Android due to fragmentation and a good excuse for BB to do nothing when a critical flaw affects the PRIV since now.
Moreover you still need to convince "the partners" to give a hand if needed.
Nah! I think you already show the last patch for Priv.
No idea why is still believe in BlackBerrys "promises"12-21-17 11:40 AMLike 0 - KRACK was disclosed to QNX in early August IIRC so it's highly unlikely that they didn't have the people to do anything about it less than a month later. They also tested for BlueBorne in September and released a bulletin so I think it's reasonable to assume they at least have the resources even if they don't consider it a priority.
Even if we ignore that, BlackBerry didn't even release a bulletin to advise BB10 users (which still includes government and enterprise) on the status of KRACK and what they can do moving forward. BlackBerry's track record for dealing with "maintenance mode" software is pretty mixed so I don't have high hopes for the Priv (I'd love to be proven wrong though).
I'm not disagreeing that the BB10 response is abysmal - but I'm also saying they have little to no capacity left.hamilgs likes this.12-21-17 11:46 AMLike 1
- Forum
- Android BlackBerry Phones & OS
- BlackBerry Priv
Priv still secure without updates?
« Phone calls going straight to voicemail without ringing.
|
BlackBerry Priv stuck in Bootloader mode! »
Similar Threads
-
Why is my PRIV not compatible with Reliance Jio services?
By Pankaj Jaju in forum BlackBerry PrivReplies: 8Last Post: 05-03-18, 05:16 PM -
BB Link does not recognize BB10 after latest Windows update
By mturner53 in forum BlackBerry 10 OSReplies: 2Last Post: 01-08-18, 07:26 PM -
What is the disadvantage of security updates being stopped for blackberry by priv??
By CrackBerry Question in forum Ask a QuestionReplies: 5Last Post: 12-21-17, 05:23 PM -
Urgent help : Update download on priv - error
By ranojee1966 in forum BlackBerry PrivReplies: 2Last Post: 12-20-17, 06:05 PM -
Brand new DTEK60 won't update
By Mukade in forum BlackBerry DTEK60Replies: 3Last Post: 12-20-17, 04:49 AM
LINK TO POST COPIED TO CLIPBOARD