08-10-18 03:16 PM
150 123 ...
tools
  1. gebco's Avatar
    I am very disappointed with BlackBerry's decision to stop security updates for the Priv, so much so that I am considering a Pixel for my next phone as apparently Google gives longer security update timelines.

    Question though, would a Priv without the patches but with the root-of-trust, kernel-hardening, disc encryption, integrity detection etc be more, less, or equally as secure as a non BlackBerry without these features but with security patches?
    hamilgs and Kat580 like this.
    12-20-17 09:56 PM
  2. Invictus0's Avatar
    BB Android's main advantage is root protection so an unpatched BB Android device would have some level of protection against root based exploits compared to regular Android (as in the case of QuadRooter).

    For other exploits I guess it would depend but the major vulnerabilities from this year (BlueBorne, KRACK, etc) required patching on BB Android and regular Android.
    skinnymike1 and hamilgs like this.
    12-20-17 10:21 PM
  3. anon(10268214)'s Avatar
    I am very disappointed with BlackBerry's decision to stop security updates for the Priv, so much so that I am considering a Pixel for my next phone as apparently Google gives longer security update timelines.

    Question though, would a Priv without the patches but with the root-of-trust, kernel-hardening, disc encryption, integrity detection etc be more, less, or equally as secure as a non BlackBerry without these features but with security patches?
    If you believe Thurber's corporatespeak, the PRIV is still more secure than a 'non-hardened Android' even without updates. However that doesn't explain why it had to receive security patches religiously for two years straight, nor why it's on the list for the trade-in program...
    gebco and skinnymike1 like this.
    12-20-17 10:25 PM
  4. conite's Avatar
    The true answer to the question is "it depends".
    moonflyer likes this.
    12-20-17 10:32 PM
  5. gebco's Avatar
    The true answer to the question is "it depends".
    Depends on user as in ID ten T error or as in future vulnerabilities?
    12-20-17 10:41 PM
  6. conite's Avatar
    Depends on user as in ID ten T error or as in future vulnerabilities?
    Both.

    BlackBerry Android is certainly more resilient to many threats, and real-time monitoring can detect unusual behaviour and changes to system files, but some vulnerabilities may just need to be patched.
    12-20-17 10:46 PM
  7. gebco's Avatar
    Both.

    BlackBerry Android is certainly more resilient to many threats, and real-time monitoring can detect unusual behaviour and changes to system files, but some vulnerabilities may just need to be patched.
    So essentially we will have to see if BlackBerry steps up as they said they will when vulnerabilities are discovered.
    12-20-17 10:50 PM
  8. conite's Avatar
    So essentially we will have to see if BlackBerry steps up as they said they will when vulnerabilities are discovered.
    I don't see that as particularly likely. Maybe with a simple but serious fix like Krack.
    gebco likes this.
    12-20-17 10:54 PM
  9. dastillero1975's Avatar
    The true answer to the question is "it depends".
    ^^^^ This.
    12-21-17 06:42 AM
  10. vladi's Avatar
    Of course it is. It's as safe as the user. Don't install apps you really don't need and careful with shady links in emails and IMs

    Enjoy your Priv, the best slider since Pre 3
    12-21-17 06:57 AM
  11. anon(10268214)'s Avatar
    I don't know why anyone would assume the PRIV would still be patched in the event a new exploit like KRACK is discovered? No more updates means no more updates.

    If that kind of emergency security patching has real meaning to you, as does hanging on to one if the last real BlackBerry devices for as long as possible...you might as well go back to a BB10 or BBOS device. At least for those products they have guaranteed support until the end of 2019.
    andy957 likes this.
    12-21-17 07:44 AM
  12. conite's Avatar
    I don't know why anyone would assume the PRIV would still be patched in the event a new exploit like KRACK is discovered? No more updates means no more updates.

    If that kind of emergency security patching has real meaning to you, as does hanging on to one if the last real BlackBerry devices for as long as possible...you might as well go back to a BB10 or BBOS device. At least for those products they have guaranteed support until the end of 2019.
    Krack hasn't been patched on BB10.

    With respect to the Priv, Thurber did say: "Third, should a critical vulnerability be exposed we will engage our partners as needed to develop and deliver necessary patches."
    skinnymike1 likes this.
    12-21-17 08:13 AM
  13. anon(10268214)'s Avatar
    Krack hasn't been patched on BB10.

    With respect to the Priv, Thurber did say: "Third, should a critical vulnerability be exposed we will engage our partners as needed to develop and deliver necessary patches."
    Yeah I read that too...and I actually thought it meant something until he qualified it by inserting the weasel phrase 'as needed' into the sentence.

    I stick with my original premise. No updates means no updates. I truly feel sorry for anyone who sticks with a PRIV believing they are ever going to see another security update, or that somehow it is still more secure than other Android devices without them.
    Too much 'secret sauce' clouds the mind, lol.
    skinnymike1 and Mecca EL like this.
    12-21-17 08:53 AM
  14. Huussi's Avatar
    Yeah I read that too...and I actually thought it meant something until he qualified it by inserting the weasel phrase 'as needed' into the sentence.

    I stick with my original premise. No updates means no updates. I truly feel sorry for anyone who sticks with a PRIV believing they are ever going to see another security update, or that somehow it is still more secure than other Android devices without them.
    Too much 'secret sauce' clouds the mind, lol.
    I guess this is the right way of thinking considering the record BlackBerry has on updates.
    But i'm almost certain that if there is a large vulnerability like KRACK discovered within the next year BlackBerry will patch it on the priv and dteks.
    skinnymike1 likes this.
    12-21-17 11:10 AM
  15. Invictus0's Avatar
    Of course it is. It's as safe as the user. Don't install apps you really don't need and careful with shady links in emails and IMs

    Enjoy your Priv, the best slider since Pre 3
    Stagefright, KRACK, BlueBorne, etc had nothing to do with the user. If exploits like these continue to be found in 2018 the best the user can do is disable features on their device and hope it'll be patched.

    Krack hasn't been patched on BB10.

    With respect to the Priv, Thurber did say: "Third, should a critical vulnerability be exposed we will engage our partners as needed to develop and deliver necessary patches."
    If BB10 with a larger install base than the Priv doesn't have a KRACK patch or comment yet it doesn't fill me with much hope that we'll see timely updates on the Priv moving forward.
    skinnymike1 likes this.
    12-21-17 11:29 AM
  16. conite's Avatar


    If BB10 with a larger install base than the Priv doesn't have a KRACK patch or comment yet it doesn't fill me with much hope that we'll see timely updates on the Priv moving forward.
    The BB10 infrastructure and expertise to deal with updates is almost nonexistent.
    skinnymike1 and jakie55 like this.
    12-21-17 11:35 AM
  17. Invictus0's Avatar
    The BB10 infrastructure and expertise to deal with updates is almost nonexistent.
    They certainly do as .3057 was released recently and there was some recent movement in the spotted OS thread. Whether or not they want to or see it as urgent is a different question, and I guess the same would apply to the Priv moving forward as well.
    12-21-17 11:42 AM
  18. anon(10268214)'s Avatar
    Obviously BlackBerry is more interested in it's bottom line than its device customers. When BlackBerry said they would support PRIV for two years, I don't think anyone thought this meant literally exactly two years, and especially if Google was still supporting the OS with security patches. This is total hypocrisy. And the only remedy they have to the sudden about face regarding patching is the secret sauce? Shame on them.

    PRIV abandoned once the minimum commitment fulfilled, and no OS update for either of the DTEKs. Heck of a way to kick off their licensing strategy...by booting consumers in their rear end so they can inflate their balance sheet.
    HughJarsse and Kat580 like this.
    12-21-17 11:42 AM
  19. conite's Avatar
    They certainly do as .3057 was released recently and there was some recent movement in the spotted OS thread. Whether or not they want to or see it as urgent is a different question, and I guess the same would apply to the Priv moving forward as well.
    That update was from July, and was the one and only update since last Christmas.

    The only change was a few bytes in the radio file to accommodate a Vodafone LTE issue.

    There has been zero activity since.
    12-21-17 11:56 AM
  20. Invictus0's Avatar
    That update was from July, and was the one and only update since last Christmas.

    The only change was a few bytes in the radio file to accommodate a Vodafone LTE issue.

    There has been zero activity since.
    KRACK was disclosed to QNX in early August IIRC so it's highly unlikely that they didn't have the people to do anything about it less than a month later. They also tested for BlueBorne in September and released a bulletin so I think it's reasonable to assume they at least have the resources even if they don't consider it a priority.

    Even if we ignore that, BlackBerry didn't even release a bulletin to advise BB10 users (which still includes government and enterprise) on the status of KRACK and what they can do moving forward. BlackBerry's track record for dealing with "maintenance mode" software is pretty mixed so I don't have high hopes for the Priv (I'd love to be proven wrong though).
    12-21-17 12:13 PM
  21. anon(10268214)'s Avatar
    And from Android Authority, no less:

    "No matter which way you slice it, BlackBerry failing to properly update the Priv to Nougat, not even Oreo, and refusing to extend important security updates beyond the “standard” 2 years promised by everyone else is an undeniable sign that the company isn’t willing to go the distance with security. That’s more than a little disappointing."

    https://www.androidauthority.com/bla...pdates-824374/

    Obviously just another crapdroid article looking for a senseless excuse to slag BlackBerry for its inflated price and poor hardware specs, lol.
    12-21-17 12:20 PM
  22. anon(10268214)'s Avatar
    KRACK was disclosed to QNX in early August IIRC so it's highly unlikely that they didn't have the people to do anything about it less than a month later. They also tested for BlueBorne in September and released a bulletin so I think it's reasonable to assume they at least have the resources even if they don't consider it a priority.

    Even if we ignore that, BlackBerry didn't even release a bulletin to advise BB10 users (which still includes government and enterprise) on the status of KRACK and what they can do moving forward. BlackBerry's track record for dealing with "maintenance mode" software is pretty mixed so I don't have high hopes for the Priv (I'd love to be proven wrong though).
    I think it's quite obvious their way of dealing with this, or any major BB10 security issue going forward will be via managed devices and their EMM solutions. To the only remaining BB10 clients that matter to them, these will be one and the same customers. Any update to either BB10 or BBOS is extremely unlikely. For consumers it goes something like sorry but you need to buy a new device...here's a coupon for a BlackBerry if you're interested...but the security updates expire exactly two years from launch, so hurry!
    12-21-17 12:36 PM
  23. dastillero1975's Avatar
    I guess this is the right way of thinking considering the record BlackBerry has on updates.
    But i'm almost certain that if there is a large vulnerability like KRACK discovered within the next year BlackBerry will patch it on the priv and dteks.
    Is KRACK patched on BB10?. I don't think so.
    Moreover Android is full of unpatched devices from other companies and they stay that way until the end of times. That's something inherent to Android due to fragmentation and a good excuse for BB to do nothing when a critical flaw affects the PRIV since now.
    Moreover you still need to convince "the partners" to give a hand if needed.
    Nah! I think you already show the last patch for Priv.
    12-21-17 12:36 PM
  24. Huussi's Avatar
    Is KRACK patched on BB10?. I don't think so.
    Moreover Android is full of unpatched devices from other companies and they stay that way until the end of times. That's something inherent to Android due to fragmentation and a good excuse for BB to do nothing when a critical flaw affects the PRIV since now.
    Moreover you still need to convince "the partners" to give a hand if needed.
    Nah! I think you already show the last patch for Priv.
    Sounds fair.
    No idea why is still believe in BlackBerrys "promises"
    12-21-17 12:40 PM
  25. conite's Avatar
    KRACK was disclosed to QNX in early August IIRC so it's highly unlikely that they didn't have the people to do anything about it less than a month later. They also tested for BlueBorne in September and released a bulletin so I think it's reasonable to assume they at least have the resources even if they don't consider it a priority.

    Even if we ignore that, BlackBerry didn't even release a bulletin to advise BB10 users (which still includes government and enterprise) on the status of KRACK and what they can do moving forward. BlackBerry's track record for dealing with "maintenance mode" software is pretty mixed so I don't have high hopes for the Priv (I'd love to be proven wrong though).
    It is documented that the BB10 unit wasn't informed until October.

    I'm not disagreeing that the BB10 response is abysmal - but I'm also saying they have little to no capacity left.
    hamilgs likes this.
    12-21-17 12:46 PM
150 123 ...

Similar Threads

  1. Why is my PRIV not compatible with Reliance Jio services?
    By Pankaj Jaju in forum BlackBerry Priv
    Replies: 8
    Last Post: 05-03-18, 06:16 PM
  2. BB Link does not recognize BB10 after latest Windows update
    By mturner53 in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 01-08-18, 08:26 PM
  3. Replies: 5
    Last Post: 12-21-17, 06:23 PM
  4. Urgent help : Update download on priv - error
    By ranojee1966 in forum BlackBerry Priv
    Replies: 2
    Last Post: 12-20-17, 07:05 PM
  5. Brand new DTEK60 won't update
    By Mukade in forum BlackBerry DTEK60
    Replies: 3
    Last Post: 12-20-17, 05:49 AM
LINK TO POST COPIED TO CLIPBOARD