- So my understanding is that Android is considered especially unsecured because it is so easy to gain root access. Perhaps a malicious program could piggyback a user's own tinkering (say, installing cyanogenmod on their handset). Or even simpler: root access can easily be had by having physical possession of an Android handset.
Am I right in this assumption? Root access is the root of Android's lack of security?
Now I understand that BlackBerry is using signed hardware components inside the Priv, just like in previous BB10 handsets, and checks the hardware on boot. Is this a security measure that will somehow prevent users or malicious programs from gaining root access?
Maybe someone a bit more tech savvy than myself can speak to this topic.
Posted via CB10Syedshaishad likes this.10-20-15 11:00 PMLike 1 - Basically. It's my understanding that tinkering would result in the keys being unsigned and failure to boot the phone. CrackBerry wrote a piece on how it works. Here's how BlackBerry secured Android on the Priv | CrackBerry.com10-20-15 11:13 PMLike 0
- No idea about root access as the only point of entry for malicious activity, but certainly a weak point for Android. I would suspect that BlackBerry's "secured" version is specifically designed to prevent root access, so definitely a downer for the kidding community. But honestly, I doubt that's who BlackBerry is marketing (<-- lol) to in the first place.
Posted via CB10nonamenomore likes this.10-20-15 11:14 PMLike 1 - Basically. It's my understanding that tinkering would result in the keys being unsigned and failure to boot the phone. CrackBerry wrote a piece on how it works. Here's how BlackBerry secured Android on the Priv | CrackBerry.com
In Squircle I Trust10-20-15 11:27 PMLike 0 - No idea about root access as the only point of entry for malicious activity, but certainly a weak point for Android. I would suspect that BlackBerry's "secured" version is specifically designed to prevent root access, so definitely a downer for the kidding community. But honestly, I doubt that's who BlackBerry is marketing (<-- lol) to in the first place.
Posted via CB10
Posted via CB1010-20-15 11:30 PMLike 0 - Basically. It's my understanding that tinkering would result in the keys being unsigned and failure to boot the phone. CrackBerry wrote a piece on how it works. Here's how BlackBerry secured Android on the Priv | CrackBerry.com
Posted via CB1010-20-15 11:33 PMLike 0 -
Posted via CB1010-21-15 12:46 AMLike 0 - I take that back, more info is available in the Inside BlackBerry blog article linked at the end of the CB write-up.
First, this pic below briefly talks about data encryption/decryption and how the screen lock plays a part in that process:
Attachment 376747
Next, this article (written in February, but still applicable, apparently) discusses "TheCircleRoot of Trust" (Focker?!) and how BlackBerry was originally able to lock down the Android runtime on BB10, which I'm assuming they've now broadened to further secure the whole Android OS on the PRIV.
Posted via CB1010-21-15 01:12 AMLike 0 -
- I find it funny that the hacking community wouldn't want a more hardened Android handset, as they must be aware of how easy it is to compromise any other Android phone. And what do people really need to root Android for? I can't imagined the garnered functionality is any more robust than what is available at stock.
With all this security, we will be limited to only installing OS's from Blackberry, will not be able to install AOSP, or CyanogenMod, etc.
Sometimes the custom firmwares contain extra functionality. For example one custom I installed, had built in drivers for my PS3 controller,so I could use it with games on the phone. With the default firmware, I had to be running a certain app to use the controller, with was a PITA.
So yeah, there is a bit of a downside to all the security if you are into those things.10-21-15 01:46 AMLike 0 - Bla1zeCB OGTo say it's un-rootable is just silly and naive. All it takes is the right set of eyes looking at the code and it's done for. That being said, it could be among one of the 'harder to root' devices. These days it's more so news when a device CAN'T be rooted easily than when it can be.Xaiux likes this.10-21-15 06:04 AMLike 1
- Tre LawrenceBetween RealitiesProblem being that there is such a fear of rooting. I don't think many folks outside this forum are overly concerned.Xaiux likes this.10-21-15 06:17 AMLike 1
- If your bootloader is cryptographically signed, the OS loader is also cryptographically signed, each checks the other and you architect the device so that each is in a separate segment of NVRAM and one but not BOTH can be written for any given boot, enforced through hardware and cleared only through an NMI that resets the processor, then it becomes extremely difficult to defeat through other than a JTAG process (e.g. physical access to the device and writing to the NVRAM using said JTAG jig.) Any attempt to tamper with one of the two in that instance leaves you with an unbootable device and there's no way to overwrite both at once with unsigned and non-checking code. (There are a few nuances that have to be observed to make this effectively airtight against software tampering but it's not very difficult.)
At the OS level it is not difficult to detect tampered or unauthorized executables and deny them the ability to run. There are basic things you can do with unix-like OSs that materially reduce the attack surface (e.g. mounting the user filesystem nosuid) that are already "best practice" with any such Unix-style OS.
This does not prevent a privilege escalation attack due to bad code in some part of the system that already runs with privileges but you can make it very difficult for such a compromise to result in a durable breach; if you detect something you panic() the system. The reboot will then catch the unauthorized modification. If that modification is not in a system file (e.g. not part of the base code that has to be present and unaltered for the security model to remain valid) then the load procedure can either "chmod 000" or remove it, and if it is in a base OS component then the device refuses to boot.
BlackBerry has a long history of doing this right; BB10 has not been successfully rooted (witness the OS blacklist that many people would love to get rid of, but you can't) and it is not all that difficult to apply the same model to the Priv.10-21-15 08:04 AMLike 3 - The last times I actually used root for something:
- Trying to remove the T-Mobile bloatware and end up getting the Galaxy Relay to start corrupting microSD cards
- Trying to get Titanium Backup working
- Changing the bootloader parameter on my TouchPad to boot to webOS by default and vice versa
So I don't think I'm too concerned not having root. Apparently there are better solutions than Titanium Backup out there now that doesn't require root.10-21-15 08:25 AMLike 0 - I find it funny that the hacking community wouldn't want a more hardened Android handset, as they must be aware of how easy it is to compromise any other Android phone. And what do people really need to root Android for? I can't imagined the garnered functionality is any more robust than what is available at stock. Not like jailbreaking an iOS device back in the day (I had one of the first downloadable apps: Lights Out).
Posted via CB10Xaiux likes this.10-21-15 12:55 PMLike 1 - I find it funny that the hacking community wouldn't want a more hardened Android handset, as they must be aware of how easy it is to compromise any other Android phone. And what do people really need to root Android for? I can't imagined the garnered functionality is any more robust than what is available at stock. Not like jailbreaking an iOS device back in the day (I had one of the first downloadable apps: Lights Out).
Posted via CB10Xaiux likes this.10-21-15 12:58 PMLike 1 - I take that back, more info is available in the Inside BlackBerry blog article linked at the end of the CB write-up.
First, this pic below briefly talks about data encryption/decryption and how the screen lock plays a part in that process:
Attachment 376747
Next, this article (written in February, but still applicable, apparently) discusses "TheCircleRoot of Trust" (Focker?!) and how BlackBerry was originally able to lock down the Android runtime on BB10, which I'm assuming they've now broadened to further secure the whole Android OS on the PRIV.
Posted via CB1010-21-15 01:00 PMLike 0 - I find it funny that the hacking community wouldn't want a more hardened Android handset, as they must be aware of how easy it is to compromise any other Android phone. And what do people really need to root Android for? I can't imagined the garnered functionality is any more robust than what is available at stock. Not like jailbreaking an iOS device back in the day (I had one of the first downloadable apps: Lights Out).
Posted via CB10
Do you know what I could do with the specs this thing has? I'm running a phone with a dual-core processor and a gb of ram. It has a camera worthy of one of the first flip phones from the 90s. Manufacturers have been purposely releasing outdated hardware for diehard keyboard people. Even with this I'm making a sacrifice - a landscape keyboard is worlds better than a portrait keyboard.Xaiux likes this.10-21-15 01:53 PMLike 1 - I mean, you guys know the allegory of the cave? A member of a cave community steps out into the light, then comes back to describe the wonderful experience, only to get shunned by their friends and family? Rooting is kind of like that. It's exactly how I have a three year old slider phone that runs the latest Android. Since there are no *new* keyboard phones, and this is the greatest thing since sliced bread to keyboard enthusiasts, that's exactly why someone in the hacking community would come to the Priv instead of going to a "dedicated" android device.
Do you know what I could do with the specs this thing has? I'm running a phone with a dual-core processor and a gb of ram. It has a camera worthy of one of the first flip phones from the 90s. Manufacturers have been purposely releasing outdated hardware for diehard keyboard people. Even with this I'm making a sacrifice - a landscape keyboard is worlds better than a portrait keyboard.
If it's a matter of drivers that require root access, as someone noted above, well I guess the Priv won't be as flexible as some other handsets.
As for keyboards, I'm definitely faster on the Q10 than any other mobile keyboard I've ever used, including the current Passport as well as old landscape sliders.
Posted via CB1010-21-15 02:08 PMLike 0 - I find it funny that the hacking community wouldn't want a more hardened Android handset, as they must be aware of how easy it is to compromise any other Android phone. And what do people really need to root Android for? I can't imagined the garnered functionality is any more robust than what is available at stock. Not like jailbreaking an iOS device back in the day (I had one of the first downloadable apps: Lights Out).
Posted via CB10
And use a mouse and keyboard for Nvidia Game Streaming.
Installing apps to an SD card is great because that way you can almost never run out if storage, but you need to root in order to do that.
BlackBerry Z30 Chenpion 10-21-15 02:13 PMLike 0 - I have my android tablet rooted. Lots of cool features like the ability to connect a DS3 controller via Bluetooth.
And use a mouse and keyboard for Nvidia Game Streaming.
Installing apps to an SD card is great because that way you can almost never run out if storage, but you need to root in order to do that.
BlackBerry Z30 Chenpion
Posted via CB1010-21-15 02:20 PMLike 0 - The XDA Developers forum already has a Priv sub-forum all setup. They even have a root Priv thread all setup but waiting for the phone to arrive to see if they can root it AND still load an Android OS and make it work.
Note: apparently new Verizon branded Note 5's and various new Verizon branded phones are difficult to root these days.10-21-15 05:14 PMLike 0
- Forum
- Android BlackBerry Phones & OS
- BlackBerry Priv
Signed Hardware, No Root Access?
« Daily Express (UK) online report and poll: strong Priv support from the voters
|
Priv must have some real marketing »
Similar Threads
-
Q10 no longer connects to PC via USB
By blackshark in forum BlackBerry Q10Replies: 10Last Post: 10-23-15, 11:37 PM -
Why no love from Best buy and Att?
By [email protected] in forum General BlackBerry News, Discussion & RumorsReplies: 26Last Post: 10-22-15, 01:56 PM -
No Sound At All
By Jeff07 in forum BlackBerry Z30Replies: 16Last Post: 10-21-15, 03:02 PM -
How can I access my Settings again in crackberry.com?
By aldebaran12 in forum Site and App Feedback & HelpReplies: 6Last Post: 10-21-15, 09:49 AM -
It's Monday Again. But no news about PRIV :x
By nanda_s in forum BlackBerry PrivReplies: 3Last Post: 10-19-15, 03:31 PM
LINK TO POST COPIED TO CLIPBOARD