[cgk]

Let's get the caveats out of the way -

The person behind the comments below develops their own secure fork of android however they seem to have a solid rep amongst android security forks.

Here's the short version:

They applied the grsecurity patch set without enabling the features and porting the many missing components to ARM64.

The phone doesn't come with meaningful kernel hardening though.

grsecurity is trademarked and name dropping it in marketing requires using the maintained branch and enabling the features.

There's really no way to have an acceptable enough form of grsecurity to make use of the branding on Android right now.

So the claim is that the 'increased security' on Priv is a sham - here's the thing, rather than me or the usual suspects talking a lot of rubbish, it would be great if someone with actual security expertise commented.

Below are the detailed comments - so those of you who understand security - what do you think?

BlackBerry claims to be at the forefront of Android security but they're shipping 5.1.1 without the security improvements landed in 6.0.

Using an old grsecurity or PaX test patch without enabling the features isn't really useful. Especially on ARMv8 as it hasn't been ported.

BlackBerry does get credit for hard-wiring various security policy decisions into the kernel that were already provided by SELinux.

Seems they consider enforcing mmap_min_addr and randomize_va as read-only in yet another place to be substantial kernel hardening work.

Maybe BlackBerry considers adding exFAT to the kernel to be a hardening feature. Monthly security updates is really all they're offering.

You also get monthly security updates with a Nexus, and a more hardened OS. Also, eventual CyanogenMod and CopperheadOS support.

Here's BlackBerry's PaX / grsecurity configuration: https://github.com/blackberry/androi...nfig#L643-L683 �. Kernel self-protection is limited to the USERCOPY feature.

And PAGEEXEC is the only enabled userspace PaX feature. The CHROOT features are enabled but Android doesn't actually make use of chroots.

So PERF_HARDEN is really the only useful feature from grsecurity itself (not PaX). PTRACE_READEXEC doesn't appear to be useful for Android.

The BLACKHOLE feature is useful for DoS resilience on a server, but not so much on a client already using iptables. And that's everything.

All that PAGEEXEC provides on an architecture with NX support is non-recoverable NX (i.e. no recovery signal handler) and (hidden) logging.

And they can't have PAGEEXEC enabled for apps without a fine-grained exception system and the will to break full compatibility.

So really, it all comes down to having USERCOPY. Great feature (buffer overflow detection for copy_{to,from}_user) but a tiny piece of PaX.

A port of an x86_64-style UDEREF to ARMv8 (it won't have PAN until ARMv8.1) would require funding @grsecurity and @paxteam.

And the great security backports that @grsecurity is known for aren't easily available since Android is stuck with 3.4 or 3.10.

Hardening userspace is just as important and they didn't do that. Even if they had PaX ASLR, what good would it be? Android breaks it.

6.0 has lots of improvements like http://kernsec.org/files/lss2015/lss...dm_smalley.pdf � (ioctl filtering, etc.). What does BlackBerry have?

USERCOPY vs. 5.1.1 -> 6.0. It's not a hard choice. Anyway, how about just submitting USERCOPY to AOSP?

[tickerguy]

This is something I will be examining once I get the device....

[lawguyman]

Whatever BlackBerry did to the Linux kernel is just one of things done to improve security.

Focus on this if you want (and you will because you seem to find the glass constantly half empty) but keep in mind that you are accepting what a competitor says about what BlackBerry has done.

I would like to know why the Linux kernel needs to be hardened at all. What real world thing has actually happened because of lack of kernel hardening?

Posted via CB10

[lawguyman]

Double post

[cgk]

Whatever BlackBerry did to the Linux kernel is just one of things done to improve security.

Focus on this if you want (and you will because you seem to find the glass constantly half full) but keep in mind that you are accepting what a competitor says about what BlackBerry has done.

I'm not accepting anything - I don't have the technical expertise to assess his claim - I have absolutely no idea - that is why I was asking for people with actual technical expertise to comment.

So do you have that expertise? Anything useful to add to the thread rather than rehashing old issues or making it about me.

[lawguyman]

The words you use are qualified, meaning that you leave yourself an out. This way you can avoid claims of trolling. There's gambling in Casablanca? I'm shocked!

This is a fan site. If you have legitimate questions about what BlackBerry has done, pose them on a security forum. I'm sure one exists. Maybe there are "old questions" about you because everyone knows the intent behind your posts.

I'm sure this post will be deleted and I'll probably get some form of discipline but so be it. I'm calling out a troll in the most polite way that I know how to do it. You sir are a troll.

Posted via CB10

[thurask]

I do shave too often to understand the entirety of the argument, but my understanding is that this would be alleviated upon the switch to Marshmallow, whenever that is.

[tickerguy]

There is much more to this than the kernel. In fact, the kernel is a tiny little part of it, and focusing there is misguided at best (and grossly misleading most of the time.)

Android, in particular, doesn't tend to suffer from kernel issues (nor do other Unix-based operating systems) -- no, it suffers from being a bloated piece of code that was pretty much thrown on the wall at Google to see what sticks in its original incantation and it shows internally if you start digging around in the AOSP code. Virtually all of the exploitable things you will find are in system libraries and executables in some form or fashion, not the kernel. Kernel hardening is a last ditch defense against bad system code, basically.

We'll see what BlackBerry has cooked up and there are going to be a lot of people poking at the corners of the software with screwdrivers to see what they can pry up. I'll be one of 'em. :-)

[LiterallyLogan]

Here is a really informative article: DailyTech - BlackBerry Priv is an Amazing Android So Secure You May Never Hear of It

II. No More SELinux Backdoor Fears -- Why Priv Wins on Security

And BlackBerry strengthens the pitch with what's lurking deep in the device's software. While it's technically running the latest version of Android -- Lollipop 5.1.1 (presumably to be upgraded in upcoming months to Android 6.0 Marshmallow) -- the distribution is heavily modified with a grsecurity kernel. For those unfamiliar this is sort of a big deal as grsecurity is a long-standing Linux effort with its fair share of cred:

Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.

What perhaps sets BlackBerry's device a notch above most existing offerings of similar premise -- e.g. Samsung's Knox -- is that it's not based on the SELinux version of Android. While grsecurity Linux and SELinux share similar algorithms and methodology there's a key difference that will quickly cause many to favor the BlackBerry backed variant over Samsung's chosen one -- SELinux is developed and maintained by the U.S. National Security Agency (NSA).



While it would be nice to think that the NSA works on SELinux out of the goodness of its heart, revelations from former contractor turned whistleblower Edward Joseph Snowden suggest otherwise. To my knowledge there weren't any direct reports of subversion of the project in particular and it is worth noting that the project is open source which means that its been publicly scrutinized. Thus it's fair to say if there are backdoors in SELinux -- and Samsung's Knox -- they're likely of the deep and devious variety. Google itself supports SELinux but has been wary and critical of NSA efforts. So ostensibly it would object to any known backdoors to persist in the distribution.

But what about unknown backdoors? That's the real dark side of SELinux. Given the NSA's broad agenda of subversion of global encryption standards and leading smartphone platforms chances are high that the project's creator the NSA indeed has built in some highly obfuscated entryway. After all, the NSA has been implicated in zero-day exploitation of the Heartbleed flaw in the https protocol, in addition to having been more conclusively outed in a number of tricky and platform-specific or hardware-specific backdoors. Blackberry appears to even subtly allude to this risk in its ads for the Priv.



Ultimately this might not be a big deal for businesses in the U.S., but particular for overseas enterprise users in regions like France and Germany which the U.S. government spies upon for troubling indeterminate reasons, BlackBerry may be the only commercial option. And suffice it to say that as cooking your own alternative secured Android kernel is a tall task even for firmware experts, that means the market for this device are potentially huge. Add in BlackBerry's growing portfolio of exclusive Android apps and services such as Picture Password, Password Keeper, BlackBerry Protect.

In the U.S., too, it may find buyers for a number of reasons including fears of domestic NSA surveillance, its devotion to the underappreciated slider form factor, and its solid overall spec.



Some may note the parallels between the story of the Priv and recent offerings from fellow Android holdout turned true believer, Finland's Nokia Oyj. (HEL:NOKIA), the pitch is quite different here. Where Nokia is largely looking to leverage its brand to sell ODM devices (i.e. devices designed by third parties, typically in China or Taiwan) at budget prices on a thin margin, BlackBerry is selling a phone that's undeniably expensive but packs a passable high end spec with one serious selling point -- it's a monster in the security department.

Priv -- a device who gets its name from the linguistic stem of "privilege" and "privacy" -- packs an enviable security pedigree and software portfolio. On those points it puts basically every other Android smartphone to shame and even gives Apple's iPhone a run for its money. In fact, given that the NSA and other U.S. spy agencies have already boasted pretty vocally about having easy access to iOS, the new kid on the block may be the most compelling phone on the block -- Android or otherwise -- for those who value their privacy.

[dusanvn]

I contributed my two cents on Priv security in post #45 of the following thread:

http://forums.crackberry.com/showthread.php?t=1045206

Posted via CB10/BB PP SE.

[marlowe9810]

When the twitter account making the claim about the Priv proceeds to talk about BBRY's impending bankruptcy I have hard time taking them seriously.

[cgk]

When the twitter account making the claim about the Priv proceeds to talk about BBRY's impending bankruptcy I have hard time taking them seriously.

OK but what is your critique of their security claims?

[theboogeyman]

Here is a really informative article: DailyTech - BlackBerry Priv is an Amazing Android So Secure You May Never Hear of It

Propaganda...I like the passage that says that NSA has access to the Iphone..lol That must be why the UK and US are seeking to pass laws forcing Apple to decrypt their devices.
Btw Snowden, who knows few things about security, carries an Iphone(he uses Signal wich is only Ios) not a Blackberry...

[Mr4aces]

Why all the negative and "what if postings"?

Are you a troll?

Did you buy a Priv?

The big question is would you buy one?

Posted via the CrackBerry App for Android

[cgk]

The big question is would you buy one?

Posted via the CrackBerry App for Android

Absolutely - as soon as it hit �250 which is the maximum I will pay for a phone (my LG G4 was �220 and has a very similar spec) - I'd buy it for the keyboard although honestly I'd love to see a landscape slider. I wouldn't buy it for the BBRY specific apps as most of those are already cracked and installed on my LG G4.

[tmf06]

Propaganda...I like the passage that says that NSA has access to the Iphone..lol That must be why the UK and US are seeking to pass laws forcing Apple to decrypt their devices.
Btw Snowden, who knows few things about security, carries an Iphone(he uses Signal wich is only Ios) not a Blackberry...

Why is the article propaganda? Are you saying the information in the article is not accurate? I think this is an interesting thread and would really like to hear more details.

I'm hoping your statement is based on more than Snowden using an iPhone and governments fighting iPhone encryption.

Posted via CB10

[thurask]

Consider the positives: if the QNX kernel had similar issues, it wouldn't be publicised since BlackBerry isn't under GPL obligations for QNX.

All bugs are shallow given enough eyes and whatnot.

[Techno-guy]

Why all the negative and "what if postings"?

Are you a troll?

Did you buy a Priv?

The big question is would you buy one?

Posted via the CrackBerry App for Android

I personally appreciate the OP raising these questions. They are in the same vein as is the Privacy part of the Priv real - which it seems it isn't. There doesn't seem to be any real Privacy features.

So, it begs the question as far as what was really done to enhance security. I'm confident this is a legitimate issue for those of us that are interested in the Priv to discuss. I've never worried about security with my Passport but it does make me wonder if Blackberry has real security implemented on the Priv or whether it's just window dressing.

[Yertie]

I've been troubled from the start by the lack of details given by BlackBerry here. They would have a lot more credibility if they'd brought on some well-known experts and had them assess the system and perhaps try to attack it. I'd like to see some details of attacks that work against stock Android that would fail against the allegedly hardened BlackBerry. DTEK is interesting, but too impotent to offer any meaningful gains in security or privacy, and the fact there are modular app permissions in Marshmallow means there is little BlackBerry is offering above the competition here.

They need to get the features from BlackPhone implemented to have any kind of claims to privacy: encrypted SIP, modular app permissions, etc. I'd also like to see some sort of encryption layer between the device and cloud services, PGP in the e-mail client, full access to the system firewall, stuff like that -- I don't have a Priv (yet?) so I'm assuming those things aren't there, as no one as mentioned them.

I think BlackBerry is trying to take a light touch to Android and encourage Google to do most of the work, John Chen has even said that he wants the focus on security to rub off on them, and indeed we're starting to see things like mandatory disk encryption appear. But then where does that leave BlackBerry?

[yhamaie]

I wonder how software engineers of BlackBerry Limited would react to those tweets.

I also wonder if German Chancellor, U.K. Prime Minister, and U.S. President will start using PRIV by BlackBerry.

I hope that BlackBerry Limited will soon talk in a liitle more detail about the difference between Android 5.x / 6.x with SELinux (Security-Enhanced Linux in Android) and Android 5.11 installed in PRIV.

[Mr4aces]

Absolutely - as soon as it hit �250 which is the maximum I will pay for a phone (my LG G4 was �220 and has a very similar spec) - I'd buy it for the keyboard although honestly I'd love to see a landscape slider. I wouldn't buy it for the BBRY specific apps as most of those are already cracked and installed on my LG G4.

Well the only post I see are negative postings. No questioning the subject matter only why no positive postings.

[ajgftw]

If you really want to know if it's secure, follow the Priv thread on XDA.

If it's hackable, id suspect that will be where you'll hear about it (it's where i'm watching at least)

[ajgftw]

not sure how accessible this information is (I am a web and app development student also studying web security)....but it covers in basic detail how the phone is secured beyond your average android phone....

http://venturebeat.com/2015/11/06/bl...y-android-now/

and reading that, the answer is very.

[KermEd]

I don't mind a few questions, but he has not posted a positive tread in this forum. So I suspect he's a troll. Show me some positive threads and I will "apologize" for the call out.

It was pointed out earlier in the thread, and I couldn't agree more, the kernel is really the last line of defense and only one tiny piece of what need to be considered when discussing security in general. DTEK helps provide information to the user at the user level, for example, where user level and social engineering are chief causes these days. And provides the user information regarding potential security holes they just can't get natively on other publicly accessible devices. I wouldn't recommend and have not been, easily dismissing the security statements around the priv.

That said, a product needs to stand it's own against critics. Be them trolls, competitors or security analysts. The product owners and champions should have no issues arguing back against points. If someone raises 100 negative threads on different topics, and all can be sufficiently debunked, then it becomes 100 positive reinforcable points. Trolls are inevitable it's what BlackBerry does in response that matters I suppose. Security is their statement, would be nice to see them defend it a bit too. Especially on a platform they no longer have full control over.

Posted to CB via my Passport | Lloyd Summers | FileArchiveHaven

[Branta]

Discussion temporarily suspended for cleaning of "troll" allegations and infractions where appropriate.