[Bla1ze]

Lots of mis-information going around regarding the QUIP tool.

That's exactly what they want. It's over most people's heads, so a good amount won't go looking for the real info lol.

[newcollector]

I will make it simple: it's bogus.

Posted via CB10 via my Z10

[menshawy]

Yeah? I'm asking them to bring it on me

Please join my photography channel

[anon(2729369)]

Nothing to do with Quip, totally real threat which may have already been mitigated through an OS update. Let's see if the security team publishes anything.
BlackBerrys are not more secure than other phones when it comes to cell tower attacks. If your attacker can turn on your microphone from a nearby fake tower, voice encryption is useless.

[lift]

Carriers have way too much control over our phones. It doesn't matter what platform we use. That is where the problem is and that has got to stop.
In most cases people pay for their phones and own them outright. What right then does a carrier have to place programs or whatever on our phones just because we are PAYING to use their network? They think they own us and I hate that.

[raino]

Nothing to do with Quip, totally real threat which may have already been mitigated through an OS update. Let's see if the security team publishes anything.
BlackBerrys are not more secure than other phones when it comes to cell tower attacks. If your attacker can turn on your microphone from a nearby fake tower, voice encryption is useless.

This seems quite serious, so hopefully an OS update has taken care of it. But any idea why the Z10 is being singled out from amongst all BB10 offerings?

[lift]

This seems quite serious, so hopefully an OS update has taken care of it. But any idea why the Z10 is being singled out from amongst all BB10 offerings?

Good question. I thought they all shared the same OS. Maybe the Z10 was the only BB10 device that was out when they did this testing. If that's the case, it was done with a very old version of BB10 and has probably been fixed long ago.

[ayekon]

I figured this was already known... No breakthrough here... We already know about the Stingray device

[anon(2729369)]

This seems quite serious, so hopefully an OS update has taken care of it. But any idea why the Z10 is being singled out from amongst all BB10 offerings?

My guess is that it's got something to do with the radio. The Z10 radio is not the same as the Q10 or Z30 radio. Seems odd since they all use OMA software to control certain aspects of the phone, but maybe the exploit only works with specific hardware.

Posted via CB10

[ayekon]

It's the carriers root kit coupled with generic access codes for ease of use for OTA management.... Simple fix and simple to crack if you emulate a cell tower signal... Best idea would be to disallow them to install it on your phone... This is obviously the ONLY reason I would ever consider a Blackphone but I don't need that much privacy, it is however disturbing....

[BlackberryAtQuadra]

Although the vulnerabilities are basic from a security perspective, exploiting them is not. Each requires extensive knowledge of the OMA-DM standard implementation and how cellular networks work. A successful hack also requires setting up a cellular base transceiver station or finding a vulnerability in a femtocell to take it over and use it for the attack. And cracking the encryption is also not trivial. Nonetheless, anyone with the same level of knowledge and skill as the researchers could conduct the attacks.

Hmmm, Check this simple demonstration:

That said, the researchers don�t believe anyone has exploited the vulnerabilities so far.

�During our disclosure with the vendors, different vendors have processes to look through to see if there are any traces of someone exploiting the vulnerabilities and we haven�t heard that there are any traces that anyone has seen so far,� says Ryan Smith, chief scientist at Accuvant.

Skolnik and Blanchou have notified the firm that makes the management tool used by so many, and the company has already issued a fix. They also notified baseband manufacturers, who have written code that would implement that fix. Carriers are in the process of distributing a fix to existing phones.

�It�s important that all users � stay up to date with all the latest patches,� Skolnik says. �Users should contact their carrier to see if an update is already available.�

The advice what to do is quite interesting and most helpful. What would I told to my Carrier? "Hi, There's some problem with security, some vendor of yours has issues a fix, and as I'm informed some Carriers are in the process of distributing a fix. Would be so kind to tell me is the update available or when it'll be?
Hello, hello ...

[Doggerz]

BlackBerry reputation for security just keeps getting worse. I trust 2 tin cans and a string more than BlackBerry LTD.

Posted via CB10

[anon(2729369)]

It's the carriers root kit coupled with generic access codes for ease of use for OTA management.... Simple fix and simple to crack if you emulate a cell tower signal... Best idea would be to disallow them to install it on your phone... This is obviously the ONLY reason I would ever consider a Blackphone but I don't need that much privacy, it is however disturbing....

The best solution is to never put a SIM card in a smartphone and to only connect it to a mobile network gateway which doesn't have any microphone and GPS chip. You lose SMS and standard voice, but there are enough good VoIP service today to not have the need for it.
And if it's not convenient, the least one can do is to never use 2G.

[Minhaaj Rehman]

Might as well not use a phone. There are enough reliable pigeons around. A hoax appears and everyone pretends to have a secret that the world wants.

Posted via CB10

[BlackberryAtQuadra]

... There are enough reliable pigeons around ...

Posted via CB10

Big security vulnerability is a falcon.
Oh those old days, we were much closer to the nature even for spying, and everything was mobile.

[anon(2729369)]

Might as well not use a phone. There are enough reliable pigeons around. A hoax appears and everyone pretends to have a secret that the world wants.

It's not a hoax and just keeps highlighting how dangerous the 2nd, hidden OS on a phone can be. Even standard data encryption can be bypassed by simply doing RAM dumps.

And it dpeends on what you call secrets... Organised crime is always on the lookout for more toys to add to their money sucking arsenal.

[randall2580]

Two things after reading through the thread:

1. They are presenting at Black Hat. In effect its peer review. From Wikipedia "Peer review is the evaluation of work by one or more people of similar competence to the producers of the work (peers). It constitutes a form of self-regulation by qualified members of a profession within the relevant field. Peer review methods are employed to maintain standards of quality, improve performance, and provide credibility. In academia peer review is often used to determine an academic paper's suitability for publication." Lets see what folks much smarter about these things have to say once they present.

2. They don't say in the article the OP presents that the Z10 is the ONLY BB10 phone that is vulnerable, they say the Z10 is among "the most vulnerable" phones they tested. That doesn't say that the Q10 and Q5, the Z30 and Z3, if tested were not vulnerable - a leap some seem to have taken from what I read here.

These guys seem to be "white hats" and have presented ways to close the vulnerability as well and it is apparently already being pushed to your phones according to the OP's article again.

[Heinz Katchup]

2. They don't say in the article the OP presents that the Z10 is the ONLY BB10 phone that is vulnerable, they say the Z10 is among "the most vulnerable" phones they tested. That doesn't say that the Q10 and Q5, the Z30 and Z3, if tested were not vulnerable - a leap some seem to have taken from what I read here.

These guys seem to be "white hats" and have presented ways to close the vulnerability as well and it is apparently already being pushed to your phones according to the OP's article again.

Well put. I look forward to more details behind the article and follow up after the conference. Where findings will be presented.

Posted with X10 via CB10

[Parrillas NY]

Pura Paja, no hay celulares mas vulnerables que todos los android y el IOS de la manzana!! Blackberry es lo mas seguro en todos los aspectos!! por eso seguimos adelante con los dispositivos Blackberry!! asi que eso es puro MAL mercadeo o Mercadeo en Contra de los intereses de Blackberry Limitada!!

[Minhaaj Rehman]

Don't compare apple with orange. RAM dump requires physical access to a switched on phone or seconds with in its turning off. BlackBerry adds multiple layers of security which is if not unbreakable than definitely hard. Have you ever heard a BlackBerry being hacked? You think all 16 of 20 top government officials use it for nothing? Let's wait for the conference. It might as well be apple behind this rumor if it really is one. Both ways it's good for the security technology. Some new lessons.

Posted via CB10

[anon(2729369)]

Don't compare apple with orange. RAM dump requires physical access to a switched on phone or seconds with in its turning off. BlackBerry adds multiple layers of security which is if not unbreakable than definitely hard. Have you ever heard a BlackBerry being hacked? You think all 16 of 20 top government officials use it for nothing? Let's wait for the conference. It might as well be apple behind this rumor if it really is one. Both ways it's good for the security technology. Some new lessons.

Posted via CB10

Sorry, but you have no idea what you're talking about.
Here is a 4 year old video to get you started about what we can do with the RTOS provided by Qualcomm.


Application and baseband processors share memory, so if you take control of the baseband, you have access to the memory used by the apps without needing to have access to the device. I'm sure there are ways to prevent too much damage being done through the use of scramblers and firewalls, but BlackBerry doesn't seem to have implemented any of that in their OS.
BlackBerrys have had several vulnerabilities in the past, so it's very possible they were hacked, but it's not a capability a government would shout they have from the rooftop... All I know is that it's been possible to listen in on conversations on BlackBerry OS and BlackBerry 10, even if you didn't read about it on CrackBerry.

[Jesus Quintana]

It's some time now that i know that each time i am using an electronic communication device my privacy is at risk.
But if confirmed indeed knowing that my Z10 is one of the most vulnerable phones does bother me a bit considering that i was convinced it was the opposite.

[Tre Lawrence]

It's some time now that i know that each time i am using an electronic communication device my privacy is at risk.
But if confirmed indeed knowing that my Z10 is one of the most vulnerable phones does bother me a bit considering that i was convinced it was the opposite.

"Most vulnerable" doesn't mean overall; just with regards to this particular vulnerability.

[Raestloz]

BlackBerrys have had several vulnerabilities in the past, so it's very possible they were hacked, but it's not a capability a government would shout they have from the rooftop... All I know is that it's been possible to listen in on conversations on BlackBerry OS and BlackBerry 10, even if you didn't read about it on CrackBerry.

Considering the fact that they have government agents using BlackBerry, wouldn't it be in their best interest to get BlackBerry to plug those holes and just do the spying in other ways?

Z10 STL100-1/10.2.1.3247

[Old_Mil]

So what is the solution to this problem?

Posted via CB10