1. Labba Labbala's Avatar
    Hi,
    I have just seen this video of BlackHat 2013 talking about the BB10 design and some of the security issues that where found by this security researcher - Ralf-Philipp Weinmann:

    from what i have seen his findings:
    - 16:40 : no heap hardening protections
    - 17:25: no root but a way to run your own stuff with scrips
    - 21:20: IPv6 stack testing produced crashes ->> didn't looked to see if they are exploitable or not !!
    - 22:15: BaseBand - recommending to NOTuse the STL100-3 due to security potential issues!!
    - 24:50-30:00: RIM can remote collect data of users without user notification!! Screen captures, raw memory voice/audio and more..
    - 30:15: HINT! there is an exploitable bug using a metacharacters for "proc name" that is crashing that can execute commands
    - 31:43: researcher doesn't like the signature verification that may lead to persistence of bad files on the system.
    - 34:15: researcher doesn't like "Blackberry balance" that infact doesn't have a real sandbox like it should have...

    so this is interesting time to dig into the BB10 OS to see those issues has raised .. :-)

    Enjoy!
    12-08-13 08:28 PM
  2. SirJes's Avatar
    Did he show any proof of this? , -paging omnitech- since omni spoke of this a previous tgread.

    CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.
    12-08-13 08:41 PM
  3. Labba Labbala's Avatar
    he started by saying that he is not going to give any 0day since he don't want to talk about that.. but this person is one of the people who have hacked blackberry devices in the past and moreover than that he is known to have deep knowledge on cellular base band attack that can remotely control almost any device..
    12-08-13 08:44 PM
  4. Tre Lawrence's Avatar
    BBRY's TOS clearly states they collect data, to be fair.
    diegonei likes this.
    12-08-13 08:44 PM
  5. bennelong's Avatar
    Good video, thanks! Listening to it (on YouTube in the browser) as I type.
    12-08-13 09:14 PM
  6. Omnitech's Avatar
    I have already posted links elsewhere and there have been articles on Crackberry months ago pointing-out that this talk was a big letdown because he basically didn't demonstrate anything.

    This is at the very same conference where people in other rooms were doing live demonstrations of Android and iOS exploits.

    My point is: there's not much there, there.

    Believe me, if there were an active root exploit for BB10, we would probably know about it.

    There isn't.

    There was a way to do it on a very early build of the OS (something probably very few if any customers are running any more), but BlackBerry closed that hole and I've seen no evidence that anyone else has been able to come up with an actual root exploit since then.

    As you all know, root exploits are all over the place for iOS and Android. To the point where probably thousands of apps on Google Play are only functional on a rooted device.

    'Nuff said.
    Mic_JP and smitty1077 like this.
    12-08-13 09:24 PM
  7. Omnitech's Avatar
    BBRY's TOS clearly states they collect data, to be fair.
    I believe they specifically pointed this out in response to that claim.

    One of the first things I did when I bought my first Z10 was turn that off.

    Same thing I did on my Android device. (Though that's only the tip of the iceberg w/ Android, which is why I do not access or store any confidential stuff on that device.)
    12-08-13 09:28 PM

Similar Threads

  1. Verizon z10 taking from US To Mexico
    By genesis101 in forum General BlackBerry News, Discussion & Rumors
    Replies: 2
    Last Post: 12-29-13, 10:16 AM
  2. New PB owner and so excited!
    By eyecrispy in forum BlackBerry PlayBook
    Replies: 21
    Last Post: 12-10-13, 06:13 AM
  3. Where are all the overstocked Z10's?
    By cespinal in forum BlackBerry Z10
    Replies: 22
    Last Post: 12-09-13, 07:15 PM
  4. Films on BlackBerry Z10
    By anon(153966) in forum BlackBerry Z10
    Replies: 3
    Last Post: 12-08-13, 08:40 PM
  5. Bloomberg Businessweek - The Rise and Fall of BlackBerry: An Oral History
    By pcuser in forum General BlackBerry News, Discussion & Rumors
    Replies: 1
    Last Post: 12-08-13, 07:32 PM
LINK TO POST COPIED TO CLIPBOARD