"BBM Unprotected"

Printable View

08-09-14, 11:30 PM
lui22

"BBM Unprotected"

I dont very much understand this but it apears that anyone with SQL lite can see to who and from whom bbm messages are sent because of the way BBM stores the data?

https://medium.com/@Blackphone/bbm-u...d-6d56f731705f

But the mention BBM protected and then appear to not use BBM protected to show their reasoning?
08-10-14, 12:33 AM
gebco

I think you are right about BBM Protected. Looks like they used ''regular'' BBM.
08-10-14, 01:07 AM
lui22

Well if a hacker rooted the phone in less than 5 minutes then whats to stop people from maliciously putting a small computer in a battery pack or a charging dongle to hack a phone and sell it on amazon. A group has already tested the idea and say its possible but hasent really been implimented
08-10-14, 01:18 AM
zocster

Interesting, all things are generally hackable given time. But it would be pretty difficult.

Sent from 2AD743B7 via Tapatalk Pro
08-10-14, 01:49 AM
AnimalPak200

"for an extra fee, you can upgrade to ?BBM Protected? which adds ?enterprise grade encryption to the already secure BBM service?,

"Finding 1: BBM does not appear to be capable of adding a password prior to entering the application. No password = no encryption key."

That's sneaky writing ... basically misleading the reader into thinking the analysis includes BBM protected, when its first finding shows it doesn't (since it requires a password)

Posted via CB10
08-10-14, 02:46 AM
jpvj

BBM is not an enterprise grade security solution from BlackBerry, so this is where they fall short of the first claim.

eBBM is marketed as one, but I haven't tested it yet.

BlackBerry fault is that they never addressed the security in the consumer space. "BlackBerry is secure" was stated over and over again and BlackBerry did very little to set the record straight.

BlackPhone tries to address this and I *believe* they are doing a great job in the areas where BlackBerry is non present: Consumer communication (Text, voice etc). My main concern is that it's build on a generic platform not designed with security in mind.

BlackBerry should have an advantage by being able to create secure solutions for consumers for BlackBerry 10 with a very high security and trust level. Secondarily for other platforms where they aren't in control of his the OS.

Posted via CB10
08-10-14, 03:11 AM
vrud

Bbm protected runs on non-rootable devices only (bbos, bb10). The article writer didn't mention that he needed to root his android (I wonder if he had a blackphone) before analyzing the databases. A rooted device is inherently insecure because a malicious app might simply record key strokes, mic audio or text displayed on the screen. Regardless of whether the network or server is secure or device database is encrypted.

Why didn't the author test bbm on BlackBerry phones? Because it can't be rooted at least today.

Posted via CB10