[Aljean Thein]

Not saying that what the guy proclaims is true, but neither Merkel nor BlackBerry use the BlackBerry you can buy in a store.

Posted via CB10

Pretty sure they use a regular BlackBerry phones but added some chip to add a layer of security from what I've read.

Posted via CB10

[MarsupilamiX]

Pretty sure they use a regular BlackBerry phones but added some chip to add a layer of security from what I've read.

Posted via CB10

So, can you easily get that as a consumer?
If the answer is no, then I think you know what I mean.

Posted via CB10

[anon(3993749)]

So, can you easily get that as a consumer?
If the answer is no, then I think you know what I mean.

Posted via CB10

True, they are not the stock BlackBerry phones we have. They usually add their own security layers on top (software, hardware or both). But there must be a reason why they chose BlackBerry as a foundation in the first place.

Posted via CB10

[MmmHmm]

With regard to communications interception, I want to quickly and without too much detail go over how silly it is to think that you can avoid this from anyone who really wants information. You are smart and use a secure Sat phone. Your parties enter and do not speak until both are in secure rooms swept for bugging devices. The door, ceiling and walls are sealed and sound proof. There is only one window which is sealed and you are on the 50th floor, but you close the blinds anyway - don't want someone reading lips. How much will it take to know what is being said in the room? $20 to hear most of it. For about $100 likely hear both sides of the conversation. http://www.instructables.com/id/Laser-Surveillance-System-for-under-$20/ Now if I am with a government agency, engaged in high price corporate espionage, or just a low level scammer looking to get some credit card or other information I guaranty you I have more resources and nothing you want to keep private can be kept so.

Just use the cone of silence.


Sent from my iPhone using CB Forums

[Raestloz]

But enough Android ROMs allow it, so yeah, Android in fact gives you that possibility.
Since BlackBerry uses a custom runtime... I see exactly no reason not to implement it?

Posted via CB10

Can you tell me what the "security" advantage of that is?

Because honestly, I don't see it. So you don't want to give it access to contacts? Well then don't. That's pretty much it and that in no way undermines your security whatsoever. You want a cake and get to eat it too? Well BlackBerry simply gives you a choice of either you see it and eat it or not see it and not eat it at all, either you give apps permission and run it or you don't and uninstall it.

I don't see any evidence that inability of setting permission individually compromises security in any way whatsoever. It compromises comfort, but not security. This means your assertion that BlackBerry is hypocritical is flawed; "incredibly", I might add

A reason not to implement it? Maybe the fact that they're bleeding cash and needs to divert resources to stuff that is actually important? Like, I don't know, maybe try to improve their own services, their own devices, their own software, instead of dealing with Android app permission (in which they can leverage Google's own development of core Android)?

Z10 STL100-1/10.2.1.3247

[Raestloz]

True, they are not the stock BlackBerry phones we have. They usually add their own security layers on top (software, hardware or both). But there must be a reason why they chose BlackBerry as a foundation in the first place.

Posted via CB10

Regarding that, I actually wonder how much it'd cost government agencies to build a custom feature phone with all the security they'd need. I mean, yeah smartphone is great but if you want the utmost security, you should build one yourself, according to your security experts' specifications

Z10 STL100-1/10.2.1.3247

[Doggerz]

If what you've said are true, why are the German governments use the BlackBerry and not the Blackphone?

What I am saying IS true.

http://www.theglobeandmail.com/globe...ticle14333544/

But oh how I wish I was wrong. BlackBerry really betrayed us and itself.

As to why they are using it anyway. Someone else here gave the best answer. Obama's BlackBerry doesn't go through BlackBerry servers. It's been redesigned by the NSA.



Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

[Doggerz]

With regard to communications interception, I want to quickly and without too much detail go over how silly it is to think that you can avoid this from anyone who really wants information. You are smart and use a secure Sat phone. Your parties enter and do not speak until both are in secure rooms swept for bugging devices. The door, ceiling and walls are sealed and sound proof. There is only one window which is sealed and you are on the 50th floor, but you close the blinds anyway - don't want someone reading lips. How much will it take to know what is being said in the room? $20 to hear most of it. For about $100 likely hear both sides of the conversation. http://www.instructables.com/id/Laser-Surveillance-System-for-under-$20/ Now if I am with a government agency, engaged in high price corporate espionage, or just a low level scammer looking to get some credit card or other information I guaranty you I have more resources and nothing you want to keep private can be kept so.

You make a really great point. But the government is too lazy to physically survail random people with laser easedroping devices. They'd rather sit in an office and collect information from everyone.

But your point is well taken. If someone wants to invade your privacy they can and will.



Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

[MarsupilamiX]

Can you tell me what the "security" advantage of that is?

Because honestly, I don't see it. So you don't want to give it access to contacts? Well then don't. That's pretty much it and that in no way undermines your security whatsoever. You want a cake and get to eat it too? Well BlackBerry simply gives you a choice of either you see it and eat it or not see it and not eat it at all, either you give apps permission and run it or you don't and uninstall it.

I don't see any evidence that inability of setting permission individually compromises security in any way whatsoever. It compromises comfort, but not security. This means your assertion that BlackBerry is hypocritical is flawed; "incredibly", I might add

A reason not to implement it? Maybe the fact that they're bleeding cash and needs to divert resources to stuff that is actually important? Like, I don't know, maybe try to improve their own services, their own devices, their own software, instead of dealing with Android app permission (in which they can leverage Google's own development of core Android)?

Z10 STL100-1/10.2.1.3247

As far as I know, the idiom should be called" you want to eat a cake and have it too".
Which highlights the fact that you can't have the same thing, you've consumed.

Anyhow, this concept may apply to food, but is completely worthless for this discussion.
The reason is a very simple one: If I buy a normal Android phone, I can eat my cake and still have it afterwards.

If I buy a BlackBerry with the Android runtime, I currently can't do that, which wouldn't be a problem if BB10 would have a native ecosystem.
As Android apps are the mid(long)
-term solution to have an ecosystem on BB10, this is indeed a problem though.

Currently, if I would like to install an Android app, that would access certain permissions I don't deem necessary, I have the choice of not caring about it, or not installing the app.
Since BB10's native apps (as well as iOS and Android apps, on the other platforms) allow this, the principle of fragmenting the experience between the 2 kinds of apps on my BB10 phone more than necessary, makes, no, sense, what,so,ever.
(more than necessary means, that they are Android apps, so there will obviously be some kind of fragmentation in the experience. Not being able to edit app permissions isn't a necessary one though)

Now onto why it is a security risk, and why BlackBerry is hypocritical...
I won't give you every single example though, because it's probably impossible and not important for the point I try to make.
1) An app that wants to access my contacts, could extract the saved phone numbers and therefore gain access to important clients. This could be used to poach said clients, and I'd lose money.
(we have a no Whatsapp policy in our company)

2) Another app that wants to have access to my microphone, could be used to monitor every single word I and other people around me pronounce.
Why that's an obvious security and privacy threat should be obvious.

3) Having access to my GPS module, means that I could be tracked 24/7.

4) To have the permission to send an sms, means that I could be a couple of hundred bucks poorer than I was before I installed a certain app.

5) Having access to the file system of my phone, with a file called "Tax Report", could tell someone a lot about me, which is yet again a privacy and security issue.
Someone having access to the file called "passwords", is another example.

6)7)8) continue endlessly.

That it's hypocritical to promote security and privacy as a core USP of your product, while at the same time having those obvious shortcomings, is pretty much the definition of being hypocritical.
Now, it probably won't surprise you that we have a no Android apps policy in place as well, right?

Your last part, is such a huge red herring.
BlackBerry had the money and willpower to make the whole Android runtime. As if restricting app permissions would have been such a huge problematic add on. Some hobby devs were able to do that in their free time on the Android platform... So please, search something more creative.

Where it gets ridiculous though, is when you talk about BlackBerry expanding their own services, in the context of what I said.
The whole Amazon deal happened, because "nobody" wants to develop for BB10. Android apps are their ecosystem beginning with 10.3. Those are their own services.
So expanding on them, would be pretty intelligent, just as you said.

Posted via CB10

[TgeekB]

IIRC they get some special editions though, that are even more secure than the normal BES BlackBerry.


Posted via CB10

Thank you for pointing this out. They don't use an ordinary BlackBerry.

�To conquer oneself is a greater task than conquering others� Buddha

[undone]

OP ask some real security experts. Crackberry (and the general web for that matter) are full of a lot of garbage, half truths, and lots of misdirection. On top of that security has so many different levels that you can talk about, you can spend weeks just scratching the surface.

As plenty have pointed out, security is only as good as the end users habits.

[kevets]

What I am saying IS true.

To protect Canadians? privacy, telcos must shut the ?back door? - The Globe and Mail

But oh how I wish I was wrong. BlackBerry really betrayed us and itself.

As to why they are using it anyway. Someone else here gave the best answer. Obama's BlackBerry doesn't go through BlackBerry servers. It's been redesigned by the NSA.



Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

Come on... that article is old news and talks about the India / BES / BIS type issue from a couple of years back. That's what, two or three CEO's ago in BBM time?

Do you really think that BBM Protected on BES12 will be working the same way? There are big differences that are being made to keep the encryption/decryption keys and passphrases off of BlackBerry's systems. That allows fully encrypted communications, sending of files, images, etc... all with strong encryption.



And secure voice communications are coming... I say they are on the right track.

[Doggerz]

Come on... that article is old news and talks about the India / BES / BIS type issue from a couple of years back. That's what, two or three CEO's ago in BBM time?

Do you really think that BBM Protected on BES12 will be working the same way? There are big differences that are being made to keep the encryption/decryption keys and passphrases off of BlackBerry's systems. That allows fully encrypted communications, sending of files, images, etc... all with strong encryption.



And secure voice communications are coming... I say they are on the right track.

Fool me once shame on BlackBerry. Fool me twice shame on me.

I need to trust BlackBerry to do the right thing regardless of the CEO. And yes, this is going on today. Not just India either.

Read the article. And BTW consumers are not less important than BES. And as the article says if he were a CEO he wouldn't trust BES either.

You can roll your eyes man but BlackBerry talking about security is hypocritical.

I got banned for 10 days for referencing this article. So it's not something that BlackBerry or CB apparently wants to be made publicly aware of.

I like whistle-blowers though. So I guess a moderator might ban me again for posting that but hey. Maybe like Snowden, CB Russia might let me speak.

Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

[anon(3993749)]

Fool me once shame on BlackBerry. Fool me twice shame on me.

I need to trust BlackBerry to do the right thing regardless of the CEO. And yes, this is going on today. Not just India either.

Read the article. And BTW consumers are not less important than BES. And as the article says if he were a CEO he wouldn't trust BES either.

You can roll your eyes man but BlackBerry talking about security is hypocritical.

I got banned for 10 days for referencing this article. So it's not something that BlackBerry or CB apparently wants to be made publicly aware of.

I like whistle-blowers though. So I guess a moderator might ban me again for posting that but hey. Maybe like Snowden, CB Russia might let me speak.

Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

BlackBerry sharing encryption keys with various governments is just a rumour. There have been no leaked documents proving this. BlackBerry obviously can't confirm or deny this, so you are all assuming the worst.

All we know is that India and other countries threatened to ban BlackBerry devices if they don't comply with the local law and that they reached an agreement soon after.
BlackBerry was very clear about its position: they don't have the keys, there is no back door. Maybe those governments believed them in the end and that's why they never imposed a ban on BlackBerry devices?

Posted via CB10

[kevets]

I don't think anyone here is putting their head in the sand and pretending like the India BES key thing didn't happen. That is old news. I'm talking about the future, with BES12. What I'm trying to explain is that there is something different than the old BES that will have different capabilities in the near future.

Do you really think BBM Protected as it is being shown has backdoors built into it for NSA?

[anon(3993749)]

I don't think anyone here is putting their head in the sand and pretending like the India BES key thing didn't happen. That is old news. I'm talking about the future, with BES12. What I'm trying to explain is that there is something different than the old BES that will have different capabilities in the near future.

Do you really think BBM Protected as it is being shown has backdoors built into it for NSA?

Well do we have any proof that it did happen? Any official statement? Any leaked documents? Anything proof at all? I'm not saying it didn't happen, but to me, they are innocent until proven guilty.

[Doggerz]

Yes BlackBerry itself admitted to this. They said it was for consumer/BIS only. And only confirmed India, the United Arab Emirates and Canada itself.

I imagine a lot more countries have the backdoor.

I imagine the NSA has it with or without BlackBerry permission. But since BlackBerry gave out the keys before - it doesn't matter how strong a security they build if they're just going to do it again.

Why would you or anyone trust a corporation? I know it feels hurtful to know your trust has been betrayed. But that is the reality of it.

I love BlackBerry too. I had total faith in them until 2012 when this all came out. The article I posted is only from 2013 it's not that old.

I don't know what to say. But I'm not trolling and I don't say these things to be a jerk. I feel bad about it too. But I just don't trust them.

When I referred to Blackphone I only did so in order to say that at least they are pledging security and say they won't give out any backdoor. They haven't broken anyone's trust yet. BlackBerry has.

Can NSA break into Blackphone? They probably already have. It's not whether or not NSA can break into BlackBerry. Or anyone else can. It's if I trust BlackBerry to not voluntarily give keys out to India or whatever other country.

I haven't heard an apology from them. Or a statement saying the new technology you speak of will be guarded by them this time.

Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

[kevets]

Sounds like a good BlackBerry Fact Check posting... they need to set the record straight.

[Paintman321]

I think the Canada case has been misunderstood. In Canada the government made the telecom companies provide access to what was going over their networks, had no bearing on what phone was being used.

As for blackphone, those are paid services with subscriptions that provide security. Could use hosted BES and now with Blackberry buying secursmart we'll see secured voice and text soon as well. Or you could just get those same security apps on other phones. Blackphone did make some OS changes as well.

I really don't think it's as bad as what it's being made out to be.

Posted via CB10

[anon(3993749)]

Yes BlackBerry itself admitted to this. They said it was for consumer/BIS only. And only confirmed India, the United Arab Emirates and Canada itself.Z30STA100-5 / 10.2.1.3253 / T-Mobile USA

No, they haven't. They built a BIS server in India to comply with the local law.


Posted via CB10

[anon(3993749)]

Sounds like a good BlackBerry Fact Check posting... they need to set the record straight.

They can't talk about anything they discussed/agreed with a country's government.

Posted via CB10

[Tre Lawrence]

I suspect a conclusive answer to the question of backdoors can be answered by someone in the know, like Bla1ze, or even emailing BBRY itself.

I think the answer might be illuminating.

[MarsupilamiX]

They can't talk about anything they discussed/agreed with a country's government.

Posted via CB10

When you sell security and privacy, that's kind of an issue, though.
Especially those 2 things, are HIGHLY image based, when you don't have an open source community who can peer-review your code (not that I would understand even a single line of code, but that's not the point ).

Posted via CB10

[arlene_t]

blackberry phones comes with encryption ability for device and media card encryption. Also just like other phones the password lock.

via Q10

[anon(3993749)]

When you sell security and privacy, that's kind of an issue, though.
Especially those 2 things, are HIGHLY image based, when you don't have an open source community who can peer-review your code (not that I would understand even a single line of code, but that's not the point ).

Posted via CB10

I agree, it is an issue for them. But that's how it is, they simply can't confirm or deny anything. But this does not make them guilty of giving away encryption keys. We don't know what happened there.

Posted via CB10