[Maxxxpower]

Isn't bbm more secure than apps like WhatsApp and others?
Even without bis?

Nope. iMessage offers end-to-end encryption and is therefore more secure than "regular" BBM. Whatsapp on Android offers end-to end-encryption, too, but uploads the numbers of your contacts. BBMs can be read be various governments or agencies as Blackberry a) granted them access to BBMs or b) they found out how to read them.

[MmmHmm]

Some people are saying that BB10 cannot be rooted, but android can (and ios can be jailbroken). I'm not clear on the reasons that makes BB10 more secure. If I'm an android user, in what ways am I more vulnerable to hacks due to the ability to root? Are hackers out there rooting phones remotely and getting data, or rooting stolen phones and getting data?

In other words, how are hackers actually using the ability to root competing OS's in ways that are impossible on BB10?

[Dave Bourque]

Some people are saying that BB10 cannot be rooted, but android can (and ios can be jailbroken). I'm not clear on the reasons that makes BB10 more secure. If I'm an android user, in what ways am I more vulnerable to hacks due to the ability to root? Are hackers out there rooting phones remotely and getting data, or rooting stolen phones and getting data?

In other words, how are hackers actually using the ability to root competing OS's in ways that are impossible on BB10?

Root access to an OS = hackers can take advantage of that too.

Posted via CB10

[Soulstream]

Root access to an OS = hackers can take advantage of that too.

Posted via CB10

True, but rooting Android or jailbreaking iOS requires physical access to the device. Also rooting an Android device all user data on the phone.

I haven't heard of a remote hack yet that can root/jailbreak a phone.

[Dave Bourque]

True, but rooting Android or jailbreaking iOS requires physical access to the device. Also rooting an Android device all user data on the phone.

I haven't heard of a remote hack yet that can root/jailbreak a phone.

I think if you are already rooted or jailbroken that's when the vulnerabilities rise exponentially. That's when hackers can do real damage.

Posted via CB10

[Soulstream]

I think if you are already rooted or jailbroken that's when the vulnerabilities rise exponentially. That's when hackers can do real damage.

Posted via CB10

Couldn't agree more. But most who do this know the risks of doing it. It is your choice to do it and nobody forces you to. If someone hack me because I rooted a phone it is not Android's/iOS's fault; it is mine because I intentionally compromised the security of my device.

[Deckard79]

Ask xsacha how secure he thinks BB10 is... :-P

Posted via CB10

[Dave Bourque]

Ask xsacha how secure he thinks BB10 is... :-P

Posted via CB10

Last time I checked the vulnerabilities he mentioned were relating to BBW not BB10 directly.

Posted via CB10

[Deckard79]

Last time I checked the vulnerabilities he mentioned were relating to BBW not BB10 directly.

Posted via CB10

BBW is a part of BB10. He was able to access the account that BlackBerry themselves use to issue app/component updates, which seems very, very insecure to me.

Posted via CB10

[Dave Bourque]

BBW is a part of BB10. He was able to access the account that BlackBerry themselves use to issue app/component updates, which seems very, very insecure to me.

Posted via CB10

We're talking about the OS. BBW is not part of the OS. And can be accessed directly from the web.

Posted via CB10

[Deckard79]

We're talking about the OS. BBW is not part of the OS. And can be accessed directly from the web.

Posted via CB10

Can BBW be uninstalled from the OS?

Here's a scenario:

Hacker X finds he can access BBW as BlackBerry, with full permissions to delete/modify/push applications.

X develops/modifies app and publishes.

Change appears as update on BBW and is applied by thousands.

It is a route into the OS and as such is a major security loophole.

Posted via CB10

[The Big Picture]

Can BBW be uninstalled from the OS?

Here's a scenario:

Hacker X finds he can access BBW as BlackBerry, with full permissions to delete/modify/push applications.

X develops/modifies app and publishes.

Change appears as update on BBW and is applied by thousands.

It is a route into the OS and as such is a major security loophole.

Posted via CB10

To be able to see whats going on in the back end is one thing but to add, modify apps on bbw is on a whole other level. Im pretty sure you need to go through more security if you want to edit, delete or add a file.

Think of it as read only access rather than full permissions and ownership.

Also im pretty sure its been patched by now just like how apple's icloud has been patched.

Posted via CB10

[Deckard79]

To be able to see whats going on in the back end is one thing but to add, modify apps on bbw is on a whole other level. Im pretty sure you need to go through more security if you want to edit, delete or add a file.

Think of it as read only access rather than full permissions and ownership.

Posted via CB10

The screenshots xsacha posted showed core BB10 apps accessed via BlackBerry's account and with options to delete/update etc.

That's bad.

And I don't buy the 'it's only BBW so it doesn't count' argument for one moment.

Posted via CB10

[MADBRADNYC]

I could be wrong, but I always thought BBW was an app that allows purchasing and record keeping of other apps. And, not part of BB10. It's another app on the device. If BBW was an actual part of BB10, then what's running on BBOS legacy devices using BBW?

Posted via CB10

[Deckard79]

I could be wrong, but I always thought BBW was an app that allows purchasing and record keeping of other apps. And, not part of BB10. It's another app on the device. If BBW was an actual part of BB10, then what's running on BBOS legacy devices?

Posted via CB10

It's also a means to push app/OS component updates. Hence, accessing BBW as BlackBerry with little or no trouble and being greeted with options to pull/modify/push apps at will is a very, very big exploit.

The fact is that we do not know if it has been fixed. We do know that the exploit was so blatant and obvious that it's alarming it was ever there in the first place. We also know that BlackBerry's initial responses/attempts to close the exploit (prior to giving xsacha the cold shoulder) were somewhat laughable (he posted the email exchanges).

Posted via CB10

[MADBRADNYC]

It's also a means to push app/OS component updates. Hence, accessing BBW as BlackBerry with little or no trouble and being greeted with options to pull/modify/push apps at will is a very, very big exploit.

The fact is that we do not know if it has been fixed. We do know that the exploit was so blatant and obvious that it's alarming it was ever there in the first place. We also know that BlackBerry's initial responses/attempts to close the exploit (prior to giving xsacha the cold shoulder) were somewhat laughable (he posted the email exchanges).

Posted via CB10

I have no idea about all of that. There's a lot of reaching and dot connecting there. I was just addressing your statement that BBW is part of the BB10 OS. Which it is not, IMO. Do you still believe that it is?

Posted via CB10

[Deckard79]

I have no idea about all of that. There's a lot of reaching and dot connecting there. I was just addressing your statement that BBW is part of the BB10 OS. Which it is not, IMO. Do you still believe that it is?

Posted via CB10

Yes I absolutely believe it is. It's a component of the core BB10 installation and is on everyone's device.

Posted via CB10

[MADBRADNYC]

Yes I absolutely believe it is. It's a component of the core BB10 installation and is on everyone's device.

Posted via CB10

So how is BBW installed on legacy devices? They are surely not running BB10, correct? Don't you think it's obviously an app that can be utilized on at least 2 totally different operating systems?

Posted via CB10

[Deckard79]

So how is BBW installed on legacy devices? They are surely not running BB10, correct? Don't you think it's obviously an app that can be utilized on at least 2 totally different operating systems?

Posted via CB10

BBW on OS7 and BBW on BB10 are entirely different code. They are the same in name only.

However, 'BBW' (previously App World) is a component of OS7.

Both are parts of each respective OS.

Hub is packaged up as an 'app' as well in OS releases but that does not make it any less an integral part of the operating system.

Posted via CB10

[MADBRADNYC]

BBW on OS7 and BBW on BB10 are entirely different code. They are the same in name only.

However, 'BBW' (previously App World) is a component of OS7.

Both are parts of each respective OS.

Hub is packaged up as an 'app' as well in OS releases but that does not make it any less an integral part of the operating system.

Posted via CB10

http://en.m.wikipedia.org/wiki/BlackBerry_World

OK. You can believe what you wish. But the facts indicates that belief is incorrect. Saying something multiple times does not make it true.

You can clearly see that it is a digital storefront to purchase apps on BBOS, BB10, and the PBOS. It's even written in different languages according to which OS it is running on (Java, C++, Cascades). It is not part of any operating system. It is run on top of the operating system to purchase and keep a record of other apps on those operating systems.

Posted via CB10

[Prem WatsApp]

The Playbook was rooted pretty quick to refresh your memory. DingleBerry I believe it was called. Also, no one wastes their time trying hack number 3 or 4, look at Microsoft. Windows is by far the number one desktop out there, and has way more viruses, malware, vulnerabilities than let's say OS X...

Android...?

http://www.infosecurity-magazine.com...rgets-android/

This hasn't really changed since the article was written... :-)

�   Telstra + Classic, Optus + PP, AT&T + PP , Verizon + Classic... why the mix, Mr. Fix?   �

[Deckard79]

http://en.m.wikipedia.org/wiki/BlackBerry_World

OK. You can believe what you wish. But the facts indicates that belief is incorrect. Saying something multiple times does not make it true.

You can clearly see that it is a digital storefront to purchase apps on BBOS, BB10, and the PBOS. It's even written in different languages according to which OS it is running on (Java, C++, Cascades). It is not part of any operating system. It is run on top of the operating system to purchase and keep a record of other apps on those operating systems.

Posted via CB10

Likewise, posting a Wikipedia URL that neither proves your theory or disproves mine does not make your statement factual.

An application that is distributed as a part of what makes up the BlackBerry 10 operating system is, unsurprisingly, a part of the Operating System.

An operating system is comprised of multiple applications. Look back at DOS and see the multitude of executable files distributed as a part of it. Likewise every popular OS in use.

Your argument is also utterly besides the point. The question is whether BB10 is secure. If BlackBerry World provides an easily exploitable backdoor, then BB10 isn't secure.

Posted via CB10

[MADBRADNYC]

Likewise, posting a Wikipedia URL that neither proves your theory or disproves mine does not make your statement factual.

An application that is distributed as a part of what makes up the BlackBerry 10 operating system is, unsurprisingly, a part of the Operating System.

An operating system is comprised of multiple applications. Look back at DOS and see the multitude of executable files distributed as a part of it. Likewise every popular OS in use.

Your argument is also utterly besides the point. The question is whether BB10 is secure. If BlackBerry World provides an easily exploitable backdoor, then BB10 isn't secure.

Posted via CB10

Well at least I supplied something to back up what I stayed. Have you? Or you just could find anything?

Well I've seen no link or proof supplied by you for any confirmations of what you are stating. So I will have to go with the Wiki article. Which gets the references from BlackBerry.

You can change subjects, and theories, but until you find something (anything) to prove your belief...

Posted via CB10

[Deckard79]

Well at least I supplied something to back up what I stayed. Have you? Or you just could find anything?

Well I've seen no link or proof supplied by you for any confirmations of what you are stating. So I will have to go with the Wiki article. Which gets the references from BlackBerry.

You can change subjects, and theories, but until you find something (anything) to prove your belief...

Posted via CB10

Install Windows on a machine. Load the Task Manager (an application, incidentally).

Look at the list of executable processes running in the background.

Now look at your desktop, and the list of items already in the start menu.

These executable files, background services and applications are what comprise the Windows operating system.

It's not a 'belief'. I am a software developer. I build software that utilises libraries and services that are a part of an OS.

If an Internet Explorer security exploit grants someone control of a system, does that not count either? Is Windows XP secure, too?

Posted via CB10

[MADBRADNYC]

Oh boy! I'm afraid of a software developer that is referencing a windows machine, but NOT the BB10 OS that he initially spoke about. Wow. Unbelievable.

You're right, I'm wrong...

That brick wall is thick!

Lololol



Posted via CB10