07-25-11 06:12 PM
75 123
tools
  1. IAmBBJosh's Avatar
    Yeah, that's what I was referring to, jailbreaking and rooting, after you do that I believe you can still recover data.

    I much prefer to rely on the wipe that is done after the wrong password is entered too many times. Remote wipe sounds fancy but in reality all one have to do is remove the simcard from the device and the remote wipe is not possible anymore. It's a bit of a false sense of security.

    Posted from my CrackBerry at wapforums.crackberry.com
    You can recover data, but the data was encrypted.

    You can set the iPhone to do a full wipe after you enter the wrong password 10 times as well, but the remote wipe will also go through any other SIM card or WiFi network the phone uses, and if you've nicked a phone you're probably not smart enough to recover data or hack past the passcode screen anyway, so you'll take the original SIM out and put another one in or hook up to a WiFi network at some point, and when that happens, the remote wipe will initiate.

    BTW, with GMail IMAP on the iPhone, SSL is used throughout the entire communication process, with no middleman server between GMail and the phone. This is a more secure setup than the BIS, though probably inferior to the BES, depending on the setup of the BES server in question.

    At the end of the day, nothing is 100% secure. BlackBerry devices are quite close, but there's always a way in to anything, as demonstrated by the Torch browser hack. iPhones do not have security as a priority, but they still have fairly good measures in place which are, at the very least, enough to keep a thief out of your data. Android phones are pretty much the least secure phones on the market.

    If I had top secret confidential information I didn't want to get into anyone else's hands as a matter of urgency, I'd likely keep it in a BES connected BlackBerry. The devices are the most secure, as is the BES setup. But the BIS offers lackluster security in comparison in terms of encryption as the data passes through. For this reason, I wouldn't trust that protocol as much.

    The protocol of simple direct IMAP (mail server > client as opposed to mail server > BIS > client) with SSL enabled is more trustworthy than the BIS IMO.

    So, really, it depends where you stand. The devices are the most secure but the BIS protocol has flaws. And I'm just rambling now, so I'll shut up
    06-01-11 06:02 AM
  2. belfastdispatcher's Avatar
    You can recover data, but the data was encrypted.

    You can set the iPhone to do a full wipe after you enter the wrong password 10 times as well, but the remote wipe will also go through any other SIM card or WiFi network the phone uses, and if you've nicked a phone you're probably not smart enough to recover data or hack past the passcode screen anyway, so you'll take the original SIM out and put another one in or hook up to a WiFi network at some point, and when that happens, the remote wipe will initiate.

    BTW, with GMail IMAP on the iPhone, SSL is used throughout the entire communication process, with no middleman server between GMail and the phone. This is a more secure setup than the BIS, though probably inferior to the BES, depending on the setup of the BES server in question.

    At the end of the day, nothing is 100% secure. BlackBerry devices are quite close, but there's always a way in to anything, as demonstrated by the Torch browser hack. iPhones do not have security as a priority, but they still have fairly good measures in place which are, at the very least, enough to keep a thief out of your data. Android phones are pretty much the least secure phones on the market.

    If I had top secret confidential information I didn't want to get into anyone else's hands as a matter of urgency, I'd likely keep it in a BES connected BlackBerry. The devices are the most secure, as is the BES setup. But the BIS offers lackluster security in comparison in terms of encryption as the data passes through. For this reason, I wouldn't trust that protocol as much.

    The protocol of simple direct IMAP (mail server > client as opposed to mail server > BIS > client) with SSL enabled is more trustworthy than the BIS IMO.

    So, really, it depends where you stand. The devices are the most secure but the BIS protocol has flaws. And I'm just rambling now, so I'll shut up
    Lol, don't, you seem to know your stuff.

    Isn't Gmail on BIS imap as well? At one point I did have my gmail set up using imap settings instead of the gmail plugin, you kind of had to trick the system, enter a random email address and password and then the BIS site would ask you for more details. That's where you could set up gmail as imap.
    Anyway, my work email that I get from www.1and1.co.uk is set up as imap on my blackberry with the SSL box ticked. Going from pop3 set up to imap set up made my email delivery instant as opposed to the up to 15 minutes wait previously.

    Posted from my CrackBerry at wapforums.crackberry.com
    06-01-11 06:17 AM
  3. IAmBBJosh's Avatar
    Lol, don't, you seem to know your stuff.

    Isn't Gmail on BIS imap as well? At one point I did have my gmail set up using imap settings instead of the gmail plugin, you kind of had to trick the system, enter a random email address and password and then the BIS site would ask you for more details. That's where you could set up gmail as imap.
    Anyway, my work email that I get from www.1and1.co.uk is set up as imap on my blackberry with the SSL box ticked. Going from pop3 set up to imap set up made my email delivery instant as opposed to the up to 15 minutes wait previously.

    Posted from my CrackBerry at wapforums.crackberry.com
    Historically, GMail and the BIS weren't exactly best friends, but these days you just do a CAPTCHA verification thing on the GMail account and you can set it up as you do with any other e-mail account on the BIS.

    I have to now admit I don't know the intricate details of how GMail and the BIS work together, but as I understand it, BIS e-mail in general works by telling RIM's servers to check for e-mail on your account then forwarding any new messages to your device. Since the e-mail on a BlackBerry has always been true push, I wouldn't have thought RIM would use the IMAP protocol, but I could very well be wrong.

    I think the IMAP system you're referring to might be the GMail app, which, like the one I had on my old Nokia, pulls your e-mail from Google using fast refresh rates. When I used it, there was no true push, but it had the same effect for this reason. However, I believe Google has since enabled true push for GMail on all devices. I set it up on my iPhone's default Mail app before, but it was in beta at the time and wasn't reliable, so I took it off and never really found a need to enable it again.

    If anyone reading this knows more than we do, please do weigh in here.

    BTW, as a side note, I'd like to say how much I like the BlackBerry user community on this forum. Apple and Android fanboys are always going mad whenever anyone says a bad word about their platform, but a general theme I've noticed here is that discussing the merits of different platforms doesn't warrant having your head chopped off by ravenous fanboys. It's a pleasant change
    06-01-11 06:39 AM
  4. belfastdispatcher's Avatar
    I have a feeling the (limited) imap is implemented at server level not on the device itself. This helped my work account a lot, deleted and read (or marked unread after reading) emails sync from device to outlook.

    Gmail on blackberry does have extra functionalities although they're a bit hidden within the gmail account inbox. Examples: menu/filter brings you to your list of folders that can be accessed except the spam folder and when you highlight an email press menu/report as spam the email gets removed from device and you will never receive emails on your blackberry from that sender again.
    Another feature is remote search to access all your older emails.
    Also there's contacts and calendar sync now.

    Posted from my CrackBerry at wapforums.crackberry.com
    06-01-11 07:30 AM
  5. IAmBBJosh's Avatar
    I have a feeling the (limited) imap is implemented at server level not on the device itself. This helped my work account a lot, deleted and read (or marked unread after reading) emails sync from device to outlook.

    Gmail on blackberry does have extra functionalities although they're a bit hidden within the gmail account inbox. Examples: menu/filter brings you to your list of folders that can be accessed except the spam folder and when you highlight an email press menu/report as spam the email gets removed from device and you will never receive emails on your blackberry from that sender again.
    Another feature is remote search to access all your older emails.
    Also there's contacts and calendar sync now.

    Posted from my CrackBerry at wapforums.crackberry.com
    That would make sense since read messages appear as read on my BB, but only after a delay.

    I don't see a lot of the options you mention there, though. I see filter by subject and sender, but no list of filters or mark as spam option. Maybe it's just not programmed into OS5? Or my particular version? I'm not really too bothered either way, so it's not a big deal, but I am curious. Since you have a 9700, I assume you have OS6?

    I do have contact sync turned on, though. Very handy.
    06-01-11 07:36 AM
  6. belfastdispatcher's Avatar
    That would make sense since read messages appear as read on my BB, but only after a delay.

    I don't see a lot of the options you mention there, though. I see filter by subject and sender, but no list of filters or mark as spam option. Maybe it's just not programmed into OS5? Or my particular version? I'm not really too bothered either way, so it's not a big deal, but I am curious. Since you have a 9700, I assume you have OS6?

    I do have contact sync turned on, though. Very handy.
    I am on OS6 but I remember this working on OS5 as well, mybe you need to delete you email account and set it up again. You have to go to your gmail inbox, this is not available from the messages inbox. I just remembered, now you can also ad star to an email, this will sync too.

    Posted from my CrackBerry at wapforums.crackberry.com
    06-01-11 07:45 AM
  7. IAmBBJosh's Avatar
    I am on OS6 but I remember this working on OS5 as well, mybe you need to delete you email account and set it up again. You have to go to your gmail inbox, this is not available from the messages inbox. I just remembered, now you can also ad star to an email, this will sync too.

    Posted from my CrackBerry at wapforums.crackberry.com
    Oh yes, I was doing it through my messages inbox. In the GMail account's inbox I see all the options, and threaded conversations too. Nice.
    06-01-11 08:04 AM
  8. belfastdispatcher's Avatar
    Oh yes, I was doing it through my messages inbox. In the GMail account's inbox I see all the options, and threaded conversations too. Nice.
    OS6 has the threaded messages now for all email accounts, they get grouped my subject not sender, very very usefull.
    With a blackberry you learn something new every day, there's just so many hidden functions.

    Posted from my CrackBerry at wapforums.crackberry.com
    06-01-11 08:11 AM
  9. IAmBBJosh's Avatar
    OS6 has the threaded messages now for all email accounts, they get grouped my subject not sender, very very usefull.
    With a blackberry you learn something new every day, there's just so many hidden functions.

    Posted from my CrackBerry at wapforums.crackberry.com
    True that! I'm always finding new stuff.
    06-01-11 09:10 AM
  10. T
    Not to mention that I can remotely locate and wipe my iPhone, and while I can do that with BlackBerry Protect, BBP does not work on devices with encryption turned on, making it useless.
    The remote wipe stuff is good on any device, but that only works if the connection is on. The reason I don't have BlackBerry Protect is because with BlackBerry's encryption I don't need it. If someone circumvents the password on my BlackBerry (not so hard to do on any device), all he'll end up with is a bunch of encrypted files. (The password itself is actually neccessary to decrypt the files.) And that's what I love about BlackBerry: the security of the data that's stored on the device and media card (if it's set up properly). I think my BlackBerry is actually more secure without BlackBerry Protect or some similar program. At least no one can get remote access!

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by Tnis; 06-21-11 at 09:56 PM.
    06-21-11 09:32 PM
  11. southlander's Avatar
    BB Protect's device location service (or the ones for iPhone and Android) may be of little use anyhow. I remember reading a story about all the cabbies in large cities have a channel to sell lost smartphones and devices. They know the going rate for each device. First thing they do is * pull the battery * to foil any geolocating apps. So then in this respect the iPhone's non removable battery is a plus. But then they'll just stick those in a metal box to block the signal right?

    Posted from my CrackBerry at wapforums.crackberry.com
    06-21-11 09:51 PM
  12. mobibiz's Avatar
    I see that the question has been more than adequately answered, No other device available in the consumer market is as secure as the BlackBerry.
    06-22-11 01:30 AM
  13. qbnkelt's Avatar

    As for Google, they need to mine your data to make money, but the data they hold is stored very safely and, from what I understand, it isn't linked to a perticular individual but an IP address and a cookie. Of course, if you use GMail, Google Docs, and other Google services, they'll have more information on you than they would otherwise, but they do seem to take privacy seriously.

    I wasn't going to bet into this because really, Branta just said everything I was going to say.

    But that piece I would address. Google has had several instances of privacy violations. And I don't trust them to hold any data about me safely. I have *never* been involved in a phishing scam....guess what....I got hit with two incidents shortly after I got my Atrix.

    Coincidence? Google fans would say yes. I say otherwise.

    Closed my GMail account. Gave away my Atrix. I do not trust Google or any of their products. I don't trust open source.
    06-22-11 07:08 PM
  14. T
    I wasn't going to bet into this because really, Branta just said everything I was going to say.

    But that piece I would address. Google has had several instances of privacy violations. And I don't trust them to hold any data about me safely. I have *never* been involved in a phishing scam....guess what....I got hit with two incidents shortly after I got my Atrix.

    Coincidence? Google fans would say yes. I say otherwise.

    Closed my GMail account. Gave away my Atrix. I do not trust Google or any of their products. I don't trust open source.
    I agree. The same goes for proprietary stuff that's "free." The way I see it, people I don't pay simply are not accountable to me ... at all, that is. That's why I'm pleased to pay for BIS. Granted paid for services have those pesky end-user agreements, too, but the providers probably have a bit more incentive not to mess around with and alienate paying customers.
    06-22-11 07:26 PM
  15. pittpanthersfan's Avatar
    No other device available in the consumer market is as secure as the BlackBerry.
    I'm currently using an iPhone, but am taking security more seriously and considering BlackBerry, based on it's reputation. I'm not sure though how a BlackBerry on BIS would be step up from my iPhone in terms of security. Am I missing something?

    - Both devices can be wiped after failed password attempts (osxdaily.com/2010/08/12/run-iphone-in-james-bond-mode-set-your-iphone-to-self-destruct-and-erase-all-data-after-failed-password-attempts)
    - Both offer device encryption (support.apple.com/kb/HT4175)
    - Both offer the ability to wipe data remotely (engadget.com/2010/06/18/apple-launches-find-my-iphone-app)
    - Both offer SSL encryption of websites and email (ehow.com/how_6305784_enable-ssl-iphone.html)

    I feel that I've done my homework, read tons of articles, but am still at a loss of how BlackBerry is the more secure platform. I'm aware that BES is a whole other beast. I'm speaking strictly from a consumer standpoint. If someone could clear this up, it would make my decision much easier.
    07-22-11 11:25 PM
  16. jerry12's Avatar
    Like you I am not sure either. I was at a U.S. Cellular store & the tect was working on my BlackBerry & I asked him if the BlackBerry's were more secure than Andriods & he told me a lot more secure so we now don't know what lot means & I didn't think to ask him while at the store.

    Posted from my CrackBerry at wapforums.crackberry.com
    07-23-11 12:03 AM
  17. T
    I'm not a security expert, but from what I've read, BlackBerry device data is secured by the AES. That's what I'm enthusiastic about when it comes to BlackBerry security: AES encryption of all device and media card data. AES is the highest level available. Does Apple provide the same? I doubt it. I went to the Apple link you shared and found the following:

    "Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode.*This provides an additional layer of protection for your email messages and attachments."

    Apple's data protection "enhances the built-in hardware encryption by protecting the hardware encryption keys" with a passcode? Doesn't sound so secure. With BlackBerry's AES, the passcode is an inherent part of the encryption; no one will decrypt a properly encrypted BlackBerry's data without the actual passcode. Can the same be said for Apple? Mobile device passcodes can be circumvented by various means. If someone circumvents the Apple device's passcode, will he be able to decrypt or otherwise meaningfully access the iPhone data directly from the hardware? I don't know. But with BlackBerry, the answer is no; if someone circumvents the BlackBerry device password and accesses the device data directly from the hardware, without the actual passcode he'll just be left with a bunch of encrypted data. The passcode is necessary to decrypt the data.

    Posted from my CrackBerry at wapforums.crackberry.com
    07-23-11 12:08 AM
  18. pittpanthersfan's Avatar
    Thanks, Tnis. Very informative. I'm not sure how far Apple's device encryption goes either, but it sounds like AES-encryption should give BlackBerry users peace-of-mind.
    07-23-11 05:30 AM
  19. T
    Thanks, Tnis. Very informative. I'm not sure how far Apple's device encryption goes either, but it sounds like AES-encryption should give BlackBerry users peace-of-mind.
    You're welcome. Again, it's just my understanding of things. It gives me peace of mind to know that if someone finds, steals, or seizes my device and tries to get access to my data, it's not going to happen unless he knows my passcode. I believe that's a major advantage BlackBerry has over the other platforms.

    But all of what I've said pertains to data that's actually stored on the handset. As far as BIS data that's being transmitted over carrier networks is concerned, I don't think it's much (or any) more secure than any other platform's ordinarily transmitted data. BlackBerry messenger and PIN messages might be (not sure), but I don't think emails are; those are encrypted/secured using the carriers' typical (SSL?) methods and standards that apply all around.
    07-23-11 06:28 AM
  20. pittpanthersfan's Avatar
    So, stories about Saudi Arabia and other nations banning BlackBerry would only affect BES users since BIS has the same security level as any other smartphone? Their concern is with "communications being encrypted," which is not the case through BIS, right?
    07-23-11 10:27 AM
  21. T
    So, stories about Saudi Arabia and other nations banning BlackBerry would only affect BES users since BIS has the same security level as any other smartphone? Their concern is with "communications being encrypted," which is not the case through BIS, right?
    Well, that's why I said I didn't know. To me, it makes sense that BIS bbm and pin messages are encrypted. If they're not, it seems they should be ...

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by Tnis; 07-23-11 at 10:48 AM.
    pittpanthersfan likes this.
    07-23-11 10:43 AM
  22. belfastdispatcher's Avatar
    So, stories about Saudi Arabia and other nations banning BlackBerry would only affect BES users since BIS has the same security level as any other smartphone? Their concern is with "communications being encrypted," which is not the case through BIS, right?
    It was my understanding the Rim can provide a printout of the bbm conversations on BIS with a warrant but no real time monitoring can be done, which was one of the complaints.
    On BES absolutely nothing can be done as everything runs from behind the company's firewall on their server, where the information gets encrypted. Only the company holds the encryption key, Rim does not have it.
    pittpanthersfan likes this.
    07-23-11 10:50 AM
  23. Branta's Avatar
    It was my understanding the Rim can provide a printout of the bbm conversations on BIS with a warrant but no real time monitoring can be done, which was one of the complaints.
    On BES absolutely nothing can be done as everything runs from behind the company's firewall on their server, where the information gets encrypted. Only the company holds the encryption key, Rim does not have it.
    Let me put it this way: Unless the US government is accepting use of a "broken" encryption standard for its secure traffic, the only way to recover the content of BES data is through logging at the BES server - if the operator has configured the logging options. Even there "true realtime" i.e. watching it scroll past on screen as it is transmitted, is not achievable.
    07-23-11 04:33 PM
  24. Tre Lawrence's Avatar
    Let me put it this way: Unless the US government is accepting use of a "broken" encryption standard for its secure traffic, the only way to recover the content of BES data is through logging at the BES server - if the operator has configured the logging options. Even there "true realtime" i.e. watching it scroll past on screen as it is transmitted, is not achievable.
    Interesting. I didn't know that.
    07-23-11 05:25 PM
  25. karaya1's Avatar
    My phone carries all sorts of very important documents and records that i would be horrified if someone were to get there hands on.

    Based on the information available regarding security and encryption of the current crop of mobile devices, i would NOT trust another device to keep that information locked down.

    It is a major sticking point for me.

    I have NOT been able to break into my phone when i have gave it a go.
    My friends android with a simple finger swipe security code was easily defeated once hooked up to my fedora thinkpad. I could have taken any of his stored files i wanted.
    07-25-11 06:12 PM
75 123
LINK TO POST COPIED TO CLIPBOARD