[Superdupont 2_0]

Iphone 5 is Pretty old. But apart from that both are secure enough.

Posted via CB10

If you would set the maximum possible security level for BB10 and iOS (with both phones on BES or any reasonable MDM solution) and compare these, then any iPhone will lose.
But for most folks this isn't very interesting or important.

[GadgetTravel]

If you would set the maximum possible security level for BB10 and iOS (with both phones on BES or any reasonable MDM solution) and compare these, then any iPhone will lose.
But for most folks this isn't very interesting or important.

The last sentence is really what matters.

[Richard Buckley]

The last sentence is really what matters.

Very true.

For those for whom it does matter, Conite has the right idea.

LeapSTR100-2/10.3.2.2876

[Alain_A]

iPhone will lose.

didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?

[Superdupont 2_0]

didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?

It's never that simple.

You have to be aware of what your particular vulnerabilities are, or what your particular priorities are, and then analyse the alternatives after.

^What he said.

I believe iOS, Android, BBOS and BB10 have been evaluated by hundreds of highly qualified experts in governments/enterprises all over the globe.
Still you see lots of higher management levels or people who have access to valuable information only carrying regular BlackBerry phones, even today.

(The POTUS is carrying a phone that hasn't much to do with a regular BlackBerry, though he probably enjoys the BlackBerry experience, well, sort of).

[conite]

didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?

When managed by an EMM solution (like BES/Good), Apple and hardened-Android (Priv, Knox) are good enough for the vast majority of enterprise and government agencies.

The super-secure high end (which probably number in the tens of thousands) may need something more. I'm curious to find out what they will do once they have to give up their old BBOS devices.

[Gervuoge]

U.S. President Barack Obama used BlackBerry. The last device was Z10 (from the press). It is interesting - what cell phone he is having now. It is BlackBerry ?
His Z10 was highly modified by NSA, as I remember.

[Richard Buckley]

The super-secure high end (which probably number in the tens of thousands) may need something more. I'm curious to find out what they will do once they have to give up their old BBOS devices.

Some are starting to transition to BB10.

LeapSTR100-2/10.3.2.2876

[anon(8865116)]

I wouldn't be surprised if iOS or Android reaches the POTUS level soon. The only thing Blackberry really has going for them is that they're not an American company... although Germany did ask them for source code so I'm not sure if nationality makes much of a difference anymore.

They also have connections at every level of regulated industries with certifications to boot, but the government moves slow, and the competition will catch up if the ROI is there. I'm curious to see if this is something Blackberry even wants to own and dominate going forward. They keep saying they will support IOT device management going forward but a lot of IOT devices might get bought out by the big players like Apple/Google and they could prevent Blackberry from managing these devices effectively without jumping through hoops. I also think MDM will probably get rolled into a software bundle like Microsoft 365. I believe JC alluded to this on his earnings conference call that other mdm providers were essentially offering this service for free going forward. I wonder if this will really be a profitable venture for Blackberry going forward (handset security) or if it's just something to do until the next big thing comes around. My guess is the latter. I want to see IOT security, because right now, it's non existent.

[Doggerz]

So, please summarize - is iPhone more secure or BlackBerry?
For example, which more secure - iPhone 5 or BlackBerry Q10?

SSL, AES, 3rd layer crypts etc., etc. bla, bla, bla... sounds interesting when you are comparing but I am not the IT guy, so it says nothing to me. I just want to lnow which is more secure.

Posted via CB10

Newest iPhone compared to any phone ever made by BB I'd take the iPhone. One company offers no assistance to lawful requests and one does. Chen hates privacy and is dodgy with his answers and wants it both ways.

Chen can get into your physicsl phone as well as monitor BES and other traffic. Chen's statements make your question easy to answer. Blackberry isnt safe or secure or private.

Xperia Z5P / Android 5.1.1 / T-Mobile USA

[PygmySurfer]

That is not an option. When you have just two platforms that collect all your data and going on the Internet now is absolutely necessary to make a living, you have no option. Your data or the cave!

I was going to argue this, but you're right - short of turning off cookies entirely, and not creating a login on any website, you're being tracked whether you like it or not. You might be able to limit your exposure by always browsing with Private Browsing/Incognito mode enabled, but I doubt you could ever hide yourself completely, short of disconnecting entirely.

If you don't create online accounts with your real info (Name, Address, etc) they at least may not be able to link the profile they've built back to an actual person.

[PygmySurfer]

No. The opposite of that. The Apple case shows that there is a way around the encryption if simple short passwords are permitted and used. Even attempt and rate limiting the entries can be overcome apparently if the OS maker can be made to build a custom tool OS to circumvent that.

In the San Bernardino case if the phones owner used a sufficiently long and complex password then Apple wouldn't even be able to get in from what we know.

Note that what the FBI is asking is not to attack the encryption but to defeat a separate security measure in order to grant unlimited password attempts.

Posted via the CrackBerry App for Android

Actually, password length has no bearing on this - a longer password would only increase the length of time it takes to unlock the device, not prevent it's unlocking entirely.

However, all of this only applies to older iOS devices. Starting with the iPhone 5s, all of the security functions were moved into the secure enclave. Rate limiting, max attempts, etc are all hard coded into the hardware, vs. being implemented by the OS. Apple could theoretically load a modified OS that removes the rate limiting and throttling of password attempts onto an iPhone 5 or older device, but they can not do this for an iPhone 5s or later device.

One other change the FBI wants from Apple is to allow passcodes to be input via the USB interface - I'm unsure if the Secure Enclave would prevent this type of input method or not.

I'm curious to know how BlackBerry's security compares (particularly BB10's).

[PygmySurfer]

Newest iPhone compared to any phone ever made by BB I'd take the iPhone. One company offers no assistance to lawful requests and one does.

Apple provides plenty of assistance to law enforcement - likely far more than BlackBerry ever does, simply by the volume of requests alone.

Privacy - Government Information Requests - Apple (CA)

Apple is far more transparent with consumers than BlackBerry in this regard, however. I believe John Chen is suggesting they will cooperate with the government to provide metadata on transactions across BlackBerry's network to governments, and not the contents of messages/devices. This is the same kind of thing Apple regularly provides.

Chen hates privacy and is dodgy with his answers and wants it both ways.

Citation needed.

Chen can get into your physicsl phone as well as monitor BES and other traffic. Chen's statements make your question easy to answer. Blackberry isnt safe or secure or private.

Citation needed again.

[GadgetTravel]

didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?

I think it was the Navy.

[southlander]

Actually, password length has no bearing on this - a longer password would only increase the length of time it takes to unlock the device, not prevent it's unlocking entirely.

However, all of this only applies to older iOS devices. Starting with the iPhone 5s, all of the security functions were moved into the secure enclave. Rate limiting, max attempts, etc are all hard coded into the hardware, vs. being implemented by the OS. Apple could theoretically load a modified OS that removes the rate limiting and throttling of password attempts onto an iPhone 5 or older device, but they can not do this for an iPhone 5s or later device.

One other change the FBI wants from Apple is to allow passcodes to be input via the USB interface - I'm unsure if the Secure Enclave would prevent this type of input method or not.

I'm curious to know how BlackBerry's security compares (particularly BB10's).

Yes. There's an 80 ms processing time to any entry attempt. If you make the number of possible passwords sufficiently high just by using a longer password, then it makes them time needed amazingly high. Of course it doesn't mean it's not possible to unlock it. Just maybe not in our lifetimes.

Yes Apples newer phones are not susceptible. Though they don't have to be in that way for the security to be circumvented. Being as Apple has the ability to push OS updates they could be made to push a Trojan to a specific phone that simply waits for the user to unlock the phone , then copy the data off to the cloud surreptitiously. As long as any party can install OS updates onto a phone there is theoretically a way to get data.

Posted via the CrackBerry App for Android

[bobshine]

Newest iPhone compared to any phone ever made by BB I'd take the iPhone. One company offers no assistance to lawful requests and one does. Chen hates privacy and is dodgy with his answers and wants it both ways.

Chen can get into your physicsl phone as well as monitor BES and other traffic. Chen's statements make your question easy to answer. Blackberry isnt safe or secure or private.

Xperia Z5P / Android 5.1.1 / T-Mobile USA

Apple has offer plenty of assistance to lawful request! Tim Cook even confirmed that they assisted law enforcement into "hacking" IPhones in order the recover data. So... What do you think now?

Posted via CB10

[southlander]

Whether the NSA could get meaningful access (with or without BlackBerry's help) is a mystery, but if it could we would not know about it. NSA would not reveal that capability, that advantage in a local or federal court just because someone might have information about drug dealing or other alleged contraband on his BlackBerry.

I use a long, complex password just in case, with my reasoning being that if a short, simple one was good enough, the option to use a long, complex one would not be there.

The password thing is just math and how many possible passwords there are assuming a brute force method.

Theoretically your data is never 100% safe no matter what. The OS enforces security and the OS can be modified by Apple, etc. Apple could just wait for you to unlock (ie. decrypt) your device and then copy whatever it wants off of it. Kinda like those banking tokens where you need to enter your password and also a randomly generated ever changing code from your token. The hackers just wrote viruses to sit in the background on your PC and silently submit form data, and then monitor the response from the bank website (testing for logged in = yes or no). Once you do all the fancy security stuff and get logged in the virus goes to work in the background and cleans out your account.

I suppose on an iPhone you could just never ever ever install any updates once you lock things down. But then there's no way to know what's already in the OS without the source code.

[sorinv]

The password thing is just math and how many possible passwords there are assuming a brute force method.

Theoretically your data is never 100% safe no matter what. The OS enforces security and the OS can be modified by Apple, etc. Apple could just wait for you to unlock (ie. decrypt) your device and then copy whatever it wants off of it. Kinda like those banking tokens where you need to enter your password and also a randomly generated ever changing code from your token. The hackers just wrote viruses to sit in the background on your PC and silently submit form data, and then monitor the response from the bank website (testing for logged in = yes or no). Once you do all the fancy security stuff and get logged in the virus goes to work in the background and cleans out your account.

I suppose on an iPhone you could just never ever ever install any updates once you lock things down. But then there's no way to know what's already in the OS without the source code.

Last time I updated my enterprise Suse Linux laptop was 4 years ago when I bought it.

[PygmySurfer]

Yes. There's an 80 ms processing time to any entry attempt. If you make the number of possible passwords sufficiently high just by using a longer password, then it makes them time needed amazingly high. Of course it doesn't mean it's not possible to unlock it. Just maybe not in our lifetimes.

True, but in this case, the device will self-destruct (erase all data) after 10 attempts, so the password length is of minimal impact. If you remove that 10 attempt limit, you're looking at 13.3 minutes to input all 4 digit pin possibilities, and 22.2 hours to input all 6 digit pin possibilities - not really all that long, in the grand scheme of things. If you used a phrase of some sort, you'd obviously be better off, however, the inconvenience of inputting it would likely outweighs the security benefits for most people (especially if we re-enable the 10 attempt limits).

Yes Apples newer phones are not susceptible. Though they don't have to be in that way for the security to be circumvented. Being as Apple has the ability to push OS updates they could be made to push a Trojan to a specific phone that simply waits for the user to unlock the phone , then copy the data off to the cloud surreptitiously. As long as any party can install OS updates onto a phone there is theoretically a way to get data.

Apple devices do not automatically install OTA updates without user intervention. So, they would have to first install a legit upgrade, that removes the prompt to install an update, and then push the trojan to the specific device they want to hack. Also, Apple devices pull the update from the server, rather than have it pushed to the device from the server. I do not believe there is any way for Apple to target a specific device with a specific update. The best they could do is put an update on the server, and have all devices that connect install the bad version, and I don't foresee that happening for obvious reasons. The only way it could potentially work would be to put the device into DFU mode, and load the new OS via USB, while somehow retaining the data on the device. This is what the FBI wants, and Apple is refusing to provide.

[PygmySurfer]

Last time I updated my enterprise Suse Linux laptop was 4 years ago when I bought it.

What's your IP address?

[Doggerz]

Apple has offer plenty of assistance to lawful request! Tim Cook even confirmed that they assisted law enforcement into "hacking" IPhones in order the recover data. So... What do you think now?

Posted via CB10

I don't think it's true. Unless both Tim Cook and the FBI are lying and in cahoots.

Hey, Chen works for the CIA, would that be something you're interested in? What do you think of that?

Xperia Z5P / Android 5.1.1 / T-Mobile USA

[Richard Buckley]

Apple devices do not automatically install OTA updates without user intervention. So, they would have to first install a legit upgrade, that removes the prompt to install an update, and then push the trojan to the specific device they want to hack. Also, Apple devices pull the update from the server, rather than have it pushed to the device from the server. I do not believe there is any way for Apple to target a specific device with a specific update. The best they could do is put an update on the server, and have all devices that connect install the bad version, and I don't foresee that happening for obvious reasons. The only way it could potentially work would be to put the device into DFU mode, and load the new OS via USB, while somehow retaining the data on the device. This is what the FBI wants, and Apple is refusing to provide.

I haven't read Apple's security white papers myself, but there are others who have, whom I trust, who whave written that Apple devices will download a properly formed update without user action. If this were not true Apple could have simply responded in court that they could not do what was asked. Then the FBI would have to prove that Apple could. This isn't what Apple has done, which I believe pretty clearly indicates that, at least for this specific phone, they are able to do exactly what has been asked.

LeapSTR100-2/10.3.2.2876

[Richard Buckley]

I don't think it's true. Unless both Tim Cook and the FBI are lying and in cahoots.

Hey, Chen works for the CIA, would that be something you're interested in? What do you think of that?

Xperia Z5P / Android 5.1.1 / T-Mobile USA

Well this is what Apple has said in one of their transparency reports: https://www.apple.com/ca/privacy/gov...requests/#mn_p

When we receive information requests, we require that it be accompanied by the appropriate legal documents such as a subpoena or search warrant. We believe in being as transparent as the law allows about what information is requested from us. We carefully review any request to ensure that there�s a valid legal basis for it. And we limit our response to only the data law enforcement is legally entitled to for the specific*investigation.

LeapSTR100-2/10.3.2.2876

[bobshine]

I don't think it's true. Unless both Tim Cook and the FBI are lying and in cahoots.

Hey, Chen works for the CIA, would that be something you're interested in? What do you think of that?

Xperia Z5P / Android 5.1.1 / T-Mobile USA

They did... and Apple had been very transparent about it.

Many times, they provided assistance by extracting and providing multiple copies of non volatile memories so that the authorities can brute force attack it.

They also decrypt and provided icloud backups for authorities. Apple had been very transparent about how they help law enforcement.


Posted via CB10

[bobshine]

So the FBI hacked into the iPhone with the assistance of an outside firm.

Posted via CB10