04-18-16 12:33 AM
292 ... 9101112
tools
  1. Superdupont 2_0's Avatar
    Iphone 5 is Pretty old. But apart from that both are secure enough.

    Posted via CB10
    If you would set the maximum possible security level for BB10 and iOS (with both phones on BES or any reasonable MDM solution) and compare these, then any iPhone will lose.
    But for most folks this isn't very interesting or important.
    TgeekB likes this.
    02-29-16 09:06 AM
  2. GadgetTravel's Avatar
    If you would set the maximum possible security level for BB10 and iOS (with both phones on BES or any reasonable MDM solution) and compare these, then any iPhone will lose.
    But for most folks this isn't very interesting or important.
    The last sentence is really what matters.
    02-29-16 09:11 AM
  3. Richard Buckley's Avatar
    The last sentence is really what matters.
    Very true.

    For those for whom it does matter, Conite has the right idea.

    LeapSTR100-2/10.3.2.2876
    02-29-16 09:40 AM
  4. Alain_A's Avatar
    iPhone will lose.
    didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?
    02-29-16 09:43 AM
  5. Superdupont 2_0's Avatar
    didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?

    It's never that simple.

    You have to be aware of what your particular vulnerabilities are, or what your particular priorities are, and then analyse the alternatives after.

    ^What he said.

    I believe iOS, Android, BBOS and BB10 have been evaluated by hundreds of highly qualified experts in governments/enterprises all over the globe.
    Still you see lots of higher management levels or people who have access to valuable information only carrying regular BlackBerry phones, even today.

    (The POTUS is carrying a phone that hasn't much to do with a regular BlackBerry, though he probably enjoys the BlackBerry experience, well, sort of).
    02-29-16 09:58 AM
  6. conite's Avatar
    didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?
    When managed by an EMM solution (like BES/Good), Apple and hardened-Android (Priv, Knox) are good enough for the vast majority of enterprise and government agencies.

    The super-secure high end (which probably number in the tens of thousands) may need something more. I'm curious to find out what they will do once they have to give up their old BBOS devices.
    02-29-16 10:11 AM
  7. Gervuoge's Avatar
    U.S. President Barack Obama used BlackBerry. The last device was Z10 (from the press). It is interesting - what cell phone he is having now. It is BlackBerry ?
    His Z10 was highly modified by NSA, as I remember.
    02-29-16 10:59 AM
  8. Richard Buckley's Avatar

    The super-secure high end (which probably number in the tens of thousands) may need something more. I'm curious to find out what they will do once they have to give up their old BBOS devices.
    Some are starting to transition to BB10.

    LeapSTR100-2/10.3.2.2876
    Last edited by Richard Buckley; 02-29-16 at 12:58 PM.
    02-29-16 12:33 PM
  9. anon(8865116)'s Avatar
    I wouldn't be surprised if iOS or Android reaches the POTUS level soon. The only thing Blackberry really has going for them is that they're not an American company... although Germany did ask them for source code so I'm not sure if nationality makes much of a difference anymore.

    They also have connections at every level of regulated industries with certifications to boot, but the government moves slow, and the competition will catch up if the ROI is there. I'm curious to see if this is something Blackberry even wants to own and dominate going forward. They keep saying they will support IOT device management going forward but a lot of IOT devices might get bought out by the big players like Apple/Google and they could prevent Blackberry from managing these devices effectively without jumping through hoops. I also think MDM will probably get rolled into a software bundle like Microsoft 365. I believe JC alluded to this on his earnings conference call that other mdm providers were essentially offering this service for free going forward. I wonder if this will really be a profitable venture for Blackberry going forward (handset security) or if it's just something to do until the next big thing comes around. My guess is the latter. I want to see IOT security, because right now, it's non existent.
    02-29-16 01:29 PM
  10. Doggerz's Avatar
    So, please summarize - is iPhone more secure or BlackBerry?
    For example, which more secure - iPhone 5 or BlackBerry Q10?

    SSL, AES, 3rd layer crypts etc., etc. bla, bla, bla... sounds interesting when you are comparing but I am not the IT guy, so it says nothing to me. I just want to lnow which is more secure.

    Posted via CB10
    Newest iPhone compared to any phone ever made by BB I'd take the iPhone. One company offers no assistance to lawful requests and one does. Chen hates privacy and is dodgy with his answers and wants it both ways.

    Chen can get into your physicsl phone as well as monitor BES and other traffic. Chen's statements make your question easy to answer. Blackberry isnt safe or secure or private.

    Xperia Z5P / Android 5.1.1 / T-Mobile USA
    02-29-16 05:13 PM
  11. PygmySurfer's Avatar
    That is not an option. When you have just two platforms that collect all your data and going on the Internet now is absolutely necessary to make a living, you have no option. Your data or the cave!
    I was going to argue this, but you're right - short of turning off cookies entirely, and not creating a login on any website, you're being tracked whether you like it or not. You might be able to limit your exposure by always browsing with Private Browsing/Incognito mode enabled, but I doubt you could ever hide yourself completely, short of disconnecting entirely.

    If you don't create online accounts with your real info (Name, Address, etc) they at least may not be able to link the profile they've built back to an actual person.
    02-29-16 06:11 PM
  12. PygmySurfer's Avatar
    No. The opposite of that. The Apple case shows that there is a way around the encryption if simple short passwords are permitted and used. Even attempt and rate limiting the entries can be overcome apparently if the OS maker can be made to build a custom tool OS to circumvent that.

    In the San Bernardino case if the phones owner used a sufficiently long and complex password then Apple wouldn't even be able to get in from what we know.

    Note that what the FBI is asking is not to attack the encryption but to defeat a separate security measure in order to grant unlimited password attempts.

    Posted via the CrackBerry App for Android
    Actually, password length has no bearing on this - a longer password would only increase the length of time it takes to unlock the device, not prevent it's unlocking entirely.

    However, all of this only applies to older iOS devices. Starting with the iPhone 5s, all of the security functions were moved into the secure enclave. Rate limiting, max attempts, etc are all hard coded into the hardware, vs. being implemented by the OS. Apple could theoretically load a modified OS that removes the rate limiting and throttling of password attempts onto an iPhone 5 or older device, but they can not do this for an iPhone 5s or later device.

    One other change the FBI wants from Apple is to allow passcodes to be input via the USB interface - I'm unsure if the Secure Enclave would prevent this type of input method or not.

    I'm curious to know how BlackBerry's security compares (particularly BB10's).
    02-29-16 06:23 PM
  13. PygmySurfer's Avatar
    Newest iPhone compared to any phone ever made by BB I'd take the iPhone. One company offers no assistance to lawful requests and one does.
    Apple provides plenty of assistance to law enforcement - likely far more than BlackBerry ever does, simply by the volume of requests alone.

    Privacy - Government Information Requests - Apple (CA)

    Apple is far more transparent with consumers than BlackBerry in this regard, however. I believe John Chen is suggesting they will cooperate with the government to provide metadata on transactions across BlackBerry's network to governments, and not the contents of messages/devices. This is the same kind of thing Apple regularly provides.

    Chen hates privacy and is dodgy with his answers and wants it both ways.
    Citation needed.

    Chen can get into your physicsl phone as well as monitor BES and other traffic. Chen's statements make your question easy to answer. Blackberry isnt safe or secure or private.
    Citation needed again.
    02-29-16 06:27 PM
  14. GadgetTravel's Avatar
    didn't I read that some US army is ditching BB in favor of IPhone combine with GOOD?
    I think it was the Navy.
    02-29-16 08:16 PM
  15. southlander's Avatar
    Actually, password length has no bearing on this - a longer password would only increase the length of time it takes to unlock the device, not prevent it's unlocking entirely.

    However, all of this only applies to older iOS devices. Starting with the iPhone 5s, all of the security functions were moved into the secure enclave. Rate limiting, max attempts, etc are all hard coded into the hardware, vs. being implemented by the OS. Apple could theoretically load a modified OS that removes the rate limiting and throttling of password attempts onto an iPhone 5 or older device, but they can not do this for an iPhone 5s or later device.

    One other change the FBI wants from Apple is to allow passcodes to be input via the USB interface - I'm unsure if the Secure Enclave would prevent this type of input method or not.

    I'm curious to know how BlackBerry's security compares (particularly BB10's).
    Yes. There's an 80 ms processing time to any entry attempt. If you make the number of possible passwords sufficiently high just by using a longer password, then it makes them time needed amazingly high. Of course it doesn't mean it's not possible to unlock it. Just maybe not in our lifetimes.

    Yes Apples newer phones are not susceptible. Though they don't have to be in that way for the security to be circumvented. Being as Apple has the ability to push OS updates they could be made to push a Trojan to a specific phone that simply waits for the user to unlock the phone , then copy the data off to the cloud surreptitiously. As long as any party can install OS updates onto a phone there is theoretically a way to get data.

    Posted via the CrackBerry App for Android
    03-01-16 12:25 AM
  16. bobshine's Avatar
    Newest iPhone compared to any phone ever made by BB I'd take the iPhone. One company offers no assistance to lawful requests and one does. Chen hates privacy and is dodgy with his answers and wants it both ways.

    Chen can get into your physicsl phone as well as monitor BES and other traffic. Chen's statements make your question easy to answer. Blackberry isnt safe or secure or private.

    Xperia Z5P / Android 5.1.1 / T-Mobile USA
    Apple has offer plenty of assistance to lawful request! Tim Cook even confirmed that they assisted law enforcement into "hacking" IPhones in order the recover data. So... What do you think now?

    Posted via CB10
    03-01-16 08:41 AM
  17. southlander's Avatar
    Whether the NSA could get meaningful access (with or without BlackBerry's help) is a mystery, but if it could we would not know about it. NSA would not reveal that capability, that advantage in a local or federal court just because someone might have information about drug dealing or other alleged contraband on his BlackBerry.

    I use a long, complex password just in case, with my reasoning being that if a short, simple one was good enough, the option to use a long, complex one would not be there.
    The password thing is just math and how many possible passwords there are assuming a brute force method.

    Theoretically your data is never 100% safe no matter what. The OS enforces security and the OS can be modified by Apple, etc. Apple could just wait for you to unlock (ie. decrypt) your device and then copy whatever it wants off of it. Kinda like those banking tokens where you need to enter your password and also a randomly generated ever changing code from your token. The hackers just wrote viruses to sit in the background on your PC and silently submit form data, and then monitor the response from the bank website (testing for logged in = yes or no). Once you do all the fancy security stuff and get logged in the virus goes to work in the background and cleans out your account.

    I suppose on an iPhone you could just never ever ever install any updates once you lock things down. But then there's no way to know what's already in the OS without the source code.
    03-01-16 02:13 PM
  18. sorinv's Avatar
    The password thing is just math and how many possible passwords there are assuming a brute force method.

    Theoretically your data is never 100% safe no matter what. The OS enforces security and the OS can be modified by Apple, etc. Apple could just wait for you to unlock (ie. decrypt) your device and then copy whatever it wants off of it. Kinda like those banking tokens where you need to enter your password and also a randomly generated ever changing code from your token. The hackers just wrote viruses to sit in the background on your PC and silently submit form data, and then monitor the response from the bank website (testing for logged in = yes or no). Once you do all the fancy security stuff and get logged in the virus goes to work in the background and cleans out your account.

    I suppose on an iPhone you could just never ever ever install any updates once you lock things down. But then there's no way to know what's already in the OS without the source code.
    Last time I updated my enterprise Suse Linux laptop was 4 years ago when I bought it.
    03-01-16 06:29 PM
  19. PygmySurfer's Avatar
    Yes. There's an 80 ms processing time to any entry attempt. If you make the number of possible passwords sufficiently high just by using a longer password, then it makes them time needed amazingly high. Of course it doesn't mean it's not possible to unlock it. Just maybe not in our lifetimes.
    True, but in this case, the device will self-destruct (erase all data) after 10 attempts, so the password length is of minimal impact. If you remove that 10 attempt limit, you're looking at 13.3 minutes to input all 4 digit pin possibilities, and 22.2 hours to input all 6 digit pin possibilities - not really all that long, in the grand scheme of things. If you used a phrase of some sort, you'd obviously be better off, however, the inconvenience of inputting it would likely outweighs the security benefits for most people (especially if we re-enable the 10 attempt limits).

    Yes Apples newer phones are not susceptible. Though they don't have to be in that way for the security to be circumvented. Being as Apple has the ability to push OS updates they could be made to push a Trojan to a specific phone that simply waits for the user to unlock the phone , then copy the data off to the cloud surreptitiously. As long as any party can install OS updates onto a phone there is theoretically a way to get data.
    Apple devices do not automatically install OTA updates without user intervention. So, they would have to first install a legit upgrade, that removes the prompt to install an update, and then push the trojan to the specific device they want to hack. Also, Apple devices pull the update from the server, rather than have it pushed to the device from the server. I do not believe there is any way for Apple to target a specific device with a specific update. The best they could do is put an update on the server, and have all devices that connect install the bad version, and I don't foresee that happening for obvious reasons. The only way it could potentially work would be to put the device into DFU mode, and load the new OS via USB, while somehow retaining the data on the device. This is what the FBI wants, and Apple is refusing to provide.
    Elephant_Canyon likes this.
    03-01-16 08:47 PM
  20. PygmySurfer's Avatar
    Last time I updated my enterprise Suse Linux laptop was 4 years ago when I bought it.
    What's your IP address?
    03-01-16 08:48 PM
  21. Doggerz's Avatar
    Apple has offer plenty of assistance to lawful request! Tim Cook even confirmed that they assisted law enforcement into "hacking" IPhones in order the recover data. So... What do you think now?

    Posted via CB10
    I don't think it's true. Unless both Tim Cook and the FBI are lying and in cahoots.

    Hey, Chen works for the CIA, would that be something you're interested in? What do you think of that?

    Xperia Z5P / Android 5.1.1 / T-Mobile USA
    03-01-16 11:28 PM
  22. Richard Buckley's Avatar

    Apple devices do not automatically install OTA updates without user intervention. So, they would have to first install a legit upgrade, that removes the prompt to install an update, and then push the trojan to the specific device they want to hack. Also, Apple devices pull the update from the server, rather than have it pushed to the device from the server. I do not believe there is any way for Apple to target a specific device with a specific update. The best they could do is put an update on the server, and have all devices that connect install the bad version, and I don't foresee that happening for obvious reasons. The only way it could potentially work would be to put the device into DFU mode, and load the new OS via USB, while somehow retaining the data on the device. This is what the FBI wants, and Apple is refusing to provide.
    I haven't read Apple's security white papers myself, but there are others who have, whom I trust, who whave written that Apple devices will download a properly formed update without user action. If this were not true Apple could have simply responded in court that they could not do what was asked. Then the FBI would have to prove that Apple could. This isn't what Apple has done, which I believe pretty clearly indicates that, at least for this specific phone, they are able to do exactly what has been asked.

    LeapSTR100-2/10.3.2.2876
    03-02-16 04:15 AM
  23. Richard Buckley's Avatar
    I don't think it's true. Unless both Tim Cook and the FBI are lying and in cahoots.

    Hey, Chen works for the CIA, would that be something you're interested in? What do you think of that?

    Xperia Z5P / Android 5.1.1 / T-Mobile USA
    Well this is what Apple has said in one of their transparency reports: https://www.apple.com/ca/privacy/gov...requests/#mn_p

    When we receive information requests, we require that it be accompanied by the appropriate legal documents such as a subpoena or search warrant. We believe in being as transparent as the law allows about what information is requested from us. We carefully review any request to ensure that thereís a valid legal basis for it. And we limit our response to only the data law enforcement is legally entitled to for the specific*investigation.
    LeapSTR100-2/10.3.2.2876
    03-02-16 04:20 AM
  24. bobshine's Avatar
    I don't think it's true. Unless both Tim Cook and the FBI are lying and in cahoots.

    Hey, Chen works for the CIA, would that be something you're interested in? What do you think of that?

    Xperia Z5P / Android 5.1.1 / T-Mobile USA
    They did... and Apple had been very transparent about it.

    Many times, they provided assistance by extracting and providing multiple copies of non volatile memories so that the authorities can brute force attack it.

    They also decrypt and provided icloud backups for authorities. Apple had been very transparent about how they help law enforcement.


    Posted via CB10
    03-02-16 08:40 AM
  25. bobshine's Avatar
    So the FBI hacked into the iPhone with the assistance of an outside firm.

    Posted via CB10
    03-29-16 12:39 PM
292 ... 9101112

Similar Threads

  1. How to submit a BB10 feature request to BlackBerry?
    By RootingForRIM in forum BlackBerry 10 Apps
    Replies: 3
    Last Post: 04-02-16, 01:57 PM
  2. Is BlackBerry the way to go?
    By Jones Andrew in forum New to the Forums? Introduce Yourself Here!
    Replies: 4
    Last Post: 04-02-16, 01:22 AM
  3. Experience with BlackBerry support?
    By kksblueberry in forum Ask a Question
    Replies: 2
    Last Post: 02-19-16, 02:10 PM
  4. Replies: 1
    Last Post: 02-19-16, 06:59 AM
  5. Blaq for BlackBerry 10 gains Quote Tweet option, adaptive theme and more
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 02-19-16, 06:22 AM
LINK TO POST COPIED TO CLIPBOARD