1. dempsey141's Avatar
    Security on BlackBerry has been recognized worldwide.
    But if comparing between BlackBerry and iPhone, what is the best security?
    12-21-20 10:34 PM
  2. conite's Avatar
    Security on BlackBerry has been recognized worldwide.
    But if comparing between BlackBerry and iPhone, what is the best security?
    This is a vague question.

    But the newest BlackBerry-branded device has an OS that is 3 versions and years behind what's out now. So what may have been the case in 2017, is not the case today.
    12-21-20 11:31 PM
  3. chetmanley's Avatar
    Security on BlackBerry has been recognized worldwide.
    But if comparing between BlackBerry and iPhone, what is the best security?
    Apple has had a steady stream of media worthy security vulnerabilities in every single one of it's iOS versions or chips.

    A prime example is Checkm8 which is an unpatchable bootrom exploit which is present in iPhones from the 4S to the X and a slew of iPads.

    Just this week an iMessage hack was made public.
    https://citizenlab.ca/2020/12/the-gr...click-exploit/

    This month, a Google engineer - Ian Beer - released research which showed vulnerabilities in iOS which allowed an attacker to access files, activate applications, cameras and microphones, or to perform a Denial of Service attack which turned off nearby iOS devices en mass.


    And it's not just Apple that has issues with security on their newest products, Android manufactures are constantly releasing devices which have vulnerabilities exploitable by companies like Celebrite which allow password-bypassing access.

    Blackberry is very solid on this front - even on their older phones.
    Last edited by chetmanley; 12-22-20 at 04:24 PM.
    bh7171 and Linto988 like this.
    12-22-20 04:14 PM
  4. Chuck Finley69's Avatar
    Apple has had a steady stream of media worthy security vulnerabilities in every single one of it's iOS versions or chips.

    A prime example is Checkm8 which is an unpatchable bootrom exploit which is present in iPhones from the 4S to the X and a slew of iPads.

    Just this week an iMessage hack was made public.
    https://citizenlab.ca/2020/12/the-gr...click-exploit/

    This month, a Google engineer - Ian Beer - released research which showed vulnerabilities in iOS which allowed an attacker to access files, activate applications, cameras and microphones, or to perform a Denial of Service attack which turned off nearby iOS devices en mass.


    And it's not just Apple that has issues with security on their newest products, Android manufactures are constantly releasing devices which have vulnerabilities exploitable by companies like Celebrite which allow password-bypassing access.

    Blackberry is very solid on this front - even on their older phones.
    Now I’m asking serious question since it’s you and not some tinfoil hat person. Is this primarily, especially with latest exploits, due to sheer low numbers of BB10 or BBAndroid existing in the wild or could vulnerabilities be undiscovered by engineers who don’t study for the same low number reasons? Kind of like a reverse chicken/egg type conundrum?
    12-22-20 06:09 PM
  5. chetmanley's Avatar
    Now I’m asking serious question since it’s you and not some tinfoil hat person. Is this primarily, especially with latest exploits, due to sheer low numbers of BB10 or BBAndroid existing in the wild or could vulnerabilities be undiscovered by engineers who don’t study for the same low number reasons? Kind of like a reverse chicken/egg type conundrum?
    That could be a possibility - security by obscurity. While the Blackberry brand may not be popular with the masses, I'd argue that it isn't an obscure brand and has high profile contracts with many government and corporate institutions. So I see three possibilities:

    1) People are actively looking for vulnerabilities, and assuming they have been found in Blackberry Products or services - they are being withheld from public release so they can continue to be used by attackers.
    2) People are actively looking for vulnerabilities, but haven't found any to report (at least on the same scale we see with iOS or Android vulnerabilities in general).
    3) Vulnerabilities exist in similar quantities as other products, but people simply are not looking.

    In the case of the recent iOS vulnerabilities discovered by Ian Beer, he was working alone and spent 6 months on the project. Imagine what can be found by larger groups or governments.

    The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine.
    Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with." - Ian Beer.
    We can only speculate about what might be (reported/not looking etc)... but we can get an idea by looking in CVE databases to see the track record of reported vulnerabilities, and of those, how many are considered critical.

    https://www.cvedetails.com/index.php
    or
    https://cve.mitre.org/cve/search_cve_list.html

    Blackberry: 90 CVEs since 2004 (not just for their BBOS and BB10 phones - their services also). 3 of which are level 8 or greater (out of 10) or about 4%.

    Apple: 1655 attributed to iOS since 2007. 291 of which are a level 8 or greater (out of 10). or about 17.5%

    Android: 2563 since 2008. 858 of which are a level 8 or greater (out of 10) or about 33.5%

    Keep in mind, since BB began using Android, I think it's safe to assume that the CVEs that affected all the other Android devices would also fall under BB Android OS, although Blackberry's hardening of their version might mitigate them.

    Also, iOS is all in house, designed to work with their own chips on a very small set of devices. Android on the other hand is used by thousands of devices by different manufactures and different hardware configurations. Apple should have an advantage here when it comes to security, but their CVE count does not reflect that advantage in my opinion.
    12-22-20 07:05 PM
  6. Chuck Finley69's Avatar
    That could be a possibility - security by obscurity. While the Blackberry brand may not be popular with the masses, I'd argue that it isn't an obscure brand and has high profile contracts with many government and corporate institutions. So I see three possibilities:

    1) People are actively looking for vulnerabilities, and assuming they have been found in Blackberry Products or services - they are being withheld from public release so they can continue to be used by attackers.
    2) People are actively looking for vulnerabilities, but haven't found any to report (at least on the same scale we see with iOS or Android vulnerabilities in general).
    3) Vulnerabilities exist in similar quantities as other products, but people simply are not looking.

    In the case of the recent iOS vulnerabilities discovered by Ian Beer, he was working alone and spent 6 months on the project. Imagine what can be found by larger groups or governments.



    We can only speculate about what might be (reported/not looking etc)... but we can get an idea by looking in CVE databases to see the track record of reported vulnerabilities, and of those, how many are considered critical.

    https://www.cvedetails.com/index.php
    or
    https://cve.mitre.org/cve/search_cve_list.html

    Blackberry: 90 CVEs since 2004 (not just for their BBOS and BB10 phones - their services also). 3 of which are level 8 or greater (out of 10) or about 4%.

    Apple: 1655 attributed to iOS since 2007. 291 of which are a level 8 or greater (out of 10). or about 17.5%

    Android: 2563 since 2008. 858 of which are a level 8 or greater (out of 10) or about 33.5%

    Keep in mind, since BB began using Android, I think it's safe to assume that the CVEs that affected all the other Android devices would also fall under BB Android OS, although Blackberry's hardening of their version might mitigate them.

    Also, iOS is all in house, designed to work with their own chips on a very small set of devices. Android on the other hand is used by thousands of devices by different manufactures and different hardware configurations. Apple should have an advantage here when it comes to security, but their CVE count does not reflect that advantage in my opinion.
    Thank you chetmanley. As usual, a great objective answer. Don’t forget to stop by for Christmas dinner....
    chetmanley likes this.
    12-22-20 08:32 PM
  7. RoseBud68's Avatar
    Thank you chetmanley. As usual, a great objective answer. Don’t forget to stop by for Christmas dinner....
    Someone say Dinner?????
    12-22-20 09:39 PM
  8. Chuck Finley69's Avatar
    Someone say Dinner?????
    You’re invited. Just drive your good ride since, well, I’m tired of my Excursion and we can roll by Jeter’s old (Brady’s temporary) place.
    12-22-20 09:45 PM
  9. RoseBud68's Avatar
    LOl Jeter and I are hanging in Miami with Mario. Haven't been to his house in Tampa in over a year.
    12-23-20 07:07 PM

Similar Threads

  1. Vélib' Métropole for Blackberry 10
    By chsports in forum BlackBerry 10 Apps
    Replies: 7
    Last Post: 02-05-21, 04:03 PM
  2. Blackberry Bold 9900 possible refurbished
    By Berksboy in forum Ask a Question
    Replies: 11
    Last Post: 01-25-21, 04:55 PM
  3. I have Blackberry Classic SQC100-1 and its not turning on.
    By CrackBerry Question in forum Ask a Question
    Replies: 6
    Last Post: 12-23-20, 10:03 AM
  4. Cyberpunk 2077 purists play on a BlackBerry KEYone
    By mh1983 in forum BlackBerry KEYone
    Replies: 3
    Last Post: 12-21-20, 02:59 PM
  5. BlackBerry World stuck on loading. Can someone help?
    By faikthedon in forum BlackBerry Classic
    Replies: 1
    Last Post: 12-19-20, 02:33 PM
LINK TO POST COPIED TO CLIPBOARD