[Zee10berry]

I'm curious.

How much more secure is Blackberry vs Apple if even the US-FBI cant crack Apple's system code? Is Blackberry security/privacy just a marketing hype?

[thurask]

These should help:

The Encryption Debate: a Way Forward | Inside BlackBerry

Customer Letter - Apple

https://www.documentcloud.org/docume...st-iPhone.html

The issue at hand is one of government access to a physical device, so stuff like interception of network traffic, malicious apps, etc. are not in play here. The FBI asked Apple for help to circumvent the iOS password lock; namely, the ability to make brute forcing the passcode easier:

Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

Apple's opinion is that this will lead to a slippery slope:

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

...

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

This specific backdoor isn't exactly a one step process to break into an iPhone, but Apple cooperating with the court ruling and creating such a thing would set a very dangerous precedent.

On the other hand, BlackBerry seems to be taking both sides:

For years, government officials have pleaded to the technology industry for help yet have been met with disdain. In fact, one of the world’s most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would “substantially tarnish the brand” of the company. We are indeed in a dark place when companies put their reputations above the greater good. At BlackBerry, we understand, arguably more than any other large tech company, the importance of our privacy commitment to product success and brand value: privacy and security form the crux of everything we do. However, our privacy commitment does not extend to criminals.

...

We reject the notion that tech companies should refuse reasonable, lawful access requests. Just as individual citizens bear responsibility to help thwart crime when they can safely do so, so do corporations have a responsibility to do what they can, within legal and ethical boundaries, to help law enforcement in its mission to protect us.

However, it is also true that corporations must reject attempts by federal agencies to overstep. BlackBerry has refused to place backdoors in its devices and software. We have never allowed government access to our servers and never will. We have made decisions to exit national markets when the jurisdictional authorities demand access that would abuse the privacy of law-abiding citizens.

How exactly one can perform the "reasonable, lawful access request" that the FBI is insisting they're asking for without putting in a backdoor is known only to Chen, I think.

This also begs the question: what did BlackBerry do to convince the Pakistani government to keep BlackBerry operating without installing the backdoor that the Pakistanis wanted? Either BlackBerry are lying here (in which case **** them), or they've got blackmail on someone in Islamabad.

[Zee10berry]

"How exactly one can perform the "reasonable, lawful access request" that the FBI is insisting they're asking for without putting in a backdoor is known only to Chen,"

How indeed. Perhaps Chen has secretly devised a method to selectively unlock a phone by unique identifier. PIN perhaps. Thanks for the info much appreciated.

[anon(8865116)]

zeeberry, companies store their keys internally instead of them being stored on the handset. most, if not all companies have keys stored internally, usually behind some other kind of security. you'd probably use a similar approach for cell devices but you'd be relying on Apple to not be hacked which could in return allow any device to be hacked. by storing it on the phone, you're essentially saying any data I don't have in the cloud, can't be accessed even by Apple if it's compromised, or you guessed it, subpoenaed. you can see why a lot of privacy experts are for this approach. I'd be surprised if a gov / group was not trying hacking Apple everyday to do that very thing.

Fortunately, most hackers probably go for the easy stuff like database info because a lot of ppl don't encrypt it and end up with passwords or dirty secrets like emails. to steal keys, you'd probably require understanding of how / where they store the device specific keys along with the possibility of it also being encrypted again and requiring elevated access... I'm sure the news never articulates it this way so most people just see "stole data". Hackers can do much worse like install custom software that no one notices which is why people are worried about people hacking Internet enabled devices like cars and health devices when that **** will literally kill you

anyway, the one thing that bothers the crap out of me is that everyone just blows over the fact that iCloud data was fair game for the fbi and handed over by Apple no problem. Then when Apple refuses to build something for the physical device they say oh we care about ur privacy but also sell you on iCloud every chance they get. honestly, I can't name one of my iOS friends who doesn't use iCloud or some other cloud provider yet they are the same people yelling F U government Apple all the way, which when it comes down to it, if you use the iCloud, most of ur crap is on there not just the device.

/sigh

Edit: looking back on this Apple has been slowly moving toward a model where they have 0 access to anything unless the user overrides this. maybe I'm being a little naive thinking they'd warn users not to use iCloud if they value privacy. to give Apple some credit, they could have just given in and defeated their own security but now it's up for public debate. I should give them some credit 🤗

[anon(8865116)]

zeeberry, companies store their keys internally instead of them being stored on the handset. most, if not all companies have keys stored internally, usually behind some other kind of security. you'd probably use a similar approach for cell devices but you'd be relying on Apple to not be hacked which could in return allow any device to be hacked. by storing it on the phone, you're essentially saying any data I don't have in the cloud, can't be accessed even by Apple if it's compromised, or you guessed it, subpoenaed. you can see why a lot of privacy experts are for this approach. I'd be surprised if a gov / group was not trying hacking Apple everyday to do that very thing.

Fortunately, most hackers probably go for the easy stuff like database info because a lot of ppl don't encrypt it and end up with passwords or dirty secrets like emails. to steal keys, you'd probably require understanding of how / where they store the device specific keys along with the possibility of it also being encrypted again and requiring elevated access... I'm sure the news never articulates it this way so most people just see "stole data". Hackers can do much worse like install custom software that no one notices which is why people are worried about people hacking Internet enabled devices like cars and health devices when that **** will literally kill you

anyway, the one thing that bothers the crap out of me is that everyone just blows over the fact that iCloud data was fair game for the fbi and handed over by Apple no problem. Then when Apple refuses to build something for the physical device they say oh we care about ur privacy but also sell you on iCloud every chance they get. honestly, I can't name one of my iOS friends who doesn't use iCloud or some other cloud provider yet they are the same people yelling F U government Apple all the way, which when it comes down to it, if you use the iCloud, most of ur crap is on there not just the device.

/sigh

Edit: looking back on this Apple has been slowly moving toward a model where they have 0 access to anything unless the user overrides this. maybe I'm being a little naive thinking they'd warn users not to use iCloud if they value privacy. to give Apple some credit, they could have just given in and defeated their own security but now it's up for public debate. I should give them some credit 🤗

LOL Literally the day after posting this

http://fortune.com/2016/03/16/apple-icloud-encryption/

[Dunt Dunt Dunt]

LOL Literally the day after posting this

Apple Is Now Planning to Boost iCloud Encryption - Fortune

I'm glad some corporation is reading these forums... it's clear BlackBerry never has.

[DreadPirateRegan]

I'm curious.

How much more secure is Blackberry vs Apple if even the US-FBI cant crack Apple's system code? Is Blackberry security/privacy just a marketing hype?

The GOV "says" they can't crack the fruit! "Says"...

Posted via CB10

[web99]

I'm curious.

How much more secure is Blackberry vs Apple if even the US-FBI cant crack Apple's system code? Is Blackberry security/privacy just a marketing hype?

If you really want a secure device, it should leverage a MDM such as BES or Good Technology and have enforced security policies. As device by itself only has a minimum level of security.

Posted from my BlackBerry Priv

[Dunt Dunt Dunt]

If you really want a secure device, it should leverage a MDM such as BES or Good Technology and have enforced security policies. As device by itself only has a minimum level of security.

Posted from my BlackBerry Priv

Privacy is what Chen likes to talk about with the PRIV...

But yes, most Security is really dependent on how the phone is setup and how it is used. Most people don't understand what is safe and what isn't, and many (including BlackBerry users) are will to forgo that safety in order to do what they want. Sideload some Bar file found on the Internet... Use a 3rd party Chinese store for Apps... Download apps from a *hacker to gain access to Google Play....

Thus a "smart" IT person with the proper EMM and correctly setup policies is key to true security.


*I used SNAP and I used Cobalts tools for BB10 and now I use them for my Droid. I'm just saying it's a risk I'm willing to take, but that most security expects would laugh at.

[stevec66]

I am not the smartest tool in the box when it comes to security for computers or cell phones, but I do know I would never back up any information on any body's cloud that's why having a portable hard drive is the way to go. Am I wrong!!!

Posted via CB10

[donnation]

I am not the smartest tool in the box when it comes to security for computers or cell phones, but I do know I would never back up any information on any body's cloud that's why having a portable hard drive is the way to go. Am I wrong!!!

Posted via CB10

Unless your hard drive fails or someone steals it, then yeah.

[Gervuoge]

IPhone is more secure than BlackBery. Necause iPhone is the securiest phone in the world.

Posted via CB10

[Prem WatsApp]

IPhone is more secure than BlackBery. Necause iPhone is the securiest phone in the world.

Posted via CB10

^

Sent from my iPhone

--------------

? ;')

�   There's a Crack in the Berry right now...   �

[Old_Mil]

Privacy starts with an 2S that prevents a few dozen apps from broadcasting your personal information to hundreds of data collection servers. Outside of Blackphone and Windows ohone, you are out of luck.

[bakron1]

As I have said many times on these forums, no device is 100% secure unless your connected to a BES server. Anytime your device is connected to the grid your vulnerable. Good passwords and common sense go a long way.

If your worried about your data being collected by Google and the other sites out there in cyberspace. Then stay off of the grid, that's the price you pay for technology.

For me life is way to short to worry about who's collecting data on me, I just make sure the amount of data I expose while on the grid is minimal. Just my two cents worth.