Blackberry Secure vs. Apple ?
- I'm curious.
How much more secure is Blackberry vs Apple if even the US-FBI cant crack Apple's system code? Is Blackberry security/privacy just a marketing hype?02-17-16 10:42 PMLike 0 - These should help:
The Encryption Debate: a Way Forward | Inside BlackBerry
Customer Letter - Apple
https://www.documentcloud.org/docume...st-iPhone.html
The issue at hand is one of government access to a physical device, so stuff like interception of network traffic, malicious apps, etc. are not in play here. The FBI asked Apple for help to circumvent the iOS password lock; namely, the ability to make brute forcing the passcode easier:
Originally Posted by The FedsApple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Originally Posted by Tim CookWhen the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
...
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
On the other hand, BlackBerry seems to be taking both sides:
Originally Posted by John ChenFor years, government officials have pleaded to the technology industry for help yet have been met with disdain. In fact, one of the world’s most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would “substantially tarnish the brand” of the company. We are indeed in a dark place when companies put their reputations above the greater good. At BlackBerry, we understand, arguably more than any other large tech company, the importance of our privacy commitment to product success and brand value: privacy and security form the crux of everything we do. However, our privacy commitment does not extend to criminals.
...
We reject the notion that tech companies should refuse reasonable, lawful access requests. Just as individual citizens bear responsibility to help thwart crime when they can safely do so, so do corporations have a responsibility to do what they can, within legal and ethical boundaries, to help law enforcement in its mission to protect us.
However, it is also true that corporations must reject attempts by federal agencies to overstep. BlackBerry has refused to place backdoors in its devices and software. We have never allowed government access to our servers and never will. We have made decisions to exit national markets when the jurisdictional authorities demand access that would abuse the privacy of law-abiding citizens.
This also begs the question: what did BlackBerry do to convince the Pakistani government to keep BlackBerry operating without installing the backdoor that the Pakistanis wanted? Either BlackBerry are lying here (in which case **** them), or they've got blackmail on someone in Islamabad.02-17-16 11:10 PMLike 0 - "How exactly one can perform the "reasonable, lawful access request" that the FBI is insisting they're asking for without putting in a backdoor is known only to Chen,"
How indeed. Perhaps Chen has secretly devised a method to selectively unlock a phone by unique identifier. PIN perhaps. Thanks for the info much appreciated.02-17-16 11:22 PMLike 0 - zeeberry, companies store their keys internally instead of them being stored on the handset. most, if not all companies have keys stored internally, usually behind some other kind of security. you'd probably use a similar approach for cell devices but you'd be relying on Apple to not be hacked which could in return allow any device to be hacked. by storing it on the phone, you're essentially saying any data I don't have in the cloud, can't be accessed even by Apple if it's compromised, or you guessed it, subpoenaed. you can see why a lot of privacy experts are for this approach. I'd be surprised if a gov / group was not trying hacking Apple everyday to do that very thing.
Fortunately, most hackers probably go for the easy stuff like database info because a lot of ppl don't encrypt it and end up with passwords or dirty secrets like emails. to steal keys, you'd probably require understanding of how / where they store the device specific keys along with the possibility of it also being encrypted again and requiring elevated access... I'm sure the news never articulates it this way so most people just see "stole data". Hackers can do much worse like install custom software that no one notices which is why people are worried about people hacking Internet enabled devices like cars and health devices when that **** will literally kill you
anyway, the one thing that bothers the crap out of me is that everyone just blows over the fact that iCloud data was fair game for the fbi and handed over by Apple no problem. Then when Apple refuses to build something for the physical device they say oh we care about ur privacy but also sell you on iCloud every chance they get. honestly, I can't name one of my iOS friends who doesn't use iCloud or some other cloud provider yet they are the same people yelling F U government Apple all the way, which when it comes down to it, if you use the iCloud, most of ur crap is on there not just the device.
/sigh
Edit: looking back on this Apple has been slowly moving toward a model where they have 0 access to anything unless the user overrides this. maybe I'm being a little naive thinking they'd warn users not to use iCloud if they value privacy. to give Apple some credit, they could have just given in and defeated their own security but now it's up for public debate. I should give them some credit 🤗Last edited by mtthwmtthw; 03-16-16 at 06:55 AM.
03-15-16 06:34 PMLike 0 - zeeberry, companies store their keys internally instead of them being stored on the handset. most, if not all companies have keys stored internally, usually behind some other kind of security. you'd probably use a similar approach for cell devices but you'd be relying on Apple to not be hacked which could in return allow any device to be hacked. by storing it on the phone, you're essentially saying any data I don't have in the cloud, can't be accessed even by Apple if it's compromised, or you guessed it, subpoenaed. you can see why a lot of privacy experts are for this approach. I'd be surprised if a gov / group was not trying hacking Apple everyday to do that very thing.
Fortunately, most hackers probably go for the easy stuff like database info because a lot of ppl don't encrypt it and end up with passwords or dirty secrets like emails. to steal keys, you'd probably require understanding of how / where they store the device specific keys along with the possibility of it also being encrypted again and requiring elevated access... I'm sure the news never articulates it this way so most people just see "stole data". Hackers can do much worse like install custom software that no one notices which is why people are worried about people hacking Internet enabled devices like cars and health devices when that **** will literally kill you
anyway, the one thing that bothers the crap out of me is that everyone just blows over the fact that iCloud data was fair game for the fbi and handed over by Apple no problem. Then when Apple refuses to build something for the physical device they say oh we care about ur privacy but also sell you on iCloud every chance they get. honestly, I can't name one of my iOS friends who doesn't use iCloud or some other cloud provider yet they are the same people yelling F U government Apple all the way, which when it comes down to it, if you use the iCloud, most of ur crap is on there not just the device.
/sigh
Edit: looking back on this Apple has been slowly moving toward a model where they have 0 access to anything unless the user overrides this. maybe I'm being a little naive thinking they'd warn users not to use iCloud if they value privacy. to give Apple some credit, they could have just given in and defeated their own security but now it's up for public debate. I should give them some credit 🤗
http://fortune.com/2016/03/16/apple-icloud-encryption/03-16-16 01:21 PMLike 0 - DreadPirateRegan likes this.03-16-16 02:40 PMLike 1
-
-
Posted from my BlackBerry PrivDunt Dunt Dunt likes this.04-29-16 02:35 PMLike 1 -
But yes, most Security is really dependent on how the phone is setup and how it is used. Most people don't understand what is safe and what isn't, and many (including BlackBerry users) are will to forgo that safety in order to do what they want. Sideload some Bar file found on the Internet... Use a 3rd party Chinese store for Apps... Download apps from a *hacker to gain access to Google Play....
Thus a "smart" IT person with the proper EMM and correctly setup policies is key to true security.
*I used SNAP and I used Cobalts tools for BB10 and now I use them for my Droid. I'm just saying it's a risk I'm willing to take, but that most security expects would laugh at.04-29-16 03:05 PMLike 0 -
-
- As I have said many times on these forums, no device is 100% secure unless your connected to a BES server. Anytime your device is connected to the grid your vulnerable. Good passwords and common sense go a long way.
If your worried about your data being collected by Google and the other sites out there in cyberspace. Then stay off of the grid, that's the price you pay for technology.
For me life is way to short to worry about who's collecting data on me, I just make sure the amount of data I expose while on the grid is minimal. Just my two cents worth.Last edited by bakron1; 05-01-16 at 01:40 PM.
TgeekB likes this.05-01-16 09:43 AMLike 1
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Blackberry Secure vs. Apple ?
« What is the email contact information for Mr. Chen?
|
And the Fire Sale has begun. PRIV $399 @ Newegg »
Similar Threads
-
Virtual phone line for BlackBerry Classic?
By CrackBerry Question in forum BlackBerry ClassicReplies: 4Last Post: 04-18-16, 10:22 PM -
BlackBerry on O'Reilly Factor.
By ginobb in forum General BlackBerry News, Discussion & RumorsReplies: 80Last Post: 03-17-16, 06:22 PM -
Should I smashed my blackberry and get it over with? incident INC000030287661
By CrackBerry Question in forum Ask a QuestionReplies: 10Last Post: 02-20-16, 04:49 AM -
Touch screen error. Blackberry Passport
By Robojoebin in forum BlackBerry PassportReplies: 4Last Post: 02-18-16, 02:57 AM -
Apple Refuses to Update iOS as Requested by US Gov
By Yoox_II in forum BlackBerry 10 OSReplies: 1Last Post: 02-17-16, 08:01 PM
LINK TO POST COPIED TO CLIPBOARD