[molonlabe2a]

Can someone please explain to me if BlackBerry is more secure from hacker/government snooping programs than the iPhone 6?

Apparently government agencies are up in arms over the supposed fact that the new iPhones are encrypted and have no backdoor for them to access them as long as the password is set. I remember reading an article a few years back that BlackBerry caved in to world government's political pressure to give access to BlackBerry user's data.

Since the Snowden revelations and privacy concerns of law abiding citizens being snooped on, has BlackBerry done anything to be as secure as the iPhone 6? I'm only asking because it doesn't seem that the government is having any problem or mentioning any other companies like Android or BlackBerry.

Main reason for me moving back to BlackBerry is for privacy and security concerns and I would love to have some peace of mind on this issue. Any thoughts or suggestions would be greatly appreciated. Thanks!

[Blue Hef]

Can someone please explain to me if BlackBerry is more secure from hacker/government snooping programs than the iPhone 6?

Apparently government agencies are up in arms over the supposed fact that the new iPhones are encrypted and have no backdoor for them to access them as long as the password is set. I remember reading an article a few years back that BlackBerry caved in to world government's political pressure to give access to BlackBerry user's data.

Since the Snowden revelations and privacy concerns of law abiding citizens being snooped on, has BlackBerry done anything to be as secure as the iPhone 6? I'm only asking because it doesn't seem that the government is having any problem or mentioning any other companies like Android or BlackBerry.

Main reason for me moving back to BlackBerry is for privacy and security concerns and I would love to have some peace of mind on this issue. Any thoughts or suggestions would be greatly appreciated. Thanks!

I second that!!

[VinLou]

Latest report , "whisper App" spies on those it's not supposed to track, companies owner are based in California. They hand information over to government's around the world according to the leaked spy report.

I don't believe anything is safe and to get rich, geeks like sukaberg will happily create tech to spy on us or watch us.

No Shade Just Light!!!

[serbanescu]

If you are refering to data encryption on the device, a BlackBerry is at least as secure as an iPhone 6.

But security of data depends more on the security of data transfers. In this respect, an iPhone 6 or a BlackBerry not connected to a BES server are very much vulnerable to snooping.

[Nigelbrown]

BlackBerry has had device encryption for a very long time, just like now iPhone has.

All BIS traffic on legacy BlackBerrys use public keys, so could be sniffed if really needed to be.

Bb10 devices are subject to the transport they are using. Get Gmail or a corporate account via active sync? Same transport as all phones. Get email via corporate BES server? Very secure, non-public security keys. Are you on eBBM? Very secure personal key.

Posted via CB10

[Cheeky Fox]

First time I've heard somebody doubting BlackBerry is more secure than an iPhone. BlackBerry is market leader when it comes to security and its among their top priorities! Apple's iPhone nevertheless...

[WGn199]

Can someone confirm how phone security is affected by whether the phone is on BES or not?

Posted via CB10

[LazyEvul]

BlackBerry takes security and privacy very seriously for their enterprise customers, but they could do a couple things better on the consumer side. Both Android 5.0 and iOS 8 encrypt your data by default from what I understand. It's still an option on BlackBerry 10, though if you're a genuinely security-conscious user I suppose you ought to have enabled it on your own by now anyhow.

BlackBerry also hasn't released a transparency report, something Google, Apple, and Microsoft have all done ever since the Snowden leaks. In fact, as of April, they said they had no plans to do so. This is just asking for trouble in the long-term, and I really think they ought to follow suit with the rest of the industry and release one of their own.

Otherwise, there's not much reason to think BlackBerry is significantly better nor worse than the competition for consumers. BES is very powerful, but most of us aren't on it. As such, our data is still running over the same airwaves, usually unencrypted, as everyone else's. You might be able to make a case for there being less malware for BlackBerry 10, though that's difficult to put accurate numbers to, but that's about it.

[joeldf]

Apparently government agencies are up in arms over the supposed fact that the new iPhones are encrypted and have no backdoor for them to access them as long as the password is set. I remember reading an article a few years back that BlackBerry caved in to world government's political pressure to give access to BlackBerry user's data.

To be fair, a lot of Arab and Asian governments, and India as well, wanted access to the BIS servers on the local carriers in those countries so they could intercept all the BBMs from regular people running through it. That's what RIM (what they were still called at time) caved on, or they would have been outright banned in those countries. I'm not sure BES would have been affected because those are on local business servers not available to the general public.

If I recall, RIM said consistently that BBMs were end-to-end encrypted on the device, and accessing the BIS wouldn't really be of any help - it's just a tunnel and everything stays encrypted. Many of those same countries wanted the keys to decrypt, but RIM said they have no keys - they are on the devices and there is nothing on RIM's end to give the governments. I think that giving them access to the BIS servers was just a way to "comply" without really giving them anything.

I may be wrong about BBM being encrypted. Someone else would have to verify that.

But, since all other data on BBOS ran through the BIS, not everything was encrypted - regular emails usually were not, and neither would any other browser based communication. And then, of course, regular SMS/MMS texts and phone calls were subject to whatever access the carrier may provide.

[darkehawke]

Blackberry hand information over when asked so there is no need for back door snooping. Blackberry was a major supporter of Cispa which if you don't know is all about eroding your privacy so I don't believe they would stand up for your privacy against governments.

Posted via the Android CrackBerry App!

[molonlabe2a]

Can someone confirm how phone security is affected by whether the phone is on BES or not?

Posted via CB10

Yes, this is a very good question. Also is there a way for a private individual can get BES? At least a cost effective way? I currently use Internet Private Access VPN on my tomato firmware router at home and plan on VPN'ing to it when I'm not home. I'd love to enjoy all of the benefits of BlackBerry Enterprise even though I'm not a business, but just a private individual consumer. I think all users of BlackBerry should get the same peace of mind.

[Playbook007]

I think security surely debatable amongst consumers. Personally I sit back and watch the breaches and judge from there. Windows and android, well the malware alone keeps me away. Gmail, Hotmail, Yahoo etc. Tons of breaches. When it comes to Apple, well tweet Jennifer Lawrence and ask her. Security is not only your device!

Posted via CB10

[Tre Lawrence]

BlackBerry takes security and privacy very seriously for their enterprise customers, but they could do a couple things better on the consumer side. Both Android 5.0 and iOS 8 encrypt your data by default from what I understand. It's still an option on BlackBerry 10, though if you're a genuinely security-conscious user I suppose you ought to have enabled it on your own by now anyhow.

BlackBerry also hasn't released a transparency report, something Google, Apple, and Microsoft have all done ever since the Snowden leaks. In fact, as of April, they said they had no plans to do so. This is just asking for trouble in the long-term, and I really think they ought to follow suit with the rest of the industry and release one of their own.

Otherwise, there's not much reason to think BlackBerry is significantly better nor worse than the competition for consumers. BES is very powerful, but most of us aren't on it. As such, our data is still running over the same airwaves, usually unencrypted, as everyone else's. You might be able to make a case for there being less malware for BlackBerry 10, though that's difficult to put accurate numbers to, but that's about it.

Good points.

[molonlabe2a]

Regarding secure email, I use proton mail which has zero knowledge encryption, but I don't think it will be able to work on the BlackBerry email client, or I may be wrong, because it uses two passwords in order to access my mail. One to get on the server then the second to decrypt the mailbox itself. If anyone has any info on how to set up something like that on BlackBerry OS 10 I'd love to hear it. Plus I use Tresorit, another zero knowledge encrypted server for cloud storage, but the app for it on BlackBerry world sucks, it doesn't auto upload when a photo is taken on the camera like it did on Android. Does anyone know if you side load through snap the Tresorit app if the auto upload feature will work?

[dbmalloy]

Depends on what you consider security..... as the activity you are doing dictates how secure you are.... i

f you are using BBM for example... you can be sure that it is secure as encryption is end to end....

if you are downloading apps from the internet or app store there is more risk of a Malware infection on Android... less on IOS and very seldom on BB.... not to say it would not happen.... why it is important to pay attention to permissions when you install.....

There is entry point security... your password... on your handset or connection it does not matter how much encryption you have...if someone figures out your password then all bets are off...this is why trojan programs are so dangerous....does not matter then.....

as for hacking... Unless you have a lot of money or are an important person... most hackers are not interested in you..... what they are interested in is your data stored elsewhere... banking ,... photos.... documents.... usually on the cloud.....

as for backdoors... think it is a bit overused.... because it is technically possible to do something does not mean in practice it happens... many stories about backdoors etc... question again.. is why would anyone care about what you have.....

If it a large company it is different... someone hacks you when they think there is something there that profits them..... Large companies have customer info in databases ... this is what most hackers are after.....

I practice what I call "good security hygiene"..... On computer and smartphone... run daily virus and malware scans at the end of the day... research what I am downloading to my devices... watch the permissions.... change my passwords weekly... have different passwords for different devices.... encrypt my phone ( as it is turned off by default ).. encrypt my data on my computer..... finally choose a strong password... I always use 2 capitalised letters... some numbers and punctuation on all my passwords.....in the News of the world hacking scandal a couple of years back.. the reason they could access the voicemails is that the majority of people kept the default password of 123345 or password....

People treat security as a monolith... it is not... it is more like a hydra with many different heads to it.... do some research take preventative actions and it really does not matter what platform you use... you will be safe....

That said.. there is little you can do when your data is out of your device... again... research the cloud service you are using... find out how many reported hacks there have been ( some go unreported ) and decide form there......

I had my credit report ruined a couple of years back because of identity theft.. at that time I did not practice any seciurity hygiene....and paid dearly... took two years to clean up my credit history... seems like a lot to do to maintain your security but taking care of the aftermath of a breach makes it well worth the hour a week it take....

[Superdupont 2_0]

In short:

1) Device encryption

About 4,5 Million smartphones are lost or stolen every year:
Smart Phone Thefts Rise | Locate Stolen or Lost Cell Phone - Consumer Reports News

If it happens to you it's good to know your private stuff is encrypted on your phone.
BlackBerry is doing a perfect job here for about 10 years.

Apple however had some issues here over the past five years:

iOS 7 doesn't encrypt email attachments | ZDNet

Apple betrays the iPhone's business hopes | InfoWorld

2) Messenger

If police in any country has a warrant, BlackBerry will collaborate (like every other ISP) and intercept certain traffic in their networks that is not secured by BES.

http://thenextweb.com/uk/2011/08/08/...-london-riots/


How about hackers?
BBM is using TLS with certificate pinning and therefore it is unlikely that a MITM can penetrate this traffic.
And if the messages are sent between two BlackBerries they are secured by TLS + 3DES (= Mission impossible for hackers).

iMessage is using TLS without certificate pinning, so, if the MITM attack is successfull then:
iMessage Privacy

Quote: "Second surprise was actually bigger: we saw our AppleID and password going through this SSL communication. Yes, the clear text password..."

However, iMessage is encrypting the message itself with a second layer of encryption, which is *almost* end-to-end.
As Quarkslab is suggesting this second layer can still be overcome, if you have the resources and get support from Apple.


3) Hacking

There is always a jailbreak for each version of iOS, and if your e-mail attachments are stored without encryption...
We are still waiting for a jailbreak for BlackBerry OS 10.

I would not say that iPhones are insecure, but overall the security of BlackBerry OS 10 phones is slightly better.

[Bluenoser63]

One big thing is the fact that you cannot root the BB10 OS. The long boot process checks to make sure that no software can be installed that isn't meant to be there. The apps are also sand boxed to prevent any data leakage that you don't want. You have control with app permissions to lock your apps.

[Cozz4ever]

One big thing is the fact that you cannot root the BB10 OS. The long boot process checks to make sure that no software can be installed that isn't meant to be there. The apps are also sand boxed to prevent any data leakage that you don't want. You have control with app permissions to lock your apps.

Also remember that you can't modify a BB10 app. You can modify iOS and Android apps.

All I want for Christmas is a Passport

[Troy Tiscareno]

"Security" covers many, many aspects of the things we do with our smartphones.

The device encryption that Apple and Google will be turning on by default with the latest releases of their OSs has existed for years, but until the latest OSs were released, users had to turn the device encryption on themselves if they wished to have it. Many people didn't know about it, and some turned it back off once they realized that it meant that you needed to enter a complex password every time you wanted to unlock the phone.

BB10 has supported essentially the same device encryption since its release, and just like Apple and Google, it required the user to turn it on if they wanted it. Phones on BES had it automatically enabled, of course, but that's a whole other discussion.

Device encryption encrypts the on-board storage of the device, so that, say, if you got pulled over and a cop or TSA agent or whoever wanted to hook your phone up to their computer and scan the contents, they couldn't see anything. For those who are unaware, TSA, Immigration, and several other departments, and some police departments, have software tools that allow them to dump your phone contents and search/browse for data if they have physical possession of your phone, and it can break or bypass most standard lock screen passwords. It cannot access encrypted content, though.

Just to be clear, device encryption does not protect your data once it leaves the phone, via BlueTooth, WiFi, or cellular data links. Other measures are designed to protect that information, and they work with various degrees of success, but that's also a whole other discussion.

[techhatesme]

...

Just to be clear, device encryption does not protect your data once it leaves the phone, via BlueTooth, WiFi, or cellular data links. Other measures are designed to protect that information, and they work with various degrees of success, but that's also a whole other discussion.

Troy, could you point me/us in the direction of that discussion? What is the 'next level' of other measures for an individual after encrypting their phone?


Give me a keyboard, a 5 star rated Browser and a fulcrum point and I could move the world.

[Troy Tiscareno]

Troy, could you point me/us in the direction of that discussion? What is the 'next level' of other measures for an individual after encrypting their phone?

Well, again, all of this was talking about encryption of the storage on the phone. When you start transferring data off of the phone across a network, there are other protections that you must have.

For example, if you surf the net on normal websites using the http: protocol, there is NO encryption - everything moves in and out of your web browser in plain text, and anyone intercepting your traffic can easily see exactly what you are doing. If you go to a website and that website offers "secure html" (using the https: protocol), and you log in and set up that https: session, then everything in that session is encrypted between your web browser and the remote server, so that anyone intercepting those packets as they move back and forth over the network will only get encrypted gibberish.

Web browsing is not at all the only type of data that moves in and out of your phone. Your voice phone calls are all unencrypted. SMS and MMS texts are unencrypted. POP email accounts are unencrypted. Many smartphone apps send data back and forth between the app and the app's server unencrypted.

Of course, many services and apps offer encryption: ActiveSync email services, any banking app, several messaging apps (BBM, iMessage, Hangouts, and probably others), and so on, but you shouldn't assume that everything is encrypted - you have to check each and every service and app.

Then you have to consider that not everyone implements encryption correctly, or uses the latest versions that have patched bugs that were found, etc. And, as was the case with iCloud, data stored in the cloud may use encryption during transport, but the data is often STORED unencrypted at the datacenter, so if you can get into the network somehow (like, when Apple recently was found to have left out the functionality that would lock out an account login after several incorrect tries, allowing bruteforce hacking of passwords), you can access the data.

The real point is that just about every service and feature has MULTIPLE points of weaknesses that need to be secured, and not everyone bothers to do so, or does it right, and even when they do, they may be using a protocol that has an unknown exploit, much as the recent Heartbleed bug, which had existed in the code (that almost EVERY website used) for like 20 years, but no one had ever caught until someone fairly recently figured it out and exploited it.

Think of it this way: you can buy the most bad-*** front door for your house, and equip it with the most secure lock, but that doesn't ensure your security. If you leave a key under the mat, or if you leave your windows open or your back door unlocked, or if the walls of your house are made of paper, etc. then people will just go right around your secure front door and get in another way.

On-device encryption is one IMPORTANT piece of the security equation, but it is still only one of MANY, and if you don't secure ALL of them, then you are at risk.