Blackphone claims to be first privacy-focused smartphone
- Depends. There are inexpensive/free open source email servers that will run on Linux on low cost computers. BES 10 is free. The cost is in the CALS. $19.95 per device Annual or $99.395 Perpetual. Of course you still need a domain and a static IP.01-15-14 01:39 PMLike 0
- If this phone is actually for real and hits the market am I the only one who thinks that BlackBerry need to sue them over the name? It could be argued they would be trading on the perception of BlackBerry's reputation for security and privacy by using a strikingly similar name.
Trademark infringement cases have been won for far less obvious reasons.
Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2Last edited by johnnyuk; 01-15-14 at 03:33 PM.
01-15-14 01:57 PMLike 2 - Sith_ApprenticeMod Team EmeritusNow add in MVS for voice and a pbx based solution.
Posted via CB1001-15-14 02:02 PMLike 0 - Sith_ApprenticeMod Team EmeritusI'd this phone is actually for real and hits the market am I the only one who thinks that BlackBerry need to sue them over the name? It could be argued they would be trading on the perception of BlackBerry's reputation for security and privacy by using a strikingly similar name.
Trademark infringement cases have been won for far less obvious reasons.
Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2
Posted via CB1001-15-14 02:02 PMLike 0 -
-
If you went to market with a mobile phone called the Apple Phone how long do you think it would be before you were looking at the inside of a court room.
Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2mmveets likes this.01-15-14 02:44 PMLike 1 - Samsung's already on the ball here for "Security"
Notice that if General Dynamics provides military equipment to U.S. nation states makes perfect sense they provide secure smartphones as well. I don't a see a BlackBerry on this page.....
MMMMmmm..
GD Protected? Secure Smartphones01-15-14 02:54 PMLike 0 - Sith_ApprenticeMod Team EmeritusKNOX has massive flaws currently. No threat there, yet. There will be, it is a matter of time and resources. This is something that Samsung has both of.
Posted via CB10Superfly_FR likes this.01-15-14 02:58 PMLike 1 -
The government spying gets most of the news coverage, but they are not they only ones who are snooping on people. The government spying scandal should be a wakeup call to everyone about how it's possible for other people to invade our privacy. The lack of good security in popular technology has made everyone a possible victim to stalkers, hackers, and other terrible people.
I welcome the competition in security that Blackphone will bring because competition is good for the customer. Hopefully this will motivate all phones, not just BlackBerry, to strenghten their security even further.
What I like about the Blackphone is that it seems to try and make security easy for the average person. I can't say for sure since they havent provided much detail, but from what they have said it seems that the phone's security is seamless and always on in the background so it doesn't require too much effort from the customer. That's the way security should work. Anyway, the added competition to making a phone focused on security is a win for consumers because ordinary people should care about security.01-15-14 03:17 PMLike 0 - This is just another vulture attempting to cannibalize blackberry, who they assume is dead, ridiculous behavior from yet another company a la typo keyboard now Blackphone! really, they couldn't find another name that stresses security without using black? Of course not because Blackberry is the Gold standard of security so stop the gimmick blackphone!johnnyuk likes this.01-15-14 03:47 PMLike 1
-
- You wouldn't see a Blackberry there for obvious reasons. The security they are providing are for non secure phones Blackberry already offers the security they are attempting to provide!Jerale Hoard likes this.01-15-14 03:55 PMLike 1
-
Perhaps they are going to run their own app store with only Android apps that don't invade your privacy and hoover up your data, but that would be an app store that would make even the Windows Phone app store look full to brimming.
Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2Last edited by johnnyuk; 01-15-14 at 04:14 PM.
01-15-14 03:59 PMLike 0 - 01-15-14 04:03 PMLike 1
- Pete The PenguinResident CrackBerry WizardA weak spot does not nescessarily mean it can be hacked (=getting some kind of access). It just means the code has a flaw, that makes it behave in an unwanted way. A denial of service could just as well be the outcome. So it does not "prove" it is hackable - it just shows a weakness. A "prove" is a working exploit - nothing less.
I have not performed any in depth analysis of BES 10.
A few generic observation with regards to weak spots for a *remote* attack (BB10 only environment);
- During normal operation from an enrolled device. Hard to perform, as the BES 10 can only be reached over the network from the work partition, which again only execute native apps installed by the BES 10 admin. So either the BES admin should be the hacker or some 3. part software should be deployed and utitlized. Finally a device exploit could be found to give access to the work partition/connection to BES 10.
- At time of activation. Requires username and active activation password. A weakness in the activation process could exist.
- Remote using the SRP ID and a weakness in the dispatcher service. The attack would require a data connection from a device (computer) being provisioned on the BB network via a carrier. If you have enough knowledge, you could potentially be able to connect by emulating the BB10 protocol. On the BES 10 the dispatcher decrypts the content by (as far as I understand) looking at the PIN ID in the SRP header. If the ID is not found in the BlackBerry domain database, there is not encryption key available and data are discarded. Potentially you could find an overflow bug in the dispacther, but since the dispatcher has been in use since the early days, I do trust BlackBerry to have done their validation.
This list is just a few points from the top of my head, but I could add more if we talked about BES 5.
We also need to notice that BDS (which is the "BlackBerry part of BES 10") is more or less BES 5 without the PIM syncronization engine, so all the reused parts have been tested over many years.
Compared to BES 5 the attack surface is much smaller and there is no attachment service or messaging agent handling data at "application level".
From the LAN you can have more chances as you can communicate directly with the open TCP ports on the BES 10. This approach seems much more possible, and getting LAN access is often easier as you have a huge attack surface (browsers exploits, email attachments (PDF files anyone?), physical access etc. If only requires direct acces from LAN to BES 10 (no firewall). Unless the attacker has very special needs for informations stored on the BES 10 (e.g. current carrier of a specific user) there is really no reason to even try to hack BES 10 at this point. A Domain Controller or any data hosting server is probably much more interesting.
Let's use the term "Within reasonable time" and keep that definition to 5 or maybe even 10 years. It all comes down to the data being protected, but 10.000 years from now does not really matter to anyone.
"Right tools". Anything goes for me, as long as it is a tool being used from a distance. Getting direct access to Windows with Administrative rights to install the tool is out of scope ;-) A LAN attack is also fine, but if Windows Server is the primary target (root/admin access), there is really not much BlackBerry can do about it.
I really don't like a statement like "anything can be hacked" because it *is* FUD. It is a good example of the "Uncertainty" part of FUD. You are not providing a single proof or even a single, possible attack point. If you had written "BES 10 can potentially be hacked" I would have rested my case, but you are just putting an argument up with nothing to back it up.
There are always theorectial points of view, and if taking a BES 10 into a lab and having full admin access and debugging tools running the BES 10, you can probably easy "hack it". But that's not how an enterprise runs BES 10.
Sith made similar points yet I don't see you attacking him (which is good).
Here is the article that purports "Anything and Everything Can Be Hacked" - http://m.huffpost.com/us/entry/3748602
I have a curious nature and wish to learn - that is all.01-15-14 04:14 PMLike 0 - During normal operation from an enrolled device. Hard to perform, as the BES 10 can only be reached over the network from the work partition, which again only execute native apps installed by the BES 10 admin. So either the BES admin should be the hacker or some 3. part software should be deployed and utitlized. Finally a device exploit could be found to give access to the work partition/connection to BES 10.
- Pete The PenguinResident CrackBerry Wizard
I welcome the competition in security that Blackphone will bring because competition is good for the customer. Hopefully this will motivate all phones, not just BlackBerry, to strenghten their security even further.
What I like about the Blackphone is that it seems to try and make security easy for the average person. I can't say for sure since they havent provided much detail, but from what they have said it seems that the phone's security is seamless and always on in the background so it doesn't require too much effort from the customer. That's the way security should work. Anyway, the added competition to making a phone focused on security is a win for consumers because ordinary people should care about security.01-15-14 04:16 PMLike 0 - Pete The PenguinResident CrackBerry WizardFor BDS Security methods:
http://docs.blackberry.com/en/admin/...verview_en.pdf
For Secure Work Space (non FIPS validated):
http://docs.blackberry.com/en/admin/...ty_Note_en.pdf
for all BlackBerry related CVEs:
NIST Search
Of note, this are related to BES10:
National Vulnerability Database (NVD) National Vulnerability Database (CVE-2013-3693)
BB10 related:
National Vulnerability Database (NVD) National Vulnerability Database (CVE-2013-3692)
Keep in mind these are all documented by NIST.
There are also others filed under Research in Motion (instead of BlackBerry). Both are listed here.
Research In Motion Limited : Products and vulnerabilities
Blackberry : Products and vulnerabilitiesSith_Apprentice likes this.01-15-14 04:18 PMLike 1 -
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Blackphone claims to be first privacy-focused smartphone
« BBM preloaded on Nokia X?
|
Facebook will now have your phone number too. You cannot hide it again!!!!!! »
Similar Threads
-
Unable to get Temple Run bar to work
By ambarish annapureddy in forum More for your BlackBerry 10 Phone!Replies: 11Last Post: 01-29-14, 07:38 AM -
BlackBerry Might Be Considering BBM For Android 2.3 Gingerbread Devices: http://www.ubergizmo.com/20
By Paul Collins4 in forum General BlackBerry News, Discussion & RumorsReplies: 8Last Post: 01-15-14, 10:32 AM -
How to sideload the q5 and get a leaked update??
By smugp1 in forum BlackBerry Q5Replies: 1Last Post: 01-15-14, 05:36 AM -
Indian Enterprise customers make the move to BES10
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 0Last Post: 01-15-14, 03:20 AM
LINK TO POST COPIED TO CLIPBOARD