[mkelley65]

Yes, it can cost quite a bit. remember, this is an enterprise level solution

Depends. There are inexpensive/free open source email servers that will run on Linux on low cost computers. BES 10 is free. The cost is in the CALS. $19.95 per device Annual or $99.395 Perpetual. Of course you still need a domain and a static IP.

[ALToronto]

If you're an Ordinary citizen then you should not worry about any snooping... Because there would be no reason to be snooped upon if you are not doing stuff out of the ordinary.

You can always end up in the wrong place in the company of the wrong people, entirely by chance.

[johnnyuk]

If this phone is actually for real and hits the market am I the only one who thinks that BlackBerry need to sue them over the name? It could be argued they would be trading on the perception of BlackBerry's reputation for security and privacy by using a strikingly similar name.

Trademark infringement cases have been won for far less obvious reasons.

Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2

[Sith_Apprentice]

Now add in MVS for voice and a pbx based solution.

Posted via CB10

[Sith_Apprentice]

I'd this phone is actually for real and hits the market am I the only one who thinks that BlackBerry need to sue them over the name? It could be argued they would be trading on the perception of BlackBerry's reputation for security and privacy by using a strikingly similar name.

Trademark infringement cases have been won for far less obvious reasons.

Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2

Black isn't exclusive to BlackBerry and has been used for 'spy' movies for some time. Black ops, black on black, etc.

Posted via CB10

[yessuz]

phone, using GSM network - untraceable? :-]

[johnnyuk]

phone, using GSM network - untraceable? :-]

Yeh, exactly why I think this is BS of the first order. There is nothing secure about calls and texts over GSM.

Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2

[johnnyuk]

Black isn't exclusive to BlackBerry and has been used for 'spy' movies for some time. Black ops, black on black, etc.

Posted via CB10

Of course the word Black isn't exclusive to BlackBerry but trademark law varies wildly from country to country. Sometimes all you have to prove is that the name used by the defendant was similar enough to your trademark to win your case. A brand of mobile phone with the word Black in the name is ripe for legal action.

If you went to market with a mobile phone called the Apple Phone how long do you think it would be before you were looking at the inside of a court room.

Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2

[Baber Sultan]

Samsung's already on the ball here for "Security"

Notice that if General Dynamics provides military equipment to U.S. nation states makes perfect sense they provide secure smartphones as well. I don't a see a BlackBerry on this page.....

MMMMmmm..

GD Protected? Secure Smartphones

[Sith_Apprentice]

KNOX has massive flaws currently. No threat there, yet. There will be, it is a matter of time and resources. This is something that Samsung has both of.

Posted via CB10

[bbzp]

If you're an Ordinary citizen then you should not worry about any snooping... Because there would be no reason to be snooped upon if you are not doing stuff out of the ordinary.

I disagree. An ordinary citizen should be worried, but not from government snooping. There are stalkers, criminal hackers, and even some unethical apps that can snoop and invade a person's privacy.

The government spying gets most of the news coverage, but they are not they only ones who are snooping on people. The government spying scandal should be a wakeup call to everyone about how it's possible for other people to invade our privacy. The lack of good security in popular technology has made everyone a possible victim to stalkers, hackers, and other terrible people.

I welcome the competition in security that Blackphone will bring because competition is good for the customer. Hopefully this will motivate all phones, not just BlackBerry, to strenghten their security even further.

What I like about the Blackphone is that it seems to try and make security easy for the average person. I can't say for sure since they havent provided much detail, but from what they have said it seems that the phone's security is seamless and always on in the background so it doesn't require too much effort from the customer. That's the way security should work. Anyway, the added competition to making a phone focused on security is a win for consumers because ordinary people should care about security.

[bbzp]

Mods please delete this. It's an accidental double post.

[gtredman]

This is just another vulture attempting to cannibalize blackberry, who they assume is dead, ridiculous behavior from yet another company a la typo keyboard now Blackphone! really, they couldn't find another name that stresses security without using black? Of course not because Blackberry is the Gold standard of security so stop the gimmick blackphone!

[konta]

we need more security

[gtredman]

You wouldn't see a Blackberry there for obvious reasons. The security they are providing are for non secure phones Blackberry already offers the security they are attempting to provide!

[johnnyuk]

What I like about the Blackphone is that it seems to try and make security easy for the average person.

An admirable goal however what discredits their claims for me is that they purport to make things that are inherently not secure somehow magically secure, such as calls and texts over GSM and "all apps", yes ALL Android apps, even the ones that are in no way secure and take your data to do with as the vendor sees fit.

Perhaps they are going to run their own app store with only Android apps that don't invade your privacy and hoover up your data, but that would be an app store that would make even the Windows Phone app store look full to brimming.

Posted via CB10 on Z30 STA100-2 / 10.2.0.1803 on O2 UK - Activated on BES10.2

[Karan Mohal]

If you're an Ordinary citizen then you should not worry about any snooping... Because there would be no reason to be snooped upon if you are not doing stuff out of the ordinary.

Worst. Logic. Ever. Or perhaps just poorly/not at all thought out.

[Pete The Penguin]

A weak spot does not nescessarily mean it can be hacked (=getting some kind of access). It just means the code has a flaw, that makes it behave in an unwanted way. A denial of service could just as well be the outcome. So it does not "prove" it is hackable - it just shows a weakness. A "prove" is a working exploit - nothing less.



I have not performed any in depth analysis of BES 10.
A few generic observation with regards to weak spots for a *remote* attack (BB10 only environment);

• During normal operation from an enrolled device. Hard to perform, as the BES 10 can only be reached over the network from the work partition, which again only execute native apps installed by the BES 10 admin. So either the BES admin should be the hacker or some 3. part software should be deployed and utitlized. Finally a device exploit could be found to give access to the work partition/connection to BES 10.
  
• At time of activation. Requires username and active activation password. A weakness in the activation process could exist.
  
• Remote using the SRP ID and a weakness in the dispatcher service. The attack would require a data connection from a device (computer) being provisioned on the BB network via a carrier. If you have enough knowledge, you could potentially be able to connect by emulating the BB10 protocol. On the BES 10 the dispatcher decrypts the content by (as far as I understand) looking at the PIN ID in the SRP header. If the ID is not found in the BlackBerry domain database, there is not encryption key available and data are discarded. Potentially you could find an overflow bug in the dispacther, but since the dispatcher has been in use since the early days, I do trust BlackBerry to have done their validation.

This list is just a few points from the top of my head, but I could add more if we talked about BES 5.

We also need to notice that BDS (which is the "BlackBerry part of BES 10") is more or less BES 5 without the PIM syncronization engine, so all the reused parts have been tested over many years.

Compared to BES 5 the attack surface is much smaller and there is no attachment service or messaging agent handling data at "application level".

From the LAN you can have more chances as you can communicate directly with the open TCP ports on the BES 10. This approach seems much more possible, and getting LAN access is often easier as you have a huge attack surface (browsers exploits, email attachments (PDF files anyone?), physical access etc. If only requires direct acces from LAN to BES 10 (no firewall). Unless the attacker has very special needs for informations stored on the BES 10 (e.g. current carrier of a specific user) there is really no reason to even try to hack BES 10 at this point. A Domain Controller or any data hosting server is probably much more interesting.



Let's use the term "Within reasonable time" and keep that definition to 5 or maybe even 10 years. It all comes down to the data being protected, but 10.000 years from now does not really matter to anyone.

"Right tools". Anything goes for me, as long as it is a tool being used from a distance. Getting direct access to Windows with Administrative rights to install the tool is out of scope ;-) A LAN attack is also fine, but if Windows Server is the primary target (root/admin access), there is really not much BlackBerry can do about it.

I really don't like a statement like "anything can be hacked" because it *is* FUD. It is a good example of the "Uncertainty" part of FUD. You are not providing a single proof or even a single, possible attack point. If you had written "BES 10 can potentially be hacked" I would have rested my case, but you are just putting an argument up with nothing to back it up.

There are always theorectial points of view, and if taking a BES 10 into a lab and having full admin access and debugging tools running the BES 10, you can probably easy "hack it". But that's not how an enterprise runs BES 10.

I never said I was going to back up anything, I simply made a statement based on recent events covered in depth on security focused websites and I'm certainly not arguing.
Sith made similar points yet I don't see you attacking him (which is good).

Here is the article that purports "Anything and Everything Can Be Hacked" - http://m.huffpost.com/us/entry/3748602


I have a curious nature and wish to learn - that is all.

[Pete The Penguin]

I welcome the competition in security that Blackphone will bring because competition is good for the customer. Hopefully this will motivate all phones, not just BlackBerry, to strenghten their security even further.

What I like about the Blackphone is that it seems to try and make security easy for the average person. I can't say for sure since they havent provided much detail, but from what they have said it seems that the phone's security is seamless and always on in the background so it doesn't require too much effort from the customer. That's the way security should work. Anyway, the added competition to making a phone focused on security is a win for consumers because ordinary people should care about security.

I totally agree with your points here, I hope all manufactures step up their game.

[Pete The Penguin]

For BDS Security methods:
http://docs.blackberry.com/en/admin/...verview_en.pdf

For Secure Work Space (non FIPS validated):
http://docs.blackberry.com/en/admin/...ty_Note_en.pdf

for all BlackBerry related CVEs:
NIST Search

Of note, this are related to BES10:
National Vulnerability Database (NVD) National Vulnerability Database (CVE-2013-3693)



BB10 related:
National Vulnerability Database (NVD) National Vulnerability Database (CVE-2013-3692)


Keep in mind these are all documented by NIST.

There are also others filed under Research in Motion (instead of BlackBerry). Both are listed here.

Research In Motion Limited : Products and vulnerabilities
Blackberry : Products and vulnerabilities

Thanks Sith, this'll make good bedtime reading for me.

[sav22]

It will only be available in the black market maybe? Some restrictions will always be applied when Gov'ts don't have access to some information which was the case in India and Dubai against BBM message encryptions.

[birdman_38]

If you're an Ordinary citizen then you should not worry about any snooping... Because there would be no reason to be snooped upon if you are not doing stuff out of the ordinary.

Just like Walter White.

[birdman_38]

NSA spent literally MILLIONS of dollars trying to secure Android so far, and no dice yet.

I've never asked this of a mod before, but... proof??

[pgg101]

Lol

Posted via CB10 on Z30STA100-5/10.2.1.1925

[jcsf123]

Who's betting the NSA will obtain a Blackphone?

How do you know they are not behind the development of it.