[anon(8719892)]

In this case Apples to Blackberries. Apple's chat app is clearly more secure than BB's, so even if every thing else was equal the Apple device is more secure.

Using what logic? Thats simply untrue.

[anon(8719892)]

Paranoia! Governments always had the right to wire tap with a warrant. This is no different.

You can't listen in to the listenable. Thats the point. They have no right to anything but they can EXPLOIT weakness.

[byex]

Using what logic? Thats simply untrue.

It is true. Imessage is encrypted. But it has flaws. To compare it to BBM protected is laughable.
Comparing it to BBM is a different story.

Posted via CB10

[Superfly_FR]

BBM alone never was stated as "safe" or "encrypted". For ages, we know that it is single public key driven witch in not compatible with the notion of secured; BlackBerry acknowledged it clear and loud, using the word "scrambled".

There are still two options that do match with the highest security qualification :
- BBM in a BES context (for EMM enabled structures)
- BBM protected (for individuals, S&M companies, self-employed, ...)

Who going to pay for BBM Protected after Blackberry willingly gave out its BBM key, you think they wouldn't do the same for BBM Protected? As long as their is a way for Blackberry to intervene on government behalf, any fancy service for security is irrelevant.

You probably read it wrong about what they will/can do. [and this is MY personal reading]
1/ They do not have access to private keys: there's no magic, no tales. They can't.
2/ Cooperating do not mean "we can do whatever we want", it means just that : cooperating.
So yes, BlackBerry engineers will offer support to diagnose and describe the security levels, point out weakness (like badly implemented third parties hooks, unsecured procedures, missing security patches, etc).
3/ I'm not sure how you can state BlackBerry gave the public key and what are your information regarding its renewal rate (do you believe the same key is in use since 2007 ?).

Now the apple/FBI debate is different.
1/ They jumped on it like hunger on third-world (ancient expression, pardon me) for marketing purposes.
2/ They stated "we could, but we won't". Oh, can they, really ? What's the level of trust then ? How many engineers at infinite loop have the ability to do so ? Is that documented ? Did apple - ever/before - implemented fragmented/rolling security teams ? [please note : all of these are questions, reflecting my personal doubts/level of confidence]


Ultimately,
if you want to be safe, you'd first have to be sure your device is safe.
x,y,z can offer the strongest encryption in the world, listening to your calls or your kb inputs (or recording the vibrations, moves using sensors) is a piece of cake if your device can be infected by a pimpled computer science student test drive.

So, relax, get BBM protected if you want to be safe 100% (and offer it - for free - to your contacts when chatting with them).
And if you prefer another tool well, just go for it ... but be sure of what you get ... and give (if it's "free").

[whatsever]

BlackBerry has good security for consumers using a BlackBerry or Android device, also BBM is good enough protected. Business who are needing a higher security don't use apps like facebook,whatsapp or ios with icloud backupp, they using BES (cloud) for better protection and BBM protection to send of zip file coded or just excel, word or pdf files and some pictures. This highly protection is for know own to know not even goverments.

BlackBerry is honest to tell te world they willing to help police or goverment is they asked for it by court. Apple is saying NO about one phone and still they helping china without problems for users data ,but you will probarly say that it's there biggest market or whatever. They also helping other countries like the Netherlands and not only with information but also with apple id.

So every American believes in Apple security and privacy but trust me it's a Joke , the same with Facebook supporting it because mister zuckerberg wanted to protect his information to sell it to the goverment. He has allready more money than steve jobs have thanks to your privacy and that's why whatsapp is more secure but not secure enough.

The only company that is selling privacy and security without metadata is BlackBerry and nobody is willing to pay for it, best platform out there but people wanted free apps that are datamining there maps, contacts and more. This are the same people and business complaining that they get a lot of phising mail or get a locker installed, or to much spam. People give away not only there information but also from friends in there contact list like where tey live, phone numbers, email adresses and more.

So you people talking about privacy and BlackBerry to be honest ,where other companies selling there information and apps that are giving away everything from you phone yelling about BlackBerry and John Chen don't know how dumb that sound if you are a whatsapp, facebook or ios users with icloud synchronisation or just a few free android games are all open doors for information for thirth parties.

Also the media is jumping and a reporter with a google phone is worried about the position of John Chen when he using facebook,whatsapp,instagram and lot of free apps and games and all are datamining on his phone is blind to see. So stop beiing anti-BlackBerry and become more aware how you use your daily driver

[Superdupont 2_0]

They don't have access to keys anymore. This was all changed a couple of years ago, in part because many of us wouldn't have participated with Apple Pay if they didn't change this.

[...]

The parts around Apple Pay are omitted from the backup process and can only be sent device to device directly using the hardware keys on each device.

(And of course in an enterprise environment all of this syncing can be disabled if needed.)

I believe there is a little misunderstanding, because Troy was talking about iCloud and you seem to talk about Apple Pay.

Apple has the encryption keys for iCloud (but not the 3rd party server providers like Amazon) and according to Apple's own guideline iCloud backups can give them access to Subscriber Information, Mails, E-Mails, Photo Stream, Docs, Contacts, Calendars, Bookmarks, iOS Device Backups[...]iOS device backups may include photos and videos in the users� camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail... oh boy, and that's only paragraph G (about "iCloud").

In addition Apple can reveal information described in the other paragraphs A to P, while P itself is about Facetime and due the E2E encryption they can share almost nothing here.
(Facetime is one of the reasons why I may switch to iOS one day, but BBM is just great and for me personally BBM Video is still secure enough, because of a funny coincidence of technology development: In most cases, I can connect to my routers via VPN and BBM Video will chose the path of least costs.)

iCloud has been also in the news earlier this year
http://www.nytimes.com/2016/02/22/te...ntly.html?_r=0
The case for using iTunes, not iCloud, to back up your iPhone | Ars Technica

[Superdupont 2_0]

I'm actually not upset with his position. Between emails, sms, bbm, FB and my browsing history there are lots of points where officials could get access to my data. As long as due process takes place, and the proper warrants are issued, I don"t see a problem (NSA revelations are definitely not in that category).

Pretty sure Apple and everyone else, in spite of all the posturing, complies with all kinds of requests all them time. I still trust BlackBerry over Google...at least they say they only reveal that info to authorities with due process, whereas Google must be amassing quite a collection of user data for sale to the highest bidder.

Posted via CB10

You don't have to trust BlackBerry at all, when they give the BBM encryption keys to LE.
You have to trust LE instead.

That's the whole problem:
Back in 2010 they shared the encypription keys with LE and lost control over the process, exposing 39 million BBM users to potential governmental surveillance AND in 2016 John Chen states that this is "okayed assistance" according to BBRY corporate guidelines.

One more time: If they give the keys to any 3rd party, you will have to trust the 3rd party! BlackBerry is no longer involved. That is John Chen's understanding of "assistance".

[Soulstream]

My opinion on encryption and device safety is that you phone should be as private as your own home. If the police can enter your home with a warrant, they should be able to do the same on your device.

[Superfly_FR]

Nicely put Soulstream

[ADGrant]

Using what logic? Thats simply untrue.

The government doesn't have a master key that decrypts iMessages.

Canada is part of the 5 eyes intelligence sharing alliance so if they have the key so does the NSA. Of course the NSA has probably always had the key.

[ADGrant]

Do a quick search. Imessage has been broken. May have been fixed in latest update. But it was broken once and it's probable it can be broken again.
Oh and imessage doesn't verify encryption keys when sending or receiving messages. That's a flaw that can be exploited.

BBM protected is more secure than imessage.

Posted via CB10

My question was about iOS in general. You suggested that it was inherently less secure than BB's operating systems. What evidence do you have to support that statement.

[Superdupont 2_0]

My question was about iOS in general. You suggested that it was inherently less secure than BB's operating systems. What evidence do you have to support that statement.

Hmm, I would say one evidence is that neither Playbook nor BB10 devices can be rooted since mid 2013.
That being said, there were enough hackers and security companies who have tried find a root access to BB10, but all they reported were minor or major flaws, but no root.

For any latest iOS version, you can be sure there is a jailbreak.

iOS and BB10 are mostly closed source, I would assume that people try the same automated hacking tools/techniques for both iOS and BB10, but obviously they find more for iOS.

You would have seen that over the last 4 years if you would have followed CB and other BlackBerry websites, but just to give you one example, this very talented hacker bought two Z10s and all he achieved (if I remember correctly) were bricked phones

https://twitter.com/jcase/status/499608741025570817

[MmmHmm]

Hmm, I would say one evidence is that neither Playbook nor BB10 devices can be rooted since mid 2013.
That being said, there were enough hackers and security companies who have tried find a root access to BB10, but all they reported were minor or major flaws, but no root.

For any latest iOS version, you can be sure there is a jailbreak.

iOS and BB10 are mostly closed source, I would assume that people try the same automated hacking tools/techniques for both iOS and BB10, but obviously they find more for iOS.

You would have seen that over the last 4 years if you would have followed CB and other BlackBerry websites, but just to give you one example, this very talented hacker bought two Z10s and all he achieved (if I remember correctly) were bricked phones

https://twitter.com/jcase/status/499608741025570817

I've never heard of a hacker remotely rooting someone's phone, nor do I think that would do much anyway regarding security. Maybe they could install some cool themes or something, but once they're in an unlocked phone, they can just open your apps and see your data anyway. So, if I don't hand my phone to a hacker and unlock it for them, who cares if a phone can be rooted or jailbroken?

Also, the number of hackers in the world trying to jailbreak iPhones is almost certainly orders of magnitude greater than the number trying to root BB10.

[Superdupont 2_0]

I've never heard of a hacker remotely rooting someone's phone, nor do I think that would do much anyway regarding security. Maybe they could install some cool themes or something, but once they're in an unlocked phone, they can just open your apps and see your data anyway. So, if I don't hand my phone to a hacker and unlock it for them, who cares if a phone can be rooted or jailbroken?

You should care, because it is a strong indicator whether the system is stable or not.
Hacking is just another word for misusing an instability.
BB10 is extremly stable, iOS is extremly unstable.

That in turns has consequences, when you connect your device to a network, browse in the internets or opening median files etc etc...on all these events any iOS version is much easier to hack than a BB10 device.

[Soulstream]

Hmm, I would say one evidence is that neither Playbook nor BB10 devices can be rooted since mid 2013.
That being said, there were enough hackers and security companies who have tried find a root access to BB10, but all they reported were minor or major flaws, but no root.

For any latest iOS version, you can be sure there is a jailbreak.

iOS and BB10 are mostly closed source, I would assume that people try the same automated hacking tools/techniques for both iOS and BB10, but obviously they find more for iOS.

You would have seen that over the last 4 years if you would have followed CB and other BlackBerry websites, but just to give you one example, this very talented hacker bought two Z10s and all he achieved (if I remember correctly) were bricked phones

https://twitter.com/jcase/status/499608741025570817

I consider vulnerabilities that require physical access to the device to be much less severe than remote access vulnerabilities. And even for iOS, if the FBI had to ask apple to unlock a device means that even with physical access the acessing the encrypted data on the device was no easy task.

[ADGrant]

Hmm, I would say one evidence is that neither Playbook nor BB10 devices can be rooted since mid 2013.
That being said, there were enough hackers and security companies who have tried find a root access to BB10, but all they reported were minor or major flaws, but no root.

For any latest iOS version, you can be sure there is a jailbreak.

iOS and BB10 are mostly closed source, I would assume that people try the same automated hacking tools/techniques for both iOS and BB10, but obviously they find more for iOS.

You would have seen that over the last 4 years if you would have followed CB and other BlackBerry websites, but just to give you one example, this very talented hacker bought two Z10s and all he achieved (if I remember correctly) were bricked phones

https://twitter.com/jcase/status/499608741025570817

I haven't heard about a successful iOS 9.3 jail break which would seem to contradict your statement. I doubt as many people are trying to root BB10 as you imagine. There simply aren't enough users.

[byex]

My question was about iOS in general. You suggested that it was inherently less secure than BB's operating systems. What evidence do you have to support that statement.

No OS is secure and immune from security issues.
This is just to start, Apple may or may not have fixed many of the issues below:
https://www.cvedetails.com/vulnerabi...Iphone-Os.html

http://osxdaily.com/2015/10/14/jailbreak-ios-9-pangu/


http://m.imore.com/how-remove-root-c...iphone-or-ipad

http://iphone.appleinsider.com/artic...s-and-contacts

http://www.forbes.com/sites/gordonke.../#6656bcf453ec

http://www.wired.com/2016/03/hack-br...e-crypto-flaw/

https://www.washingtonpost.com/world...74e_story.html


Posted via CB10

[Superdupont 2_0]

I haven't heard about a successful iOS 9.3 jail break which would seem to contradict your statement.

And I found it after 5 seconds google search
iOS 9.3 Jailbreak Demoed On Video | Redmond Pie

I doubt as many people are trying to root BB10 as you imagine. There simply aren't enough users.

As I said, Justin Case failure here is a very prominent example.
If you would follow the vulnerabilities which haven been reported for BB10 since 2013, then you would realize many of these have been reported by 3rd parties, who tried to find vulnerabilities, but there was no root/jailbreak.

The thing is, I wouldn't care about the 100.000 wannabe hackers out there who examined iOS without reporting anything.
But I do care about the rather small number of professionals who have examined BB10 (and iOS of course).

[byex]

Here's something to consider.

https://pando.com/2015/03/01/interne...ry-of-the-bbg/



Posted via CB10

[dejanh]

My opinion on encryption and device safety is that you phone should be as private as your own home. If the police can enter your home with a warrant, they should be able to do the same on your device.

However nothing IRL prevents you from building your home like Fort Knox and making the job of getting into your phone extremely difficult.

Bottom line is, if you're going to make an argument like that, then you may want to at least try to compare the two on an even playing field

To add to this, who is overseeing these requests for access in the digital world? Government entity that gets its cheques cut from the government purse? Keep it under civilian oversight and make access to information easy and the information transparent, and you will have a lot less people complaining about this whole issue.

Now for a bit of humor, of course it does not help the general public at all when they demonstrate their total ignorance with something like naming a 200m pound vessel Boaty McBoatface (http://www.independent.co.uk/news/bo...-a6942551.html). This just plays into the hands of the officials who believe that they know better than the public - all the time.

[jhayman]

That has nothing to do with my point. This is not new story here, what is new story is Blackberry willingly GIVING OUT THEIR GLOBAL KEY WHICH MEANS ANY GOVERNMENT CAN SPY ON ANY INDIVIDUAL INDISCRIMINATELY NO MATTER IF HE SUSPECTED CRIMINAL OR NOT.

I believe it is relevant to your point. Apple, when asked, provides access to your private data. In the case of the San Bernadino bomber, they provided access to the complete device backup that they keep in the cloud. Pictures, emails, etc. BlackBerry is incapable of providing this access, as they do not store this data in the cloud. This data is kept on device, or by whatever cloud service you elect to use (including, for example, the BES).

What we've learned is that BBM messages (ignoring BBM-protected or BES protected messages) just like iMessage messages (until iOS 9.3) can be intercepted by government officials and decrypted.

BBM on BES, if the BES administrators defines their own keys, cannot be decrypted by government officials (or BlackBerry).

BBM Protected (now a free feature of BBM) allows you to generate your own keys, so those communications cannot be decrypted by government officials (or BlackBerry).

What Apple is trying to do now is to remove itself from the equation with no security keys kept on their servers, this way requests for information would be futile since the only way of opening a phone or intercepting an encrypted message would require owner to willingly give out his password under court of law.

i.e. exactly what BBM protected does. So iMessage and BBM protected chats should give you the same warm-fuzzy feeling of privacy. In theory, Apple cannot decrypt iMessage messages if they tried. In theory BlackBerry cannot decrypt BBM messages if they tried. Neither company owns the keys.

Except ....

Apple actually owns the key sever that generates the keys. This makes it much easier for users. It (among other things) allows them to handle the case where the user has multiple devices (think iPad, iPhone, laptop) tied to the same iMessage account. If they wanted to (or if the government forced them to), they could rig this key server, to deliver FBI (or RCMP) friendly keys, without you knowing.

BlackBerry cannot do this. Keys are generated on the device and transmitted out-of-band to the recipient. BBM accounts are also tied to exactly one device. You cannot have the same BBM account on a phone, tablet and laptop.

Oh, and in both cases, the data is *ONLY* encrypted if both endpoints support it. E.g. iMessage will send an SMS message if the recipient doesn't have iMessage. I don't know how the sender knows this. BBM on the other hand will only send encrypted messages if both parties support BBM Protected. The UI makes it obvious whether you are sending an encrypted message or not.

In summary:

• old versions of BBM and iMessage were bad and messages could be intercepted and decrypted
• newer versions of BBM and iMessage fix this and are comparable from a security standpoint (although arguably there are more failure points in the iMessage solution)
• BBM is cross platform (Android, BBOS, BB10, iOS, Windows phone) which is both an advantage and another vulnerability point (also PlayBook OS, but BBM is not being updated on that platform)
• iMessage is available on iOS and OS X, which means it can be locked down more, but limits the potential audience

As companies, both Apple and BlackBerry are in favour of strong encryption and against backdoors. The unfortunate part is, BlackBerry is trying to nuance its response (if we can provide lawful access, we will) and it muddies what they are actually doing, as they try and gain public relations points against Apple. It is leading to widespread misinformation that hurts their cause.

I wish they would either publicly state they have the same policies as Google, Microsoft, Apple and others, or state that they have stronger policies. Saying they have "softer policies", but not being able to provide a clearly communicated line in the sand of what is acceptable vs. not acceptable is the issue. As near as I can tell, their policies are identical to the others, but their messaging is hurting them.

[Cobra-Commander]

yes that's true, but if it's encrypted they can't read the data passing through. Hence the reason BlackBerry gave out key.

[byex]

yes that's true, but if it's encrypted they can't read the data passing through. Hence the reason BlackBerry gave out key.

Just buy yourself an iphone and put your mind at ease. I have an iphone 6 for sale I rarely use if you're interested.

Posted via CB10

[dejanh]

Just buy yourself an iphone and put your mind at ease. I have an iphone 6 for sale I rarely use if you're interested.

Posted via CB10

Meh, that's last year's tech.

[ADGrant]

Apple users know if a message has been delivered over SMS because it is color coded.

In the case of iCloud privacy, iCloud is optional. You don't have to use it.