10-03-16 12:12 AM
119 ... 345
tools
  1. Dunt Dunt Dunt's Avatar
    Not to tap everyone's phone with a global key.
    Well at least not yet.... But that is what they are push for.

    I agree that if it stops a bad person from doing more bad things... that's a good thing.

    The only issues is what might be legal in the US, is not legal in Russia.
    04-22-16 03:18 PM
  2. anon(1723145)'s Avatar
    It's a real stab in the back for BlackBerry to want $$$ for end to end encryption on BBM when other services offer it for free.


    ClassicSQC100-3/10.3.2.858
    Cobra-Commander likes this.
    04-22-16 04:06 PM
  3. ADGrant's Avatar
    It's a real stab in the back for BlackBerry to want $$$ for end to end encryption on BBM when other services offer it for free.


    ClassicSQC100-3/10.3.2.858
    It does seem to conflict with their marketing.
    techvisor likes this.
    04-22-16 06:07 PM
  4. ADGrant's Avatar
    I consider vulnerabilities that require physical access to the device to be much less severe than remote access vulnerabilities. And even for iOS, if the FBI had to ask apple to unlock a device means that even with physical access the acessing the encrypted data on the device was no easy task.
    They were able to buy a zero day exploit for over $1 million apparently. However, the exploit does not work for iOS 9 or 64bit iPhones.
    04-22-16 06:10 PM
  5. ADGrant's Avatar
    And I found it after 5 seconds google search
    iOS 9.3 Jailbreak Demoed On Video | Redmond Pie



    As I said, Justin Case failure here is a very prominent example.
    If you would follow the vulnerabilities which haven been reported for BB10 since 2013, then you would realize many of these have been reported by 3rd parties, who tried to find vulnerabilities, but there was no root/jailbreak.

    The thing is, I wouldn't care about the 100.000 wannabe hackers out there who examined iOS without reporting anything.
    But I do care about the rather small number of professionals who have examined BB10 (and iOS of course).
    The video you posted referred to a beta version of 9.3. The latest version of iOS is 9.3.1.
    techvisor likes this.
    04-22-16 06:12 PM
  6. ADGrant's Avatar
    You should care, because it is a strong indicator whether the system is stable or not.
    Hacking is just another word for misusing an instability.
    BB10 is extremly stable, iOS is extremly unstable.

    That in turns has consequences, when you connect your device to a network, browse in the internets or opening median files etc etc...on all these events any iOS version is much easier to hack than a BB10 device.
    If by unstable you mean actively developed then I agree, iOS is much less stable than BB10.
    04-22-16 06:13 PM
  7. Superfly_FR's Avatar
    I consider vulnerabilities that require physical access to the device to be much less severe than remote access vulnerabilities. And even for iOS, if the FBI had to ask apple to unlock a device means that even with physical access the acessing the encrypted data on the device was no easy task.
    Fast calculation states $1.5million worth hack.
    (sorry, I still listen to air radio, no link ! Serious information radio thoug)

    Posted via CB10
    04-22-16 06:59 PM
  8. dman2009's Avatar
    The added $30 per year may raise security to the same level as iMessage but for me at least, there are a lot of people I can send an iMessage to, I know nobody who uses BBM.

    What makes you think iOS is any more vulnerable than BB 10, its definitely more secure than Android (BBs new choice of OS).
    Here are the latest stats for the National Vulnerability Database (Apple is doing a little better so far this year but look at its history):

    I find John Chen's position on encryption disturbing.-screen-shot-2016-04-23-2.41.03-pm.pngI find John Chen's position on encryption disturbing.-screen-shot-2016-04-23-2.42.26-pm.pngI find John Chen's position on encryption disturbing.-screen-shot-2016-04-23-2.43.20-pm.png

    Also, here's an article about the keychain issue that to my knowledge still hasn't been fixed as it would require a re-write of most iOS and Mac OS applications:

    Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac

    I think Apple does a great job giving its users a false sense of security. Android OS is a less modified version of Unix / Linux than iOS. A lot of architectural compromises were made with iOS to create that fast user experience and high level of convenience it has. Just like with Microsoft Windows, once you make those compromises early in the design of the OS, it's hard to fix later.

    BB10 was built with a security focus from the beginning. Of course this can make for a somewhat less consumer friendly experience.

    Android is inherently secure but Google Play can be dicey and your best bet is to be careful with what you download and install. Of course the privacy of Android comes into question simply due to the data collection revenue model.

    Again, didn't want to jump on the grenade but there seems to be a lot of misinformation out there about Apple.
    byex likes this.
    04-23-16 04:54 PM
  9. dusanvn's Avatar
    I'm late to the topic but I'd like to share my two cents.

    Chen is honest. He just tells the truth.

    Security is expensive, intelligence is cheaper. And NSA/FBI are richer than BlackBerry/Microsoft.

    I've said earlier here on CB that there're basically two types of backdoors: key implanting (aka NSAKEY) and key escrow (aka Clipper chip, Fortezza card). What hasn't said is how these techniques are called by (at least some) government cryptographers in my country: in their jargons, MS technique stands for NSAKEY, and BB technique, ehm, for Clipper/Fortezza.

    Snowden chose to reveal his identity when he opened NSA's scandal because he knew he can't keep it (his identity) secret.

    That said, I agree with the OP.

    Disclaimer: I'm not a crypto guy.



    Posted via CB10/BB PP SE.
    04-23-16 04:59 PM
  10. Superdupont 2_0's Avatar
    Fast calculation states $1.5million worth hack.
    (sorry, I still listen to air radio, no link ! Serious information radio thoug)

    Posted via CB10
    While I'm convinced that iOS is much less secure than BB10, I still would admit that iOS is secure enough.
    If you have to spend $1,5 million to hack my phone, so be it.
    TgeekB likes this.
    04-24-16 06:38 AM
  11. Superdupont 2_0's Avatar
    If by unstable you mean actively developed then I agree, iOS is much less stable than BB10.
    In general I never judge a OS (or person or anything) only by the experience of a few months.
    I look rather at years and then I judge.

    So, by "unstable" I do not mean "under development".
    If you look back at the last three years, BB10 and iOS were both "continously developed".
    iOS was catching up with security and stole a lot of features from BB10, while BB10 was catching up with feature but also got further security improvments.

    However, iOS 8 and iOS9 have been very buggy on release.
    BB10 had a few bugs as well, but I don't think it plays in the same league like iOS8/9.

    BB10 was rootable only once on relase mid on 2013 and then never again.
    iOS is rootable since first release a decade ago, but perhaps, *maybe* there will no jailbreak for iOS 9.3.1.
    So, which of these two OSes looks more stable?
    The one that had only 1 jailbreak in its history or the one that had dozen jailbreaks?
    BallRockReaper likes this.
    04-24-16 06:51 AM
  12. crazy mazy's Avatar
    The funny part about apple is that some no name hacker was able to compromise Apple so called "amazing encryption" without a key. So what do you think about that? Bottom line is Blackberry phones cannot and i repeat cannot be hacked. Now it seems that after years of trying to get DOD certificatrion, DOD is going to to go with BB phones and Microsoft desktop, as well as BES12 , for all their needs. Stop trying to shamelessly promote Apple products,as the most secure where facts have proven time and time again they are not! The latest Apple escapade is just a publicity stunt, and it seems like you fell for it!
    BallRockReaper likes this.
    04-24-16 07:35 AM
  13. anon(8719892)'s Avatar
    The government doesn't have a master key that decrypts iMessages.


    That has got absolutely NOTHING to do with 'Device security' (the post). That is IM security.

    On that note.... the Govt DOES have a 'master method' for breaking into all but the newest iPhones. Boing.
    04-24-16 08:13 PM
  14. Cobra-Commander's Avatar
    BBM alone never was stated as "safe" or "encrypted". For ages, we know that it is single public key driven witch in not compatible with the notion of secured; BlackBerry acknowledged it clear and loud, using the word "scrambled".

    There are still two options that do match with the highest security qualification :
    - BBM in a BES context (for EMM enabled structures)
    - BBM protected (for individuals, S&M companies, self-employed, ...)

    Attachment 397889



    You probably read it wrong about what they will/can do. [and this is MY personal reading]
    1/ They do not have access to private keys: there's no magic, no tales. They can't.
    2/ Cooperating do not mean "we can do whatever we want", it means just that : cooperating.
    So yes, BlackBerry engineers will offer support to diagnose and describe the security levels, point out weakness (like badly implemented third parties hooks, unsecured procedures, missing security patches, etc).
    3/ I'm not sure how you can state BlackBerry gave the public key and what are your information regarding its renewal rate (do you believe the same key is in use since 2007 ?).

    Now the apple/FBI debate is different.
    1/ They jumped on it like hunger on third-world (ancient expression, pardon me) for marketing purposes.
    2/ They stated "we could, but we won't". Oh, can they, really ? What's the level of trust then ? How many engineers at infinite loop have the ability to do so ? Is that documented ? Did apple - ever/before - implemented fragmented/rolling security teams ? [please note : all of these are questions, reflecting my personal doubts/level of confidence]


    Ultimately,
    if you want to be safe, you'd first have to be sure your device is safe.
    x,y,z can offer the strongest encryption in the world, listening to your calls or your kb inputs (or recording the vibrations, moves using sensors) is a piece of cake if your device can be infected by a pimpled computer science student test drive.

    So, relax, get BBM protected if you want to be safe 100% (and offer it - for free - to your contacts when chatting with them).
    And if you prefer another tool well, just go for it ... but be sure of what you get ... and give (if it's "free").
    BBM protected is nothing but the same BBM where BES is being run by blackberry servers. How can you trust Chen won't give out the key to governments and authorities? On top of it, why should I pay for end to end encryption when there are plenty of apps that do it for free? What happens to the data exchanged by BBM protected once you stop paying for it? The person I am messaging to has not subscribed, which means not protected. No thanks.

    Blackberry always seem to be behind the curve. Always late to the party.
    05-09-16 12:36 PM
  15. Superfly_FR's Avatar
    BBM protected is nothing but the same BBM where BES is being run by blackberry servers
    No.
    Encrypted, secure mobile messaging ? BBM Protected - Global
    (scroll down to "Protect data in transit")
    Messages between BBM Protected users are encrypted using a PGP like model. The sender and recipient have unique public/private encryption and signing keys.


    On top of it, why should I pay for end to end encryption when there are plenty of apps that do it for free?
    And they're 100% trustable, safe, with a long history to demonstrate it ?
    (add the device security, as mentioned above)

    What happens to the data exchanged by BBM protected once you stop paying for it? The person I am messaging to has not subscribed, which means not protected
    Good question, but I really don't believe the "other" will be able to retrieve the data if you're not a subscriber anymore, the model seems to require a pair of valid keys [will ask and respond later, once I have a technical answer]. => see edit at the bottom pls.
    P.S: and what happens with the "other" messaging apps you have in mind ? What if you stop using WA, for instance ?

    As for being late ... lol ... AFAIK, others are trying to catch up (stacking & patching layers over layers) while there's been no drastic changes in BlackBerry security model for ages, without compromise. BlackBerry's "end to end" mantra is here from day one and security IS the bottom layer of anything. This is not how "others" are dealing with it ... because they simply can't, unless they rethink the whole thing.

    Edit : I got a response from BlackBerry : "The data being sent stays on the device, that's it. User can keep or delete if needed. It's just a different format of encryption". But I'm still confused about what you mean - the real life scenario. Since you communicated securely with someone and delivered message(s) he can read, what do you expect as a "more secure" behavior ?
    Last edited by Superfly_FR; 05-10-16 at 11:19 AM.
    05-10-16 08:44 AM
  16. byex's Avatar
    BBM protected is nothing but the same BBM where BES is being run by blackberry servers. How can you trust Chen won't give out the key to governments and authorities? On top of it, why should I pay for end to end encryption when there are plenty of apps that do it for free? What happens to the data exchanged by BBM protected once you stop paying for it? The person I am messaging to has not subscribed, which means not protected. No thanks.

    Blackberry always seem to be behind the curve. Always late to the party.
    GI Joe uses BBM protected.

    Posted via CB10
    05-21-16 09:47 AM
  17. Prem WatsApp's Avatar
    Zero-Knowledge Services might be the best for both parties, user/subscriber as well as provider...

    :-D

    It's probably not as consumer-friendly to set up (maybe?), and BlackBerry can't differentiate their enterprise-level services vs the consumer-facing ones (BBM Protected vs BBM standard) if they offer this kind of protection for both services levels.

    A zero-knowledge provider can just do a Pontius Pilate and wash their hands. At least they might try...

      There's a Crack in the Berry right now...  
    05-22-16 10:43 PM
  18. ADGrant's Avatar
    That has got absolutely NOTHING to do with 'Device security' (the post). That is IM security.

    On that note.... the Govt DOES have a 'master method' for breaking into all but the newest iPhones. Boing.
    No it does not. It has a way to break in to certain models of iPhone. We don't know how many models the back would work on. We do know it won't work on the 64bit phones.
    05-23-16 05:41 PM
  19. Cobra-Commander's Avatar
    Btw Edward Snowden uses Open Whisper systems Signal app for messaging, so that says a lot from a paranoid ex-NSA employee.

    https://whispersystems.org/
    10-03-16 12:12 AM
119 ... 345

Similar Threads

  1. I have a stupid question.!Android os on BlackBerry.?
    By bajaa in forum BlackBerry Z30
    Replies: 9
    Last Post: 04-23-16, 12:16 PM
  2. Why am I unable to access the notifications because I have a security setting of a swipe on my screen?
    By Ron Rybar in forum General BlackBerry News, Discussion & Rumors
    Replies: 1
    Last Post: 04-22-16, 12:37 PM
  3. What is the purpose of hidden folder on Blackberry Passport?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 04-21-16, 07:52 AM
  4. How do I back up my BlackBerry PRIV on an Apple Mac?
    By CrackBerry Question in forum BlackBerry Priv
    Replies: 2
    Last Post: 04-20-16, 07:26 PM
  5. Hay day on bb10 transfer to android phone?
    By incongruent in forum Android Apps
    Replies: 0
    Last Post: 04-20-16, 06:42 AM
LINK TO POST COPIED TO CLIPBOARD