Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.
- Thats COLD man... Got the PRIV because it has the best coverage in my area oh, and the Company subsidized the cost.
But still no reason to be 2 Security releases behind. I posted this on another thread but asked the very same question to the guy giving the "Zero-Day patching" speech at the BB Security Summit - all I got (after he spoke to VZW) was that it "might" be bundled with the MM roll out coming...
Wait for it....
SOON.
Sigh...08-08-16 11:01 AMLike 0 -
-
- Their business practices are designed to keep their divisions "honest". The handset division has to buy components on the open market and not rely on supply and discounts from their semiconductor division. This encourages both divisions to be efficient in design, r&d, and manufacturing.MBrettH likes this.08-08-16 11:20 AMLike 1
-
They have this on BB10 as well, you have to enable it to install sideloaded apk's, it's not necessarily a "bad feature" as it's useful for app testing or installing apps directly from a developers website. I believe you can disable this through BES or similar software on both platforms.08-08-16 11:38 AMLike 0 - BlackBerry claim to have the most secure Android OS in the world, yet they are still using obsolete SHA-1 certificates for sensitive customer data.
They can't even get the basics right. And to top it off they are advertising the DTEK as a gaming machine for catching Pokemon with!
This company is in total disarray.MBrettH likes this.08-08-16 11:40 AMLike 1 -
This has nothing to do with that. It is a bug in the Qualcomm chip that affects all phones which use it, irrespective of OS.
My point is, the same as Chen's when he joined BlackBerry, that you cannot provide software security without controlling the hardware chain from design, through manufacturing through hardware verification and then software.
You have to be vertically integrated...or else you suffer from the weakest link problem, as proven here.08-08-16 11:40 AMLike 0 -
If qualcomm puts something in the hardware intentionally, BlackBerry or blackbphone's designers have no clue about it, as it seems to be the case here.
This may not have been intentional, but it could have been...08-08-16 11:45 AMLike 0 - Looking at this hardware issue, it's really a code issue not necessarily hardware. For example BlackBerry looks at the manufacturing process to make sure that foreign chips and software isn't loaded to their devices. For example, one could slip a firmware into the manufacturing process that could allow it to steal code just like mentioned above or add another chip or part that doesn't belong there that could also do the same. It appears that this was a bug though, with the potential of gaining access to code and other information running on the device, compared to its already doing that (and being considered a hack). They reverse engineered Qualcomm's code in order to find this vulnerability. Another thing is that Qualcomm has already patched this and has been submitted to device manufacturers and keeping with BlackBerry's promise of patching every month, they have been really good at keeping this promise. But what's most important here is that this isn't a problem of controlling manufacturing process, it wasn't that a chipset came from another third party company, it was from Qualcomm directly a large company that a lot of manufacturers trust.
If you look at the report directly you can see that the biggest concern that they have is the updating process and the detection process, so there's are two things that BlackBerry is promising to give, maybe those OS integrity things we are seeing in the forumns maybe related to this. I dunno just my quick thoughts
Posted via CB1008-08-16 11:47 AMLike 0 - Interesting read and goes back to what I said many times before, there is no such thing as a 100% secure device in todays high tech world. Just when you think you have designed a "fool proof" device, someone who has nothing better to do then to probe software and chip designs to find flaws will find something you either forgot about or your computer software failed to implement into the design. This is what keeps the anti-virus and security folks in business.08-08-16 11:54 AMLike 4
- Android bug fear in 900 million phones - BBC News
I have been posing that question here for over two years.
Again this proves that without controlling hardware, including designing your own integrated circuits and not buying them from others, a company like BlackBerry cannot claim security.
It's interesting that Samsung (and Apple) are not on the list because they do not use the Qualcomm chip. They have their own.
This also goes back to the security (lack thereof) of a phone designed and assembled in China.IndianTiwari likes this.08-08-16 11:57 AMLike 1 -
- Oh........ok, what the he!! do I know. . How about Apple? Did they not have a controversy a year or two ago when they were using 2 different companies? Maybe that is another example of Conite's reasoning. I just remember reading that some iPhone users were complaining about the problem, but I really could never understand why they used two different suppliers.
Last edited by MikeX74; 08-08-16 at 12:31 PM.
brookie229 likes this.08-08-16 12:05 PMLike 1 - Last security update August 5 in summary
does mention fixes for Qualcomm
BlackBerry powered by Android Security Bulletin ? August 2016
BlackBerry fast reaction...
Posted via PRIV and or Passport SE08-08-16 12:20 PMLike 0 - 08-08-16 12:31 PMLike 1
-
Posted via BlackBerry Priv STV100-108-08-16 12:33 PMLike 0 - Yes, it does seem that just a few months before the Priv was released Samsung promised to implement an android security update process that it (not suprisingly) began to implement at the exact same time Priv was released, and has since provided monthly patches on "selected Samsung devices". I guess you are one of the lucky ones! Samsung copy cats strike again. I heard their new watch looks a lot like iWatch too, go figure!
Posted via BlackBerry Priv STV100-1
I doubt the Priv had anything to do with it, Samsung have far bigger phone makers to worry about e.g. Apple, LG, Huawei etc...08-08-16 12:41 PMLike 0 -
-
Posted via BlackBerry Priv STV100-108-08-16 02:19 PMLike 0 -
And are you seriously calling it innovation??? Oh dear...
08-08-16 02:28 PMLike 0 - What's funny to me is, after everyone reads these reported vulnerabilities that "could" - not HAVE - allow an attacker access, as long as the "attacker" has PHYSICAL access to the device in question, the Chicken Little's do thee EXACT thing that they are told NOT to do... they install a Quadrooter Vulnerability app from an unknown source
I swear.
The only hack people ever need to fear is the hack that has the ability to penetrate their fears.TgeekB likes this.08-08-16 02:44 PMLike 1 -
Posted via BlackBerry Priv STV100-108-08-16 03:10 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.
Similar Threads
-
WTT Z30 + Z10 for Priv
By OTCHRussell in forum Buy, Sell, Trade - Sold / ArchivedReplies: 16Last Post: 10-05-16, 08:47 PM -
BlackBerry 10 128gb micro SD problem
By skstrials in forum BlackBerry 10 OSReplies: 26Last Post: 08-12-16, 08:26 PM -
DTEK50 Cheapest BlackBerry since (BBOS 10)
By schumi_xtreme01 in forum BlackBerry DTEK50Replies: 40Last Post: 08-12-16, 12:45 AM -
When will Best Buy have the new Blackberry D50?
By Trentp03 in forum Ask a QuestionReplies: 3Last Post: 08-10-16, 02:30 AM -
I can not open the installed software
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-09-16, 11:20 PM
LINK TO POST COPIED TO CLIPBOARD