Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.
- Why would you install an app, from a source you don't know, claiming to offer "security" for a price? What if that very app installed the hack you're bent out of shape over, and low and behold NOW you DO have verifiable malicious code, that the app you agreed to install, installed. You my friend, just infected your phone. Good job. Someone get this soul a cookie.
(Oh and by the way it's LO and behold. Study English much?)MBrettH likes this.08-08-16 10:10 PMLike 1 - All you have to do is to read my posts here. It is very clear.
Most of the rest of the posts here are on a different topic that has little to do with the thread.
The thread is about hardware firmware bugs which BlackBerry and other phone and OS manufacturers (Google, BlackBerry, Silent Circle, Samsung..) have no control over.
This is not malware. It's a security flaw in the Qualcomm Snapdragon 808 and 810 (I am guessing based on the list of phones affected) which was discovered by a security expert after 6 months of reverse engineering the Qualcomm code.
The passport or other bb10 phones are not affected because they use older qualcomm Snapdragon chips like the 801.
This is not android malware.08-08-16 10:31 PMLike 3 - In terms of the chips, that's a false assumption - namely that BlackBerry is somehow the only company to ever create hardware and software without any bugs.
The Russian guy is a security researcher for Check Point (a credible security research firm). His job (ie reason) is to find big bugs and make big bucks for his company.
The chips are more than a year old. Even though there's (yet) and proof of the exploit in the wild. But let's assume that a state or highly motivated actor did in fact exploit this before it was disclosed. It still doesn't limit the damage to Android. BB10 could just as easily been affected.Last edited by sorinv; 08-08-16 at 10:45 PM.
08-08-16 10:34 PMLike 0 - I saw 4 vulnerabilities fixed here. Not sure if those are the four that they were talking about what do you guys think?
CVE-2016-3855
A vulnerability in the thermal driver can result in a local malicious application being able to corrupt memory, possibly resulting in a temporary denial of service.
CVE-2016-3850 (bootloader)
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2016-2504 (GPU)
CVE-2016-3842(GPU)
Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
CVE-2016-3843 (performance component)
Elevation of privilege vulnerabilities in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel.
Posted via CB1008-08-16 11:17 PMLike 0 - This is not malware. It's a security flaw in the Qualcomm Snapdragon 808 and 810 (I am guessing based on the list of phones affected) which was discovered by a security expert after 6 months of reverse engineering the Qualcomm code.
The passport or other bb10 phones are not affected because they use older qualcomm Snapdragon chips like the 801.
HTC One - Full phone specifications
OnePlus One - Full phone specifications08-08-16 11:31 PMLike 0 - Most of the apps from KNOWN sources ask for too many intrusive permissions. Android OS is built first to track you, then make phone calls, thence comes the basis of the Google business model. I bought a Priv, but will always be disappointed in BlackBerry. They already had the best and most secure OS, and a recognizable name. They screwed up the marketing, it seems.
Last edited by MBrettH; 08-09-16 at 01:04 AM.
andy957 likes this.08-09-16 12:06 AMLike 1 -
Don't trust anyone until they earn your trust. Then, watch your back.08-09-16 12:25 AMLike 0 - Wrong. Ideas have value, that's why the copycats steal them. There's a brand new colour in the crayon set called "Korean litigation". It's right beside the other new colour called "I'm mad because I overpaid for a piece of copy-cat garbage".
Posted via BlackBerry Priv STV100-108-09-16 01:43 AMLike 0 - Samsung and Apple phones have their own weaknesses. And I think Samsung/Apple phones, I dunno, just a few of them might also be Chinese made ;-)08-09-16 03:05 AMLike 0
- Bla1zeCB OGAnd this is why you don't get your nickers in a knot...90% of devices have it blocked anyway on Google side - Google confirms 'Verify Apps' can block apps with QuadRooter exploits | Android CentralThud Hardsmack likes this.08-09-16 03:32 AMLike 1
- And this is why you don't get your nickers in a knot...90% of devices have it blocked anyway on Google side - Google confirms 'Verify Apps' can block apps with QuadRooter exploits | Android Central
This goes for almost all exploits found in the last 2-3years in Android. You would have to want to get the exploit in your phone to get it and that requires turning multiple security settings.
I've been saying this for a long time, these articles always conveniently forget to mention the multiple hurdles you have to go through for the exploit to infect your Android, and people who don't understand how Android works are the ones who cry about these exploits, while us Android users laugh it away, and get a security patch update for an exploit that wouldn't have affected us anyway.
Its great that we have people who find these exploits, but the tech blogs and so on tend to severely exaggerate these things.
^^ These are the sort of people these articles are aimed at.08-09-16 04:19 AMLike 0 -
Quadrooter is a codec, like Stagefright is. And if you installed an app that scans for a Quadroot and not Quadrooter, you've been scammed. So what it's on Google Play store, you don't know if what you just installed is in fact the malicious code you're attempting to avoid. Who are these "same people" ? Up until Baidu acquired ES File Explorer, I used that file manager for many years. But now this app phones home, so I don't use it anymore.08-09-16 04:33 AMLike 0 - It seems that BlackBerry Allready patch 3 out of 4 with the last update. Still one is open and don't install apps you download from somewhere else.08-09-16 06:36 AMLike 0
- I'm a published author. And it's obvious you understood what I said. What I'm not understanding is what does language have to do with the matter at hand, unless that was your best attempt at expressing your superiority over English? Good for you !!!
Quadrooter is a codec, like Stagefright is. And if you installed an app that scans for a Quadroot and not Quadrooter, you've been scammed. So what it's on Google Play store, you don't know if what you just installed is in fact the malicious code you're attempting to avoid. Who are these "same people" ? Up until Baidu acquired ES File Explorer, I used that file manager for many years. But now this app phones home, so I don't use it anymore.
In this case, their app is okay for scanning. Sorta like when Zimperium released an app for determine Stagefright exposure (Zimperium was the security firm that found Stagefright).08-09-16 07:10 AMLike 3 - The more accurate question is which part is not false information.
First, its a software problem.. "so the whole software can't secure hardware bugs" is false.. Its indeed fixed through a software update because its a problem in the software drivers.. rendering the whole point of the thread useless.
Second, the fact that Samsung phones are not affected is false too, they use Qualcomm alongside their chips and the S7 is affected.
Third point.. he argues phones assembled or produced in china can't be secure.. That's just funny.. Doesn't matter where you assemble or produce them.. Qualcomm is american yet the vulnerability is coming from them.. So it has NOTHING to do with China..08-09-16 08:32 AMLike 0 - CheckPoint is the reputable security firm who discovered and disclosed the Quadrooter vulnerability.
In this case, their app is okay for scanning. Sorta like when Zimperium released an app for determine Stagefright exposure (Zimperium was the security firm that found Stagefright).08-09-16 08:32 AMLike 0 -
Now run along and be a good Android fanboy...
Posted via BlackBerry Priv STV100-108-09-16 08:38 AMLike 0 - The more accurate question is which part is not false information.
First, its a software problem.. "so the whole software can't secure hardware bugs" is false.. Its indeed fixed through a software update because its a problem in the software drivers.. rendering the whole point of the thread useless.
Second, the fact that Samsung phones are not affected is false too, they use Qualcomm alongside their chips and the S7 is affected.
Third point.. he argues phones assembled or produced in china can't be secure.. That's just funny.. Doesn't matter where you assemble or produce them.. Qualcomm is american yet the vulnerability is coming from them.. So it has NOTHING to do with China..08-09-16 08:39 AMLike 0 - To be truthful its not even a software issue, but a hardware and driver issue. This is becoming very common with sloppy drivers and pushed out products. The real issue is all the other products affected and not even mentioned. Such as smart door locks, and thermostats to name a few.
I don't know about door locks or thermostats using Qualcomm gear.. So I've no info regarding that.. Someone can always enlighten us though.08-09-16 08:41 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.
Similar Threads
-
WTT Z30 + Z10 for Priv
By OTCHRussell in forum Buy, Sell, Trade - Sold / ArchivedReplies: 16Last Post: 10-05-16, 08:47 PM -
BlackBerry 10 128gb micro SD problem
By skstrials in forum BlackBerry 10 OSReplies: 26Last Post: 08-12-16, 08:26 PM -
DTEK50 Cheapest BlackBerry since (BBOS 10)
By schumi_xtreme01 in forum BlackBerry DTEK50Replies: 40Last Post: 08-12-16, 12:45 AM -
When will Best Buy have the new Blackberry D50?
By Trentp03 in forum Ask a QuestionReplies: 3Last Post: 08-10-16, 02:30 AM -
I can not open the installed software
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-09-16, 11:20 PM
LINK TO POST COPIED TO CLIPBOARD