Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.
- The article lists the HTC One and OnePlus One which have a Snapdragon 600 and 801 respectively.
HTC One - Full phone specifications
OnePlus One - Full phone specifications
Else we wouldn't have people telling us that one reason no BB10 phone will be released in the future is because they can't afford to develop BB10 drivers for new qualcomm chips...08-09-16 08:42 AMLike 0 -
It is much harder to introduce backdoors in the integrated circuits when you don't design them and all you do is just solder them on a board.
You would have to reverse engineer the integrated circuit and make your own version with backdoor, and then replace the original IC with your own.
This is not impossible to do but unlikely. Early Intel processors were commonly reverse engineered and mass produced in Eastern Europe during the Cold War, I am told. However, Qualcomm's and Apple's 64-bit processors of today are far more complex than the 8-bit and 16-bit processors of the 1980's.08-09-16 08:43 AMLike 0 -
-
Door Locks and thermostats use Qualcomm? That's very high tech.. Only phones are affected in this case..08-09-16 08:53 AMLike 0 - The hardware is all good, if its a hardware problem then they need to fix the hardware.. Its a problem in the software part and that's why it was fixed through a software update.. Qualcomm didn't get their software right.. A Physical thing as hardware chips can't be hacked.. The software that's connected to it can be hacked..
Door Locks and thermostats use Qualcomm? That's very high tech.. Only phones are affected in this case..IndianTiwari likes this.08-09-16 08:56 AMLike 1 - The more accurate question is which part is not false information.
First, its a software problem.. "so the whole software can't secure hardware bugs" is false.. Its indeed fixed through a software update because its a problem in the software drivers.. rendering the whole point of the thread useless.
Second, the fact that Samsung phones are not affected is false too, they use Qualcomm alongside their chips and the S7 is affected.
Third point.. he argues phones assembled or produced in china can't be secure.. That's just funny.. Doesn't matter where you assemble or produce them.. Qualcomm is american yet the vulnerability is coming from them.. So it has NOTHING to do with China..
1) I did not write that this hardware code bug (yes it's software that controls the hardware (IC) but only works on that IC) had anything to do with China.
All I said was that this proved that a software only company like BlackBerry cannot secure the hardware designed and fabricated by others.
Today, DTEK is supposedly designed and manufactured in China and therefore BlackBerry cannot prevent any intentional backdoor in the hardware from acting on the phone in a way that BlackBerry did not envisage. That's it.
2) as I mentioned in a subsequent post, only the Samsung GS7 that have the Qualcomm chip, not the GS7 that have the Samsung Equinox chip, were affected. This further proves 1) above. It's hardware related. Every processor needs its individual software code to be controlled by the phone. It's in the specific code developed by Qualcomm for its processor where the bug resides. It is not an android problem, although the bug may very well reside in the code written for android drivers.08-09-16 08:57 AMLike 0 -
4 levels of protection:
1) Not allowing app installs from unknown sources.
2) Google Play Services scanning during install (which apparently would prevent this type of infection as stated by Google).
3) Hardware Root of Trust which would not allow a persistent root, thus minimising the threat.
4) BlackBerry Integrity Detection which would alert the user of OS compromise if alteration has occurred.08-09-16 08:59 AMLike 0 - You misinterpreted my email.
I did not write that this hardware code bug (yes it's software that controls the hardware (IC) but only works on that IC) had anything to do with China.
All I said was that this proved that a software only company like BlackBerry cannot secure the hardware designed and fabricated by others.
Today, DTEK is supposedly designed and manufactured in China and therefore BlackBerry cannot prevent any intentional backdoor in the hardware from acting on the phone in a way that BlackBerry did not envisage. That's it.IndianTiwari likes this.08-09-16 09:01 AMLike 1 - That's why BlackBerry Android is a good solution right now.
4 levels of protection:
1) Not allowing app installs from unknown sources.
2) Google Play Services scanning during install (which apparently would prevent this type of infection as stated by Google).
3) Hardware Root of Trust which would not allow a persistent root, thus minimising the threat.
4) BlackBerry Integrity Detection which would alert the user of OS compromise if alteration has occurred.IndianTiwari likes this.08-09-16 09:02 AMLike 1 -
If there was/is a backdoor in the Qualcomm processors that BB10 and android BlackBerry phones use, BlackBerry is unlikely to be aware of it and is unable to circumvent its actions.
Blackberry used to design their own chips, but that stopped circa 2001-2002.anon(9742832) likes this.08-09-16 09:06 AMLike 1 - You misinterpreted my email.
I did not write that this hardware code bug (yes it's software that controls the hardware (IC) but only works on that IC) had anything to do with China.
All I said was that this proved that a software only company like BlackBerry cannot secure the hardware designed and fabricated by others.
Today, DTEK is supposedly designed and manufactured in China and therefore BlackBerry cannot prevent any intentional backdoor in the hardware from acting on the phone in a way that BlackBerry did not envisage. That's it.
Your thread has a lot of wrong info, and you choose not to admit any of them in responding.. you didn't take the time to correct the whole Samsung isn't affected thing. ( You edited your post and responded about the GS7, not my problem)
You said in the thread SOFTWARE can't secure hardware bugs.. That's wrong.. No misinterpretation.. A software update was used to secure the software problem.. Thus its software even if its connected to the hardware.
Its not BlackBerry's problem yet you paint it as if its.. Its Qualcomm's and this has nothing to do with china because BLOODY QUALCOMM IS AMERICAN.. Its Qualcomm's soft and even hardware.. What is china's relation to the discussion.. This is hilarious.. Some people really have a problem with china being successful in producing phones and they kinda use anything to make it look bad..
Oh now its about Backdoors? Please, Don't bring backdoors in the discussion, We're taking something very specific here and its about the Qualcomm's software drivers.. Its not about backdoors and you even argue that people like apple who didn't use their chips are secure.. So, Apple still produce in china... The backdoor point is irrelevant and even if its relevant, it doesn't matter where you produce them.08-09-16 09:08 AMLike 0 - THANK YOU!
This goes for almost all exploits found in the last 2-3years in Android. You would have to want to get the exploit in your phone to get it and that requires turning multiple security settings.
I've been saying this for a long time, these articles always conveniently forget to mention the multiple hurdles you have to go through for the exploit to infect your Android, and people who don't understand how Android works are the ones who cry about these exploits, while us Android users laugh it away, and get a security patch update for an exploit that wouldn't have affected us anyway.
Its great that we have people who find these exploits, but the tech blogs and so on tend to severely exaggerate these things.
^^ These are the sort of people these articles are aimed at.
If Google knew about it, all these phones, including the Nexus ones, would not have been affected.
So, please find better excuses, that can convince people beyond kindergarten level.08-09-16 09:12 AMLike 0 - Maybe it can block it now, after the security update, but Google had no clue about it until the researcher who discovered it alerted Qualcomm a very long time ago.
If Google knew about it, all these phones, including the Nexus ones, would not have been affected.
So, please find better excuses, that can convince people beyond kindergarten level.
All the Security Update will do is ensure that even if you turn Off all the Security in your phone and then find and install the app with the exploit, it won't do any harm.
No excuses, just facts.08-09-16 09:16 AMLike 0 - If the phones were produced in the US or Europe.. Would we keep hearing the whole China BS?.. I can't trust phones from China because its China.. If its anything then its Xenophobia and jealousy of China's position.. If these phones were all produced in the US, Canada or Europe.. I wouldn't be hearing a US or Canada production problem.. But its the communists problem always.. Come on guys you still living in the Cold war.. All companies produce in China and the phones are as secure as they get, otherwise the US Gov won't be using Devices produced there..
It was a mess up by a non Chinese company and yet you put no blame on them (Qualcomm).. Only on BlackBerry which is not their problem really, and definitely not China's Problem..
BlackBerry's Android is the best and indeed the most secure out there.. But its not implementable and nothing is.. Flaws will be discovered.. They're not Gods.. They don't create something perfect.. No one does.. Get on with it.. Its always like that, people waiting and waiting for the slightest security flaw so they can diss BlackBerry.. even if its not their problem.. Even if its Qualcomm's.. We will now blame F***** BlackBerry for not using their own chips.. How dare they.. and how dare they manufacture in china even if it has nothing to do with the security flaw..08-09-16 09:20 AMLike 0 - I didn't misinterpret anything.
Your thread has a lot of wrong info, and you choose not to admit any of them in responding.. you didn't take the time to correct the whole Samsung isn't affected thing. ( You edited your post and responded about the GS7, not my problem)
You said in the thread SOFTWARE can't secure hardware bugs.. That's wrong.. No misinterpretation.. A software update was used to secure the software problem.. Thus its software even if its connected to the hardware.
Its not BlackBerry's problem yet you paint it as if its.. Its Qualcomm's and this has nothing to do with china because BLOODY QUALCOMM IS AMERICAN.. Its Qualcomm's soft and even hardware.. What is china's relation to the discussion.. This is hilarious.. Some people really have a problem with china being successful in producing phones and they kinda use anything to make it look bad..
Oh now its about Backdoors? Please, Don't bring backdoors in the discussion, We're taking something very specific here and its about the Qualcomm's software drivers.. Its not about backdoors and you even argue that people like apple who didn't use their chips are secure.. So, Apple still produce in china... The backdoor point is irrelevant and even if its relevant, it doesn't matter where you produce them.
Yes, the Samsung phones that use that chip are also affected, but not those that don't use that chip.
BlackBerry software could not detect that problem.
The conclusion that I drew (and which I stated in other threads during the past two years) is that BlackBerry cannot prevent a bug at the hardware level from affecting the phone and the user data.
Yes, if BlackBerry designs and manufactures its phones in China it has no way of preventing similar intentional or unintentional hardware bugs from happening. This is where I brought in China because Dtek50 is designed and manufactured in China. I did not say that it has happened, all I said was that it might happen and it makes no sense to allow that to happen if you plan to sell those phones to western companies and governments.
And yes, if you do not design both the hardware (including the ICS and especially the ICs) and the software you can never be 100% sure that you can secure the phone. Even Chen used to state that when he joined the company. Now it doesn't suit him to say that anymore.08-09-16 09:21 AMLike 0 - You don't seem to grasp what is being said. Its ALREADY blocked BEFORE the Security Update, unless you decide to turn off all the Security, THEN it can affect your device
All the Security Update will do is ensure that even if you turn Off all the Security in your phone and then find and install the app with the exploit, it won't do any harm.
No excuses, just facts.TGR1 likes this.08-09-16 09:26 AMLike 1 - What I wrote is correct. Yes, it is a problem with the Qualcomm chip.
Yes, the Samsung phones that use that chip are also affected, but not those that don't use that chip.
BlackBerry software could not detect that problem.
The conclusion that I drew (and which I stated in other threads during the past two years) is that BlackBerry cannot prevent a bug at the hardware level from affecting the phone and the user data.
Yes, if BlackBerry designs and manufactures its phones in China it has no way of preventing similar intentional or unintentional hardware bugs from happening. This is where I brought in China because Dtek50 is designed and manufactured in China. I did not say that it has happened, all I said was that it might happen and it makes no sense to allow that to happen if you plan to sell those phones to western companies and governments.
You can keep arguing hardware chips all day long.. Your point is invalid, Software was used to secure a software bug, its not a physical hardware problem.. Its the software connected to it.. They didn't go and fix the bloody chips physically.. as a result, Your title thread is wrong because a software update was indeed used to secure the problem which was in the software drivers anyhow..
Oh nice of you to bring Western word in the discussion.. I See I see, you're one of these guys who are hating on China being able to produce anything and the whole world going there to do it.. Its indeed a western Vs Eastern or Red china or whatever problem.. Well, Get over it, because it ain't going away anytime soon.08-09-16 09:30 AMLike 2 -
There could be hardware code problems in Apple A-series SoCs, Samsung Exynos SoCs and Huawei Kirin SoCs, but the number of Snapdragon devices that exist by far outnumber all 3 put together, worth it to invest and find ways to exploit them and get money from people who don't know any better.08-09-16 09:34 AMLike 0 - You gotta be kidding me? You're still arguing China yet you admit its a problem with Qualcomm.. How the hell would it help if they produce them in Canada or the US? it would've still happened... It would've still been Qualcomm who produced the bloody chips with its software.. Dude, leave china out of it..
You can keep arguing hardware chips all day long.. Your point is invalid, Software was used to secure a software bug, its not a physical hardware problem.. Its the software connected to it.. They didn't go and fix the bloody chips physically.. as a result, Your title thread is wrong because a software update was indeed used to secure the problem which was in the software drivers anyhow..
Oh nice of you to bring Western word in the discussion.. I See I see, you're one of these guys who are hating on China being able to produce anything and the whole world going there to do it.. Its indeed a western Vs Eastern or Red china or whatever problem.. Well, Get over it, because it ain't going away anytime soon.
By the way, if you read my postings in this thread, I suggested in one of them that this type of hardware code error could be accidental or intentional and that the NSA could be "in cahoots" (to quote from others) with Qualcomm. The bug was discovered by a guy with a Russian name who reverse engineered the qualcomm code for 6 months. I am guessing the code was not available to him or else he would not need to reverse engineer it..
So, relax, all security services do their best to use or implant bugs if they can. I have no insight into any of this, I am just speculating about intentional bugs. They most likely are accidental, due to the incompetence of those who wrote the firmware.Last edited by sorinv; 08-09-16 at 09:50 AM.
08-09-16 09:39 AMLike 0 - Despite the excited tone and the rest of the text that has nothing to do with the thread and my posts, you do bring up the point of bugs in the physical IC. Those are possible, too. You can use software to activate fuses in the IC and reprogram some digital logic. But that's a different discussion. Did not happen in this case, apparently.08-09-16 09:42 AMLike 0
- CheckPoint is the reputable security firm who discovered and disclosed the Quadrooter vulnerability.
In this case, their app is okay for scanning. Sorta like when Zimperium released an app for determine Stagefright exposure (Zimperium was the security firm that found Stagefright).IndianTiwari likes this.08-09-16 10:34 AMLike 1 - All you have to do is to read my posts here. It is very clear.
Most of the rest of the posts here are on a different topic that has little to do with the thread.
The thread is about hardware firmware bugs which BlackBerry and other phone and OS manufacturers (Google, BlackBerry, Silent Circle, Samsung..) have no control over.
This is not malware. It's a security flaw in the Qualcomm Snapdragon 808 and 810 (I am guessing based on the list of phones affected) which was discovered by a security expert after 6 months of reverse engineering the Qualcomm code.
The passport or other bb10 phones are not affected because they use older qualcomm Snapdragon chips like the 801.
This is not android malware.08-09-16 10:39 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.
Similar Threads
-
WTT Z30 + Z10 for Priv
By OTCHRussell in forum Buy, Sell, Trade - Sold / ArchivedReplies: 16Last Post: 10-05-16, 08:47 PM -
BlackBerry 10 128gb micro SD problem
By skstrials in forum BlackBerry 10 OSReplies: 26Last Post: 08-12-16, 08:26 PM -
DTEK50 Cheapest BlackBerry since (BBOS 10)
By schumi_xtreme01 in forum BlackBerry DTEK50Replies: 40Last Post: 08-12-16, 12:45 AM -
When will Best Buy have the new Blackberry D50?
By Trentp03 in forum Ask a QuestionReplies: 3Last Post: 08-10-16, 02:30 AM -
I can not open the installed software
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-09-16, 11:20 PM
LINK TO POST COPIED TO CLIPBOARD