08-09-16 08:36 PM
225 12345 ...
tools
  1. zephyr613's Avatar
    Having to put up with Verizon's idiocy is on you. Lol.
    Thats COLD man... Got the PRIV because it has the best coverage in my area oh, and the Company subsidized the cost.

    But still no reason to be 2 Security releases behind. I posted this on another thread but asked the very same question to the guy giving the "Zero-Day patching" speech at the BB Security Summit - all I got (after he spoke to VZW) was that it "might" be bundled with the MM roll out coming...

    Wait for it....

    SOON.

    Sigh...
    08-08-16 11:01 AM
  2. zephyr613's Avatar
    08-08-16 11:03 AM
  3. Jack Chin's Avatar
    Good topic/thread.

    Posted via CB10
    08-08-16 11:04 AM
  4. Sairos's Avatar
    Good topic/thread.

    Posted via CB10
    Yeah if you like threads with false information..
    08-08-16 11:08 AM
  5. zephyr613's Avatar
    Yeah if you like threads with false information..
    And which part would be false information?
    08-08-16 11:15 AM
  6. PantherBlitz's Avatar
    I believe they do it so they don't have to rely exclusively on their own chip design. If they choose to stop making their own, they can seamlessly continue with Qualcomm.
    Their business practices are designed to keep their divisions "honest". The handset division has to buy components on the open market and not rely on supply and discounts from their semiconductor division. This encourages both divisions to be efficient in design, r&d, and manufacturing.
    MBrettH likes this.
    08-08-16 11:20 AM
  7. Tsepz_GP's Avatar
    Not sure it proves anything actually, other than Priv, Nexus, and Blackphone are likely the only devices on that list that will receive a timely update to rectify the issue.

    Posted via BlackBerry Priv STV100-1
    Why only Priv, Nexus and Blackphone? I get monthly security updates on my Note 4.
    Mecca EL likes this.
    08-08-16 11:21 AM
  8. Invictus0's Avatar
    You sounds like Apple security. As long as you don't connect it to the network, you are safe. The OS should prevent malicious apps from functioning. BlackBerry no longer controls the OS space.
    BB10 wouldn't inherently prevent malicious apps either.

    Just having that option available would be a bit risky for a " secure" phone, do you have to provide a password or code to access these options?
    They have this on BB10 as well, you have to enable it to install sideloaded apk's, it's not necessarily a "bad feature" as it's useful for app testing or installing apps directly from a developers website. I believe you can disable this through BES or similar software on both platforms.
    08-08-16 11:38 AM
  9. ohaiguise's Avatar
    BlackBerry claim to have the most secure Android OS in the world, yet they are still using obsolete SHA-1 certificates for sensitive customer data.

    They can't even get the basics right. And to top it off they are advertising the DTEK as a gaming machine for catching Pokemon with!

    This company is in total disarray.
    MBrettH likes this.
    08-08-16 11:40 AM
  10. sorinv's Avatar
    Can I troll about the Blackphone being affected? Both versions!

    ••• вℓα’квєяяу ραѕѕρσят ѕιℓνєя є∂ιтιση •••
    Yes you can. The usual suspects diverted the discussion to apps and android.
    This has nothing to do with that. It is a bug in the Qualcomm chip that affects all phones which use it, irrespective of OS.
    My point is, the same as Chen's when he joined BlackBerry, that you cannot provide software security without controlling the hardware chain from design, through manufacturing through hardware verification and then software.

    You have to be vertically integrated...or else you suffer from the weakest link problem, as proven here.
    08-08-16 11:40 AM
  11. sorinv's Avatar
    Oh by the way, how is it that Software can't secure hardware bugs when the vulnerability is being fixed through Software Updates?

    The vulnerability is found in the Qualcomm software drivers, thus your whole thread is invalid xD.
    That's a bit more subtle. This is the software developed by qualcomm to control their hardware. It's related to the integrated circuit.
    If qualcomm puts something in the hardware intentionally, BlackBerry or blackbphone's designers have no clue about it, as it seems to be the case here.
    This may not have been intentional, but it could have been...
    08-08-16 11:45 AM
  12. sorinv's Avatar
    Looking at this hardware issue, it's really a code issue not necessarily hardware. For example BlackBerry looks at the manufacturing process to make sure that foreign chips and software isn't loaded to their devices. For example, one could slip a firmware into the manufacturing process that could allow it to steal code just like mentioned above or add another chip or part that doesn't belong there that could also do the same. It appears that this was a bug though, with the potential of gaining access to code and other information running on the device, compared to its already doing that (and being considered a hack). They reverse engineered Qualcomm's code in order to find this vulnerability. Another thing is that Qualcomm has already patched this and has been submitted to device manufacturers and keeping with BlackBerry's promise of patching every month, they have been really good at keeping this promise. But what's most important here is that this isn't a problem of controlling manufacturing process, it wasn't that a chipset came from another third party company, it was from Qualcomm directly a large company that a lot of manufacturers trust.

    If you look at the report directly you can see that the biggest concern that they have is the updating process and the detection process, so there's are two things that BlackBerry is promising to give, maybe those OS integrity things we are seeing in the forumns maybe related to this. I dunno just my quick thoughts

    Posted via CB10
    Correct.
    08-08-16 11:47 AM
  13. anon(9742832)'s Avatar
    Interesting read and goes back to what I said many times before, there is no such thing as a 100% secure device in todays high tech world. Just when you think you have designed a "fool proof" device, someone who has nothing better to do then to probe software and chip designs to find flaws will find something you either forgot about or your computer software failed to implement into the design. This is what keeps the anti-virus and security folks in business.
    Also no matter how secure you make the phone, its the end user that will dictate how secure it really is.
    08-08-16 11:54 AM
  14. anon(9742832)'s Avatar
    Android bug fear in 900 million phones - BBC News

    I have been posing that question here for over two years.
    Again this proves that without controlling hardware, including designing your own integrated circuits and not buying them from others, a company like BlackBerry cannot claim security.
    It's interesting that Samsung (and Apple) are not on the list because they do not use the Qualcomm chip. They have their own.

    This also goes back to the security (lack thereof) of a phone designed and assembled in China.
    This happens all the time, interesting that its a cell phone now, I was just reading about security issues with soft hardware. IE thermostats and alike. The security is terrible so I wonder if this is the same side of the coin.
    IndianTiwari likes this.
    08-08-16 11:57 AM
  15. conite's Avatar
    This may not have been intentional, but it could have been...
    Are you implying that Qualcomm is in cahoots with someone with nefarious intent? That's a bit much, no?
    08-08-16 11:59 AM
  16. MikeX74's Avatar
    Oh........ok, what the he!! do I know. . How about Apple? Did they not have a controversy a year or two ago when they were using 2 different companies? Maybe that is another example of Conite's reasoning. I just remember reading that some iPhone users were complaining about the problem, but I really could never understand why they used two different suppliers.
    Apple designs its own SoC, based on ARM architecture, but uses Samsung and Taiwan Semiconductor Manufacturing Corp. to fabricate them. The "controversy" was about one variant being more power-efficient than the other.
    Last edited by MikeX74; 08-08-16 at 12:31 PM.
    brookie229 likes this.
    08-08-16 12:05 PM
  17. dpeters11's Avatar
    Last security update August 5 in summary
    does mention fixes for Qualcomm

    BlackBerry powered by Android Security Bulletin ? August 2016

    BlackBerry fast reaction...

    Posted via PRIV and or Passport SE
    That fixes three of the vulnerabilities, one still left.
    08-08-16 12:20 PM
  18. anon(9742832)'s Avatar
    Are you implying that Qualcomm is in cahoots with someone with nefarious intent? That's a bit much, no?
    black helicopters.........tin hats..................
    IndianTiwari likes this.
    08-08-16 12:31 PM
  19. anon(9607753)'s Avatar
    Why only Priv, Nexus and Blackphone? I get monthly security updates on my Note 4.
    Yes, it does seem that just a few months before the Priv was released Samsung promised to implement an android security update process that it (not suprisingly) began to implement at the exact same time Priv was released, and has since provided monthly patches on "selected Samsung devices". I guess you are one of the lucky ones! Samsung copy cats strike again. I heard their new watch looks a lot like iWatch too, go figure!

    Posted via BlackBerry Priv STV100-1
    08-08-16 12:33 PM
  20. Tsepz_GP's Avatar
    Yes, it does seem that just a few months before the Priv was released Samsung promised to implement an android security update process that it (not suprisingly) began to implement at the exact same time Priv was released, and has since provided monthly patches on "selected Samsung devices". I guess you are one of the lucky ones! Samsung copy cats strike again. I heard their new watch looks a lot like iWatch too, go figure!

    Posted via BlackBerry Priv STV100-1
    It was actually due to the Stagefright saga, which had all OEMs having to address their security update process.

    I doubt the Priv had anything to do with it, Samsung have far bigger phone makers to worry about e.g. Apple, LG, Huawei etc...
    08-08-16 12:41 PM
  21. thurask's Avatar
    Also no matter how secure you make the phone, its the end user that will dictate how secure it really is.
    This, this, this.
    TgeekB, Troy Tiscareno and MBrettH like this.
    08-08-16 12:47 PM
  22. anon(9607753)'s Avatar
    It was actually due to the Stagefright saga, which had all OEMs having to address their security update process.

    I doubt the Priv had anything to do with it, Samsung have far bigger phone makers to worry about e.g. Apple, LG, Huawei etc...
    You don't need to be a big company to innovate...or to be a threat to a much bigger company by doing so. I guess Samsung thought it would be better this way rather than being outdone by tiny, insignificant BlackBerry LOL.

    Posted via BlackBerry Priv STV100-1
    08-08-16 02:19 PM
  23. Tsepz_GP's Avatar
    You don't need to be a big company to innovate...or to be a threat to a much bigger company by doing so. I guess Samsung thought it would be better this way rather than being outdone by tiny, insignificant BlackBerry LOL.

    Posted via BlackBerry Priv STV100-1
    LOL, Considering S7 Edge numbers alone vs. Priv, being outdone by BB isn't something they were ever worried about.

    And are you seriously calling it innovation??? Oh dear...
    08-08-16 02:28 PM
  24. Mecca EL's Avatar
    What's funny to me is, after everyone reads these reported vulnerabilities that "could" - not HAVE - allow an attacker access, as long as the "attacker" has PHYSICAL access to the device in question, the Chicken Little's do thee EXACT thing that they are told NOT to do... they install a Quadrooter Vulnerability app from an unknown source

    I swear.

    The only hack people ever need to fear is the hack that has the ability to penetrate their fears.
    TgeekB likes this.
    08-08-16 02:44 PM
  25. anon(9607753)'s Avatar
    LOL, Considering S7 Edge numbers alone vs. Priv, being outdone by BB isn't something they were ever worried about.

    And are you seriously calling it innovation??? Oh dear...
    Yes regular monthly updates are an innovation, particularly for Samsung who used to update their devices once a year (if you're lucky). Back @ you bro!

    Posted via BlackBerry Priv STV100-1
    08-08-16 03:10 PM
225 12345 ...

Similar Threads

  1. WTT Z30 + Z10 for Priv
    By OTCHRussell in forum Buy, Sell, Trade - Sold / Archived
    Replies: 16
    Last Post: 10-05-16, 08:47 PM
  2. BlackBerry 10 128gb micro SD problem
    By skstrials in forum BlackBerry 10 OS
    Replies: 26
    Last Post: 08-12-16, 08:26 PM
  3. DTEK50 Cheapest BlackBerry since (BBOS 10)
    By schumi_xtreme01 in forum BlackBerry DTEK50
    Replies: 40
    Last Post: 08-12-16, 12:45 AM
  4. When will Best Buy have the new Blackberry D50?
    By Trentp03 in forum Ask a Question
    Replies: 3
    Last Post: 08-10-16, 02:30 AM
  5. I can not open the installed software
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 08-09-16, 11:20 PM
LINK TO POST COPIED TO CLIPBOARD