08-09-16 08:36 PM
225 ... 45678 ...
tools
  1. Jerry A's Avatar
    That's a bit more subtle. This is the software developed by qualcomm to control their hardware. It's related to the integrated circuit.
    If qualcomm puts something in the hardware intentionally, BlackBerry or blackbphone's designers have no clue about it, as it seems to be the case here.
    This may not have been intentional, but it could have been...
    Then the issue would likely exist for BB10. Qualcomm provided the chips and drivers for the BB10 devices.

    Following your logic, there's no reason for them to make an intentionally buggy driver for one platform and not the other.
    Mecca EL likes this.
    08-08-16 07:16 PM
  2. anon(9742832)'s Avatar
    Then the issue would likely exist for BB10. Qualcomm provided the chips and drivers for the BB10 devices.

    Following your logic, there's no reason for them to make an intentionally buggy driver for one platform and not the other.
    There was a story this week about multiple devices effect by poor security. Companies get lazy and people pay the price. If you want to stop this kind of mistake, make the companies involved pay to clean up the mess and pay damages. Once real money is on the table, you would be suprised how fast this would stop.
    IndianTiwari likes this.
    08-08-16 07:19 PM
  3. Jerry A's Avatar
    You may not know - but why does the US model differ from say, European models? (I can understand Verizon phones with the cdma might use a different chip).
    Using the same chip (one that supports CDMA/GSM/LTE) for all US models means only having to submit once for FCC approval.

    Funny, Qualcomm just happens to make a chip like that. Not sure if the Exynos chip supports CDMA. Anyone that knows, please enlighten us.
    FF22 likes this.
    08-08-16 07:21 PM
  4. ohaiguise's Avatar
    I'm confused.

    BlackBerry say this about the DTEK: With an NFC ďbumpĒ, bank info can be stolen. With malware, family pictures can be downloaded. Itís scary, but this does happen on other phones. With DTEK50, you donít have to worry about this happening to you.

    So is this article implying that BlackBerry's extravagant claims for the security of their device (which no other Android device on the planet has because the DTEK is the most secure in the world) are false?
    08-08-16 07:21 PM
  5. anon(9742832)'s Avatar
    I'm confused.

    BlackBerry say this about the DTEK: With an NFC “bump”, bank info can be stolen. With malware, family pictures can be downloaded. It’s scary, but this does happen on other phones. With DTEK50, you don’t have to worry about this happening to you.

    So is this article implying that BlackBerry's extravagant claims for the security of their device (which no other Android device on the planet has because the DTEK is the most secure in the world) are false?
    Always remember you are the best security for your phone. BlackBerry is in a hard spot, they make a secure phone, but the end user can and will compromise the security. Yes at the moment it is the best right next to the Black-phone for a lot more money.
    IndianTiwari likes this.
    08-08-16 07:24 PM
  6. anon(9607753)'s Avatar
    Absolutely! Its such an old and endless argument, the only people who win are the law firms involved.
    Wrong. Ideas have value, that's why the copycats steal them. There's a brand new colour in the crayon set called "Korean litigation". It's right beside the other new colour called "I'm mad because I overpaid for a piece of copy-cat garbage".

    Posted via BlackBerry Priv STV100-1
    08-08-16 07:26 PM
  7. anon(9742832)'s Avatar
    Wrong. Ideas have value, that's why the copycats steal them. There's a brand new colour in the crayon set called "Korean litigation". It's right beside the other new colour called "I'm mad because I overpaid for a piece of copy-cat garbage".

    Posted via BlackBerry Priv STV100-1
    Yup the biggest crooks on the planet................right behind the politicians.
    IndianTiwari likes this.
    08-08-16 07:28 PM
  8. anon(9607753)'s Avatar
    Yup the biggest crooks on the planet................right behind the politicians.
    Hey wait a minute...you can't agree with me. I only write in crayon and post all kinds of pointless rubbish. Heh heh

    Posted via BlackBerry Priv STV100-1
    08-08-16 07:48 PM
  9. Bluenoser63's Avatar
    BB10 wouldn't inherently prevent malicious apps either.

    They have this on BB10 as well, you have to enable it to install sideloaded apk's, it's not necessarily a "bad feature" as it's useful for app testing or installing apps directly from a developers website. I believe you can disable this through BES or similar software on both platforms.
    BB10 sandboxed apps and prevented this kind of problem. Android doesn't.
    08-08-16 07:50 PM
  10. last_attempt's Avatar
    Maybe now with monthly stories about phone vulnerabilities, and people banking and purchasing items with their phones that didn't happen a few years ago BlackBerry marketing a secure phone is a good plan.

    Posted via CB10
    08-08-16 07:54 PM
  11. conite's Avatar
    Maybe now with monthly stories about phone vulnerabilities, and people banking and purchasing items with their phones that didn't happen a few years ago BlackBerry marketing a secure phone is a good plan.

    Posted via CB10
    I do generally hear more casual conversations about privacy and device security lately. Hopefully that will translate into sales.
    08-08-16 07:56 PM
  12. anon(9353145)'s Avatar
    Hey wait a minute...you can't agree with me. I only write in crayon and post all kinds of pointless rubbish. Heh heh

    Posted via BlackBerry Priv STV100-1
    It's funnier that there's so much discord on this site amongst so many like minded individuals, lol.
    Mecca EL likes this.
    08-08-16 07:57 PM
  13. Jerry A's Avatar
    BB10 sandboxed apps and prevented this kind of problem. Android doesn't.
    Android sandboxes apps.
    Mecca EL likes this.
    08-08-16 08:06 PM
  14. Jerry A's Avatar
    Maybe now with monthly stories about phone vulnerabilities, and people banking and purchasing items with their phones that didn't happen a few years ago BlackBerry marketing a secure phone is a good plan.

    Posted via CB10
    Doubly so for having a phone which will receive security updates.

    Now, if they could only find a way to leverage this advantage for Verizon.
    08-08-16 08:07 PM
  15. sorinv's Avatar
    Is the issue with the chip or the drivers Qualcomm shipped?

    Either way it wouldn't matter. The remediation is a known quantity (updated drivers and related code).

    Even if BlackBerry was making their own phones this could still be an issue for them. They never designed their own chips. They sourced chips and drivers from Qualcomm.

    For all we know, this bug could exist in BB10 but hasn't been remediated since security researches haven't discovered/disclosed (no money in BB10 bug bounties).
    That's exactly what I wrote. BlackBerry stopped designing chips in early 2000's. They have since used chips designed by others which may or may not be secure and whose security they cannot guarantee no matter what they claim with "root of trust".
    Obviously it failed them on the Priv just like it failed the Blackphone.

    One other note: this bug was discovered by a guy with a Russian name who reportedly worked for 6 months to reverse engineer Qualcomm's code.
    He must have had a reason.

    This chip and the phones who used it are more than one year old. The bug was there until a few days ago.
    It doesn't really matter if the bug is fixed now.
    Whoever needed to do the damage, has had plenty of time to do it and most likely doesn't need to advertise it.
    PantherBlitz and DonHB like this.
    08-08-16 08:11 PM
  16. sorinv's Avatar
    Then the issue would likely exist for BB10. Qualcomm provided the chips and drivers for the BB10 devices.

    Following your logic, there's no reason for them to make an intentionally buggy driver for one platform and not the other.
    This seems to be related to Qualcomm 808, not to other Qualcomm chips, but I may be wrong.
    But the bug or a similar one may exist in other Qualcomm chips, including some used in BB10 phones. I wrote this earlier, it's not related to android.
    08-08-16 08:22 PM
  17. conite's Avatar
    This chip and the phones who used it are more than one year old. The bug was there until a few days ago.
    It doesn't really matter if the bug is fixed now.
    Whoever needed to do the damage, has had plenty of time to do it and most likely doesn't need to advertise it.
    Except there is no evidence that this vulnerability was ever exploited.

    Priv STV100-1 AAF960 / Q5SQR100-1/10.3.3.746
    Mecca EL likes this.
    08-08-16 08:24 PM
  18. sorinv's Avatar
    Except there is no evidence that this vulnerability was ever exploited.

    Priv STV100-1 AAF960 / Q5SQR100-1/10.3.3.746
    I guess you did not read my last sentence.
    Besides, we read/hear about hacks every day now. They don't always explain how they occur.
    08-08-16 08:28 PM
  19. andy957's Avatar
    FWIW, I searched (the Canadian) Google Play Store on my PRIV (Bell Mobility) for "QuadRoot Scanner" as was mentioned in the BBC article, but it only found the Check Point app called ZoneAlarm*, which searches for the quadroot issue. I ran the scan, and lo and behold it did find the Qualcomm vulnerability and says to contact your carrier. I am pretty confident Bell hasn't done anything about it yet and I just checked for system updates, but none were found. Interestingly enough, the DTEK software on the phone did not detect anything, but I imagine it's because the DTEK app also hasn't been updated with this new vulnerability.

    *It appears that ZoneAlarm is free for 30 days; just a note for those interested in installing it. But it does have complete functionality during that time, as far as I can see.
    Last edited by andy957; 08-08-16 at 08:47 PM.
    MBrettH likes this.
    08-08-16 08:33 PM
  20. conite's Avatar
    FWIW, I searched (the Canadian) Google Play Store on my PRIV (Bell Mobility) for "QuadRoot Scanner" as was mentioned in the BBC article, but it only found the Check Point app called ZoneAlarm*, which searches for the quadroot issue. I ran the scan, and lo and behold it did find the Qualcomm vulnerability and says to contact your carrier. I am pretty confident Bell hasn't done anything about it yet and I just checked for system updates, but none were found. Interestingly enough, the DTEK software on the phone did not detect anything, but I imagine it's because the DTEK app also hasn't been updated with this new vulnerability.

    *It appears that ZoneAlarm is free for 30 days; just a note for those interested in installing it. But it does have complete functionality during that time, as far as I can see.
    That's not what DTEK does. Integrity Detection runs cryptographic checksum on the system files to determine if they have been altered, and will then warn you if they have.

    3 of the 4 vulnerabilities were fixed with the August patch, and the last one will be fixed with the September patch - if not sooner.

    You are also immune if you do not allow app installation from unknown sources.

    Priv STV100-1 AAF960 / Q5SQR100-1/10.3.3.746
    08-08-16 08:51 PM
  21. anon(9353145)'s Avatar
    I guess you did not read my last sentence.
    Besides, we read/hear about hacks every day now. They don't always explain how they occur.
    So what exactly, in layman's terms, is your point? ELI5.
    Mecca EL likes this.
    08-08-16 09:00 PM
  22. Jerry A's Avatar
    In terms of the chips, that's a false assumption - namely that BlackBerry is somehow the only company to ever create hardware and software without any bugs.

    The Russian guy is a security researcher for Check Point (a credible security research firm). His job (ie reason) is to find big bugs and make big bucks for his company.

    The chips are more than a year old. Even though there's (yet) and proof of the exploit in the wild. But let's assume that a state or highly motivated actor did in fact exploit this before it was disclosed. It still doesn't limit the damage to Android. BB10 could just as easily been affected.
    08-08-16 09:31 PM
  23. Invictus0's Avatar
    BB10 sandboxed apps and prevented this kind of problem. Android doesn't.
    Android sandboxes apps as well,

    https://developer.android.com/traini...rity-tips.html

    Sandboxing helps but it doesn't make the OS immune from threats, not even BB10.

    BlackBerry patches buffer overflow vulnerability discovered in BlackBerry OS 10.1 | CrackBerry.com

    http://forums.crackberry.com/blackbe...ntime-1031981/
    Mecca EL likes this.
    08-08-16 09:37 PM
  24. anon(9353145)'s Avatar
    Forgive me for saying this, but it sounds like a bunch of geeks servicing each other, lol.

    None of this matters when it comes to the average user considering they probably haven't allowed "Unknown Sources" on their phone, lol.

    TLDR; This is a geek circle jerk and has nothing to do with security for the average person.
    08-08-16 09:41 PM
  25. Mecca EL's Avatar
    FWIW, I searched (the Canadian) Google Play Store on my PRIV (Bell Mobility) for "QuadRoot Scanner" as was mentioned in the BBC article, but it only found the Check Point app called ZoneAlarm*, which searches for the quadroot issue. I ran the scan, and lo and behold it did find the Qualcomm vulnerability and says to contact your carrier. I am pretty confident Bell hasn't done anything about it yet and I just checked for system updates, but none were found. Interestingly enough, the DTEK software on the phone did not detect anything, but I imagine it's because the DTEK app also hasn't been updated with this new vulnerability.

    *It appears that ZoneAlarm is free for 30 days; just a note for those interested in installing it. But it does have complete functionality during that time, as far as I can see.
    Why would you install an app, from a source you don't know, claiming to offer "security" for a price? What if that very app installed the hack you're bent out of shape over, and low and behold NOW you DO have verifiable malicious code, that the app you agreed to install, installed. You my friend, just infected your phone. Good job. Someone get this soul a cookie.
    anon(9353145) likes this.
    08-08-16 09:47 PM
225 ... 45678 ...

Similar Threads

  1. WTT Z30 + Z10 for Priv
    By OTCHRussell in forum Buy, Sell, Trade - Sold / Archived
    Replies: 16
    Last Post: 10-05-16, 08:47 PM
  2. BlackBerry 10 128gb micro SD problem
    By skstrials in forum BlackBerry 10 OS
    Replies: 26
    Last Post: 08-12-16, 08:26 PM
  3. DTEK50 Cheapest BlackBerry since (BBOS 10)
    By schumi_xtreme01 in forum BlackBerry DTEK50
    Replies: 40
    Last Post: 08-12-16, 12:45 AM
  4. When will Best Buy have the new Blackberry D50?
    By Trentp03 in forum Ask a Question
    Replies: 3
    Last Post: 08-10-16, 02:30 AM
  5. I can not open the installed software
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 08-09-16, 11:20 PM
LINK TO POST COPIED TO CLIPBOARD