08-09-16 08:36 PM
225 ... 56789
tools
  1. andy957's Avatar
    Why would you install an app, from a source you don't know, claiming to offer "security" for a price? What if that very app installed the hack you're bent out of shape over, and low and behold NOW you DO have verifiable malicious code, that the app you agreed to install, installed. You my friend, just infected your phone. Good job. Someone get this soul a cookie.
    Dude before you post such a MALICIOUS post, why don't you go do some yoga. I installed an app from Google Play from Check Point, THE SAME PEOPLE WHO WRITE THE QUADROOT APP. Your apologies are accepted.

    (Oh and by the way it's LO and behold. Study English much?)
    MBrettH likes this.
    08-08-16 10:10 PM
  2. sorinv's Avatar
    So what exactly, in layman's terms, is your point? ELI5.
    All you have to do is to read my posts here. It is very clear.
    Most of the rest of the posts here are on a different topic that has little to do with the thread.

    The thread is about hardware firmware bugs which BlackBerry and other phone and OS manufacturers (Google, BlackBerry, Silent Circle, Samsung..) have no control over.

    This is not malware. It's a security flaw in the Qualcomm Snapdragon 808 and 810 (I am guessing based on the list of phones affected) which was discovered by a security expert after 6 months of reverse engineering the Qualcomm code.

    The passport or other bb10 phones are not affected because they use older qualcomm Snapdragon chips like the 801.

    This is not android malware.
    08-08-16 10:31 PM
  3. sorinv's Avatar
    In terms of the chips, that's a false assumption - namely that BlackBerry is somehow the only company to ever create hardware and software without any bugs.

    The Russian guy is a security researcher for Check Point (a credible security research firm). His job (ie reason) is to find big bugs and make big bucks for his company.

    The chips are more than a year old. Even though there's (yet) and proof of the exploit in the wild. But let's assume that a state or highly motivated actor did in fact exploit this before it was disclosed. It still doesn't limit the damage to Android. BB10 could just as easily been affected.
    BB10 phones like the Passport would be affected if the software flaw were also present in the Snapdragon 801 or earlier. That has not been reported, but it is not out of the question.
    Last edited by sorinv; 08-08-16 at 10:45 PM.
    08-08-16 10:34 PM
  4. Jose Casiano's Avatar
    That fixes three of the vulnerabilities, one still left.
    I saw 4 vulnerabilities fixed here. Not sure if those are the four that they were talking about what do you guys think?

    CVE-2016-3855
    A vulnerability in the thermal driver can result in a local malicious application being able to corrupt memory, possibly resulting in a temporary denial of service.

    CVE-2016-3850 (bootloader)

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel.

    CVE-2016-2504 (GPU)
    CVE-2016-3842(GPU)
    Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

    CVE-2016-3843 (performance component)
    Elevation of privilege vulnerabilities in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel.
    Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.-img_20160809_001556.png

    Posted via CB10
    08-08-16 11:17 PM
  5. Invictus0's Avatar
    This is not malware. It's a security flaw in the Qualcomm Snapdragon 808 and 810 (I am guessing based on the list of phones affected) which was discovered by a security expert after 6 months of reverse engineering the Qualcomm code.

    The passport or other bb10 phones are not affected because they use older qualcomm Snapdragon chips like the 801.
    The article lists the HTC One and OnePlus One which have a Snapdragon 600 and 801 respectively.

    HTC One - Full phone specifications

    OnePlus One - Full phone specifications
    08-08-16 11:31 PM
  6. MBrettH's Avatar
    Keep "allow installs from unknown sources" off, and you're good to go.
    Most of the apps from KNOWN sources ask for too many intrusive permissions. Android OS is built first to track you, then make phone calls, thence comes the basis of the Google business model. I bought a Priv, but will always be disappointed in BlackBerry. They already had the best and most secure OS, and a recognizable name. They screwed up the marketing, it seems.
    Last edited by MBrettH; 08-09-16 at 01:04 AM.
    andy957 likes this.
    08-09-16 12:06 AM
  7. MBrettH's Avatar
    And certainly not anyone who would go into my settings, go to the security setup, turn off a security feature that has a warning, then install a malicious app on purpose.
    The person who would do this to someone is the same person who would turn in their crime partner to get out of jail: "Someone you thought you could trust."

    Don't trust anyone until they earn your trust. Then, watch your back.
    08-09-16 12:25 AM
  8. thurask's Avatar
    The person who would do this to someone is the same person who would turn in their crime partner to get out of jail: "Someone you thought you could trust."

    Don't trust anyone until they earn your trust. Then, watch your back.
    Attached Thumbnails Software cannot secure hardware bugs: BlackBerry Priv affected amongst others.-1470720811835.jpg  
    MBrettH likes this.
    08-09-16 12:33 AM
  9. MBrettH's Avatar
    You don't have to be in cahoots with anyone in order to have a rogue employee. A malicious employee, or an employee who has been compromised by a foreign entity, has happened before. Some foreign entities are very persistent.
    08-09-16 12:42 AM
  10. MBrettH's Avatar
    There is that. Most of these companies have acknowledged installing backdoors to enable government snooping.
    08-09-16 12:46 AM
  11. Tsepz_GP's Avatar
    Wrong. Ideas have value, that's why the copycats steal them. There's a brand new colour in the crayon set called "Korean litigation". It's right beside the other new colour called "I'm mad because I overpaid for a piece of copy-cat garbage".

    Posted via BlackBerry Priv STV100-1
    Yeah the Priv was overpriced, despite using lower grade Samsung components, shoddy build quality, look man you made a mistake, don't be mad.
    08-09-16 01:43 AM
  12. Gajja's Avatar
    [url=http://www.bbc.com/news/technology-37005226]
    It's interesting that Samsung (and Apple) are not on the list because they do not use the Qualcomm chip. They have their own. This also goes back to the security (lack thereof) of a phone designed and assembled in China.
    Samsung and Apple phones have their own weaknesses. And I think Samsung/Apple phones, I dunno, just a few of them might also be Chinese made ;-)
    08-09-16 03:05 AM
  13. Bla1ze's Avatar
    And this is why you don't get your nickers in a knot...90% of devices have it blocked anyway on Google side - Google confirms 'Verify Apps' can block apps with QuadRooter exploits | Android Central
    Thud Hardsmack likes this.
    08-09-16 03:32 AM
  14. BBVill's Avatar
    And just when they released "the most secure android device on the market"....

    Posted via CB10
    08-09-16 04:00 AM
  15. rc69's Avatar
    Staying with my Passport. Very happy with it.

    Posted via CB10
    08-09-16 04:04 AM
  16. Tsepz_GP's Avatar
    And this is why you don't get your nickers in a knot...90% of devices have it blocked anyway on Google side - Google confirms 'Verify Apps' can block apps with QuadRooter exploits | Android Central
    THANK YOU!

    This goes for almost all exploits found in the last 2-3years in Android. You would have to want to get the exploit in your phone to get it and that requires turning multiple security settings.

    I've been saying this for a long time, these articles always conveniently forget to mention the multiple hurdles you have to go through for the exploit to infect your Android, and people who don't understand how Android works are the ones who cry about these exploits, while us Android users laugh it away, and get a security patch update for an exploit that wouldn't have affected us anyway.

    Its great that we have people who find these exploits, but the tech blogs and so on tend to severely exaggerate these things.

    And just when they released "the most secure android device on the market"....

    Posted via CB10


    Staying with my Passport. Very happy with it.

    Posted via CB10
    ^^ These are the sort of people these articles are aimed at.
    08-09-16 04:19 AM
  17. Mecca EL's Avatar
    Dude before you post such a MALICIOUS post, why don't you go do some yoga. I installed an app from Google Play from Check Point, THE SAME PEOPLE WHO WRITE THE QUADROOT APP. Your apologies are accepted.

    (Oh and by the way it's LO and behold. Study English much?)
    I'm a published author. And it's obvious you understood what I said. What I'm not understanding is what does language have to do with the matter at hand, unless that was your best attempt at expressing your superiority over English? Good for you !!!

    Quadrooter is a codec, like Stagefright is. And if you installed an app that scans for a Quadroot and not Quadrooter, you've been scammed. So what it's on Google Play store, you don't know if what you just installed is in fact the malicious code you're attempting to avoid. Who are these "same people" ? Up until Baidu acquired ES File Explorer, I used that file manager for many years. But now this app phones home, so I don't use it anymore.
    08-09-16 04:33 AM
  18. whatsever's Avatar
    It seems that BlackBerry Allready patch 3 out of 4 with the last update. Still one is open and don't install apps you download from somewhere else.
    08-09-16 06:36 AM
  19. Jerry A's Avatar
    I'm a published author. And it's obvious you understood what I said. What I'm not understanding is what does language have to do with the matter at hand, unless that was your best attempt at expressing your superiority over English? Good for you !!!

    Quadrooter is a codec, like Stagefright is. And if you installed an app that scans for a Quadroot and not Quadrooter, you've been scammed. So what it's on Google Play store, you don't know if what you just installed is in fact the malicious code you're attempting to avoid. Who are these "same people" ? Up until Baidu acquired ES File Explorer, I used that file manager for many years. But now this app phones home, so I don't use it anymore.
    CheckPoint is the reputable security firm who discovered and disclosed the Quadrooter vulnerability.

    In this case, their app is okay for scanning. Sorta like when Zimperium released an app for determine Stagefright exposure (Zimperium was the security firm that found Stagefright).
    andy957, PantherBlitz and Mecca EL like this.
    08-09-16 07:10 AM
  20. anon(9742832)'s Avatar
    Hey wait a minute...you can't agree with me. I only write in crayon and post all kinds of pointless rubbish. Heh heh

    Posted via BlackBerry Priv STV100-1
    You know what they say, a broken clock is right twice a day...................LOL
    Tsepz_GP likes this.
    08-09-16 07:47 AM
  21. Sairos's Avatar
    And which part would be false information?
    The more accurate question is which part is not false information.

    First, its a software problem.. "so the whole software can't secure hardware bugs" is false.. Its indeed fixed through a software update because its a problem in the software drivers.. rendering the whole point of the thread useless.

    Second, the fact that Samsung phones are not affected is false too, they use Qualcomm alongside their chips and the S7 is affected.

    Third point.. he argues phones assembled or produced in china can't be secure.. That's just funny.. Doesn't matter where you assemble or produce them.. Qualcomm is american yet the vulnerability is coming from them.. So it has NOTHING to do with China..
    08-09-16 08:32 AM
  22. andy957's Avatar
    CheckPoint is the reputable security firm who discovered and disclosed the Quadrooter vulnerability.

    In this case, their app is okay for scanning. Sorta like when Zimperium released an app for determine Stagefright exposure (Zimperium was the security firm that found Stagefright).
    Thank you. That seems to be over the heads of some know-it-alls here.
    08-09-16 08:32 AM
  23. anon(9607753)'s Avatar
    Yeah the Priv was overpriced, despite using lower grade Samsung components, shoddy build quality, look man you made a mistake, don't be mad.
    Over-priced? Maybe for some; particularly those with no appreciation for creative design and value added features. If BlackBerry hadn't invested the time and money to clean up Android and put diapers on it, I wouldn't have touched Priv or any other Android device. BlackBerry's enhancements to the Android experience make it useable. But just barely.

    Now run along and be a good Android fanboy...

    Posted via BlackBerry Priv STV100-1
    08-09-16 08:38 AM
  24. anon(9742832)'s Avatar
    The more accurate question is which part is not false information.

    First, its a software problem.. "so the whole software can't secure hardware bugs" is false.. Its indeed fixed through a software update because its a problem in the software drivers.. rendering the whole point of the thread useless.

    Second, the fact that Samsung phones are not affected is false too, they use Qualcomm alongside their chips and the S7 is affected.

    Third point.. he argues phones assembled or produced in china can't be secure.. That's just funny.. Doesn't matter where you assemble or produce them.. Qualcomm is american yet the vulnerability is coming from them.. So it has NOTHING to do with China..
    To be truthful its not even a software issue, but a hardware and driver issue. This is becoming very common with sloppy drivers and pushed out products. The real issue is all the other products affected and not even mentioned. Such as smart door locks, and thermostats to name a few.
    08-09-16 08:39 AM
  25. Sairos's Avatar
    To be truthful its not even a software issue, but a hardware and driver issue. This is becoming very common with sloppy drivers and pushed out products. The real issue is all the other products affected and not even mentioned. Such as smart door locks, and thermostats to name a few.
    Software drivers = Software.. Fixed through a software update = Software.

    I don't know about door locks or thermostats using Qualcomm gear.. So I've no info regarding that.. Someone can always enlighten us though.
    08-09-16 08:41 AM
225 ... 56789

Similar Threads

  1. WTT Z30 + Z10 for Priv
    By OTCHRussell in forum Buy, Sell, Trade - Sold / Archived
    Replies: 16
    Last Post: 10-05-16, 08:47 PM
  2. BlackBerry 10 128gb micro SD problem
    By skstrials in forum BlackBerry 10 OS
    Replies: 26
    Last Post: 08-12-16, 08:26 PM
  3. DTEK50 Cheapest BlackBerry since (BBOS 10)
    By schumi_xtreme01 in forum BlackBerry DTEK50
    Replies: 40
    Last Post: 08-12-16, 12:45 AM
  4. When will Best Buy have the new Blackberry D50?
    By Trentp03 in forum Ask a Question
    Replies: 3
    Last Post: 08-10-16, 02:30 AM
  5. I can not open the installed software
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 08-09-16, 11:20 PM
LINK TO POST COPIED TO CLIPBOARD