[jefbeard911]

You new here?

Blackberry Poptart SE - Cricket Wireless

[grover5]

https://www.aclu.org/blog/you-may-ha...something-fear

Good post. I've never found the "I have nothing to hide" argument to be very sound for anyone who wants to live in a free democratic society. I have no idea if TCL is doing anything nefarious. But I don't like the mere suggestion or question being treated as some sort of out of this world conspiracy. To be blunt, that's stupid.

[Tsepz_GP]

https://www.aclu.org/blog/you-may-ha...something-fear

Get off the grid if that worries you, unless you are actively trying to "fight the power ".

Honestly, what is the point of using any sort of electronics that has access to Internet, if you live by what is written there? It's just pushing fear.

At the end of the day none of us even know what is being done with the data our Banks, Cellphone Carriers, Car Manufacturers, Cellphones, laptops, and other gadgets transmit.

[rthonpm]

This is a quote from the abstract of the paper.
It can be done on a Qualcomm chip as well as Mediatek chip.
It can be done by the foundry, whichever and wherever that may be.
Qualcomm doesn't fab its chips in US. Neither does MediaTek.
It can be done. It doesn't necessarily mean that it was done in this case, but it proves that it is very difficult for BlackBerry to claim that they control the security of third party hardware.

It's done with Analog circuits embedded in the processor by a third party.
They are not even digital circuits that can be controlled by software.



Posted via CB10
Attachment 414963

Attachment 414964

So how exactly do you prove a negative???
Attachment 414965
Attachment 414966

[anon(9607753)]

At the end of the day none of us even know what is being done with the data our Banks, Cellphone Carriers, Car Manufacturers, Cellphones, laptops, and other gadgets transmit.

Interesting discussion when both sides use the same arguments eh? You sure you that isn't a tinfoil hat in your pocket...or are you just happy to be here?

[Linto988]

Not trying to play devil's advocate here but...I seem to recall a patch for the DTEK app that needed to be applied to the DTEK50/60 due to the "OS has been compromised" error:
http://m.crackberry.com/blackberry-i...-device-status
As usual no one at BlackBerry really clarified what caused the issue or whether it was related to TCL hardware...but it certainly raises some interesting questions about the "security" of TCL-built devices in that it triggered BlackBerry's own monitoring app.

True

Posted via CB10

[conite]

True

Posted via CB10

Not true, as the Priv was affected too.

[sorinv]

I am merely pointing out that most of the software guys posting here are out of their depth when it comes to hardware, and that the possibility for the TLC (or other) phones to send data to China or elsewhere exists without BlackBerry or some other software-only company to know or to be able to prevent.

Unless they control every step of the design and manufacturing of the phone and of all the Integrated circuits inside it, it is next to impossible to guarantee security.
That is an opinion that even John Chen shared when he joined BlackBerry and he was still hoping to save hardware.

Essentially, a state or company, (or individual) that doesn't control (or outsources) its semiconductor manufacturing cannot defend itself through software measures alone. This applies to US, China, Russia, the EU, etc., unless they get off the grid completely.


Posted via CB10

[Tsepz_GP]

Interesting discussion when both sides use the same arguments eh? You sure you that isn't a tinfoil hat in your pocket...or are you just happy to be here?

The difference is that I do not live in a constant fear or use my OS of choice to try validate that fear.

I have worked with local government on campaigns and have also worked with multiple "big data" companies to collect data and better segment our target markets, and boy were my eyes opened when I saw how granular they can get, hence my straightforward look at it: Don't like what they are doing? Get off the grid.

People here seem to try push this fear, and live in this belief that going with a certain Phone Maker OR OS may save them, when really, it can't, our data is captured in such a huge variety of ways that you'd either rather accept it or opt the hell out of it all.

[Uzi]

The difference is that I do not live in a constant fear or use my OS of choice to try validate that fear.

I have worked with local government on campaigns and have also worked with multiple "big data" companies to collect data and better segment our target markets, and boy were my eyes opened when I saw how granular they can get, hence my straightforward look at it: Don't like what they are doing? Get off the grid.

People here seem to try push this fear, and live in this belief that going with a certain Phone Maker OR OS may save them, when really, it can't, our data is captured in such a huge variety of ways that you'd either rather accept it or opt the hell out of it all.

Even CrackBerry site has 16 trackers if I recall the amount correctly

[mike kootnikoff]

Even CrackBerry site has 16 trackers if I recall the amount correctly

are you talking about cookies? do they use multiple server locations?

[Uzi]

are you talking about cookies? do they use multiple server locations?

/site-app-feedback-help-f19/mobile-nations-excessive-use-trackers-causes-crackberry-performance-suffer-1020484/

[mike kootnikoff]

I am merely pointing out that most of the software guys posting here are out of their depth when it comes to hardware, and that the possibility for the TLC (or other) phones to send data to China or elsewhere exists without BlackBerry or some other software-only company to know or to be able to prevent.

Unless they control every step of the design and manufacturing of the phone and of all the Integrated circuits inside it, it is next to impossible to guarantee security.
That is an opinion that even John Chen shared when he joined BlackBerry and he was still hoping to save hardware.

Essentially, a state or company, (or individual) that doesn't control (or outsources) its semiconductor manufacturing cannot defend itself through software measures alone. This applies to US, China, Russia, the EU, etc., unless they get off the grid completely.


Posted via CB10

There is no way for this to happen without blackberry knowing. It is pretty obvious why they locked the bootloader, hardened the kernel, etc. If they didn't take all the steps they did then yes, something could theoretically get through. If it did now, blackberry would have to design workarounds for your theoretical script to pull data and send to an outside source in a different country. Anything is possible but lets be realistic, this is basically all blackberry has to hang their hat on in the mobile sector. Once they lose accountability for being secure they are basically screwed. The math doesn't add up with this one. The target is too difficult. Try iphones, galaxy phones, etc. They sell millions of phones, it would be a more worthwhile target for this kind of crap.

[mike kootnikoff]

/site-app-feedback-help-f19/mobile-nations-excessive-use-trackers-causes-crackberry-performance-suffer-1020484/

that is alot! a few are necessary, and there are a few multiples. Could just be add ons/updates that use the same core?

[anon(9607753)]

There is no way for this to happen without blackberry knowing. It is pretty obvious why they locked the bootloader, hardened the kernel, etc. If they didn't take all the steps they did then yes, something could theoretically get through. If it did now, blackberry would have to design workarounds for your theoretical script to pull data and send to an outside source in a different country. Anything is possible but lets be realistic, this is basically all blackberry has to hang their hat on in the mobile sector. Once they lose accountability for being secure they are basically screwed. The math doesn't add up with this one. The target is too difficult. Try iphones, galaxy phones, etc. They sell millions of phones, it would be a more worthwhile target for this kind of crap.

With outsourced hardware they can now blame the vendor for a (hardware) breach. The accountability of which you speak will no longer exist under the new licensing arrangement.

[anon(9353145)]

Would they know? How did the US security agencies allow the DNC to be hacked?
Do you think they collaborated with Putin?

Same goes for BlackBerry and the TLC phones.

BlackBerry has proven that it doesn't have enough resources to ensure security.

Even Chen used to say that you can't have secure software without controlling the hardware.

Posted via CB10

So BlackBerry is incapable of testing TCL devices after manufacture and seeing if they phone home? I'm no expert but I fail to see how TCL could accomplish this without BlackBerry catching it. They'd have to be in cahoots with them in order for this to happen, no?

[anon(9607753)]

The difference is that I do not live in a constant fear or use my OS of choice to try validate that fear.

I have worked with local government on campaigns and have also worked with multiple "big data" companies to collect data and better segment our target markets, and boy were my eyes opened when I saw how granular they can get, hence my straightforward look at it: Don't like what they are doing? Get off the grid.

People here seem to try push this fear, and live in this belief that going with a certain Phone Maker OR OS may save them, when really, it can't, our data is captured in such a huge variety of ways that you'd either rather accept it or opt the hell out of it all.

I am sure you are intelligent enough to realize that you cannot characterize something as a real threat to personal security and privacy, and an intangible fear for the 'wearers of tinfoil hats' at the same time. There are many groups and agencies responsible for our safety that are not afforded the luxury of dismissing these concerns on the basis of personal choice. For these groups secure devices are a necessity, not a lifestyle choice.

The questions raised surrounding the reliability of 3rd party hardware are completely valid. It will be interesting to see what BlackBerry has to say about this in the coming weeks and months ahead.

[conite]

With outsourced hardware they can now blame the vendor for a (hardware) breach. The accountability of which you speak will no longer exist under the new licensing arrangement.

Disagree. Blackberry would take a much bigger hit than TCL if there is a security breach.

[MTBBguy]

Disagree. Blackberry would take a much bigger hit than TCL if there is a security breach.

Same opinion as you considering Blackberry's reputation. I would assume the same expectation of security by BB users will be applied regardless of who has the hardware. In other words, you preach security, you ensure every step is secured.

[anon(9607753)]

Disagree. Blackberry would take a much bigger hit than TCL if there is a security breach.

Disagree with what? BlackBerry may stand to lose more, but that doesn't automatically mean they have direct accountability for hardware security. Do you pretend to know the full details of these licensing agreements?

[anon(9607753)]

Double post.

[anon(9607753)]

Edit

[findbrianhere]

The hardware would have to have some sort of API from the OS to extract any information pertinent to the user other than info your provider already knows (location, hardware info). Not saying it can't happen, but if it did BlackBerry would have to be in cahoots with TCL to provide the means.

[conite]

Disagree with what? BlackBerry may stand to lose more, but that doesn't automatically mean they have direct accountability for hardware security. Do you pretend to know the full details of these licensing agreements?

You implied that BlackBerry can simply blame the vendor for such a security breach, as BlackBerry is no longer accountable to the end user with respect to security.

I disagree. I believe that if BlackBerry licences its name and secure software to another company, BlackBerry will be the one that will be blamed, and the one to take the fall if something bad happens.

[anon(9607753)]

You implied that BlackBerry can simply blame the vendor for such a security breach, as BlackBerry is no longer accountable to the end user with respect to security.

I disagree. I believe that if BlackBerry licences its name and secure software to another company, BlackBerry will be the one that will be blamed, and the one to take the fall if something bad happens.

I was not implying it, I was saying it. If BlackBerry has outsourced all hardware design and manufacturing, and declares themselves to be a software company ONLY...what other scenario is there? So you are basically telling us that BlackBerry are idiots, and will take full accountability for anything someone else slaps their logo on...as long as they sign their licensing agreement? Nonsense. That is one mighty profound statement indeed. I think I would have to own quite a few shares before I drank that Cool-aid!