TCL sending customers data to China
- I'm not suggesting they would be legally responsible, but they would be defacto responsible as far as public perception, and the credibility of their software is concerned.12-29-16 01:17 PMLike 4
- I may not know much about the vulnerabilities of smartphone software but I do know that smartphones fall broadly into two camps. Those predominately or principally made in China (most phones even including Sony), or phones not made in China (Samsung) that have had reported issues with combustible batteries. You pays your money and you takes your chances. Decisions, decisions..12-29-16 01:44 PMLike 0
- There is no way for this to happen without blackberry knowing. It is pretty obvious why they locked the bootloader, hardened the kernel, etc. If they didn't take all the steps they did then yes, something could theoretically get through. If it did now, blackberry would have to design workarounds for your theoretical script to pull data and send to an outside source in a different country. Anything is possible but lets be realistic, this is basically all blackberry has to hang their hat on in the mobile sector. Once they lose accountability for being secure they are basically screwed. The math doesn't add up with this one. The target is too difficult. Try iphones, galaxy phones, etc. They sell millions of phones, it would be a more worthwhile target for this kind of crap.
As far as I infer from Qualcomm's announcements, in the Priv and Dteks, BlackBerry takes advantage of Qualcomm's own firmware which identifies malicious activity at the hardware level.
In the example of the paper posted earlier, Qualcomm firmware would not be able to detect the hardware attack.
Again, I am not saying that a BlackBerry phone sends data somewhere else. All I am saying is that it is a possibility against which BlackBerry is unlikely to be able to defend itself because it does not control the phone
manufacturing and the manufacturing of the ICs in the phone.
Qualcomm typically uses TSMC to fabricate their chips in Taiwan.
Maybe the ones that go in the BlackBerry phones are manufactured in US by IBM/Global Foundries. In that case they would most likely be trusted.
Posted via CB10Last edited by sorinv; 12-29-16 at 02:37 PM.
12-29-16 02:22 PMLike 0 - I don't think you understand hardware or the paper I posted. It has nothing to do with the bootloader, scripts or OS or even the digital gates in the processor which the processor design house designed. It's an analog circuit that triggers an action in the processor that not even the processor design house (Qualcomm or Mediatek, presumably not Intel because Intel manufactures their chips in house) knows about, let alone BlackBerry.
As far as I infer from Qualcomm's announcements, in the Priv and Dteks, BlackBerry takes advantage of Qualcomm's own firmware which identifies malicious activity at the hardware level.
In the example of the paper posted earlier, Qualcomm firmware would not be able to detest the hardware attack.
Again, I am not saying that a BlackBerry phone sends data somewhere else. All I am saying is that it is a possibility against which BlackBerry is unlikely to be able to defend itself because it does not control the phone
manufacturing and the manufacturing of the ICs in the phone.
Qualcomm typically uses TSMC to fabricate their chips in Taiwan.
Maybe the ones that go in the BlackBerry phones are manufactured in US by IBM/Global Foundries. In that case they would most likely be trusted.
Posted via CB1012-29-16 02:26 PMLike 0 -
Again, I am not saying that this is the technique used in these TLC leaks.
All I am saying is that it has been demonstrated experimentally by a research group at the University of Ann Arbor Michigan that this can be done without the processor designer and the OS designer being able to detect it.
Posted via CB10stlabrat likes this.12-29-16 02:29 PMLike 1 -
Refer to the link I posted earlier in this thread.
Could it be done by anyone within the hardware production loop of the electronics?
How about some non-malicious chip redesigning.... Killroy Was Here:
The Secret Art Of Chip Graffiti - IEEE Spectrumapp_Developer likes this.12-29-16 02:40 PMLike 1 -
Posted via CB1012-29-16 02:41 PMLike 0 -
Anyway, whatevs right? BlackBerry clearly doesn't have to be concerned about hardware security anymore because it's 100% outsourced to China. Hardware security is now TCL's problem. I am sure BlackBerry's high security government clients are going to find that extremely re-assuring.12-29-16 02:57 PMLike 0 - Because BlackBerry's entire future is dependent on the actions of its licencees, I would very much imagine any agreements would have minimum standards, and some level of participation from BlackBerry in the quality control department.anon(9607753) likes this.12-29-16 03:12 PMLike 1
-
Also, in practice, if the license fees (which are presumed to be per device on sell through) start to amount to significant revenue, how seriously will BB enforce any such standards? It would have been different if there had been multiple competing licensees, but with just 3 how much leverage does BB have anymore? Will they ever tell TCL "no that phone doesn't meet our standards and so you can't make it and therefore you can't pay us?"
We'll see how this works in practice over the course of the next year or so.DrBoomBotz and Q10Bold like this.12-29-16 03:32 PMLike 2 -
So basically the only way to avoid it with any certainty is to not use any kind of mobile device, computer, etc. Correct?12-29-16 06:09 PMLike 0 -
-
- Ok, fair enough, read the link on the analog circuit. Basically any phone is potentially vulnerable to this kind of attack, not just phones made in China. We all know that all governments love to snoop after all.
So basically the only way to avoid it with any certainty is to not use any kind of mobile device, computer, etc. Correct?
Posted via CB1012-29-16 07:21 PMLike 0 - Well it's a crappy state of affairs but I'm not sure what can be done. Personally my main concern is to avoid the non-government private hackers etc. Identity theft, phishing, my banking info, etc. I trust BlackBerry to be diligent about doing their best to keep me safe in that regard. It's equally on me to be safe online - and of course BlackBerry isn't the only company that cares about security...12-29-16 08:34 PMLike 0
- Well it's a crappy state of affairs but I'm not sure what can be done. Personally my main concern is to avoid the non-government private hackers etc. Identity theft, phishing, my banking info, etc. I trust BlackBerry to be diligent about doing their best to keep me safe in that regard. It's equally on me to be safe online - and of course BlackBerry isn't the only company that cares about security...
Posted via CB1012-29-16 10:37 PMLike 0 - I was not implying it, I was saying it. If BlackBerry has outsourced all hardware design and manufacturing, and declares themselves to be a software company ONLY...what other scenario is there? So you are basically telling us that BlackBerry are idiots, and will take full accountability for anything someone else slaps their logo on...as long as they sign their licensing agreement? Nonsense. That is one mighty profound statement indeed. I think I would have to own quite a few shares before I drank that Cool-aid!12-29-16 10:53 PMLike 0
- I don't know why, but I love this thread lol! Maybe because conite tried to mock the other guy, and he got owned instead!
No offence to anybody intended, just found it funny xD.
And Conite is a really helpful CB member as well, so cheers to you Conite .
Posted via CB10Q10Bold likes this.12-29-16 11:03 PMLike 1 -
But how many enterprise is really monitoring cell phone traffic?
The more I think of it, the more I like the idea of compromised hardware, although it still sounds like an expensive TAO adventure.
Posted via CB1012-29-16 11:34 PMLike 0 -
I stand by my statement that BlackBerry would have sufficient controls in place for something like this not to happen.
I have not read anything here that would convince me otherwise. I don't buy the conspiracy theory, sorry. A couple of data points far out in left field, perhaps.Last edited by conite; 12-30-16 at 12:16 AM.
12-29-16 11:40 PMLike 3 - [info]Let's bring it back to TCL or find a new thread for the hardware flaw, it has nothing to do wth TCL.[/info]12-29-16 11:49 PMLike 3
- Prem WatsAppCrackBerry Jester of JestersHardware root of trust...?
How deep goes the root, and how far the trust...? ;-D
BlackBerry would have to analyze random samples of the TCL production lines, right? Do they have 1) the capacity and 2) - more importantly - the business case for this..? If you follow their marketing (statements), it's probably 1) no, 2) yes, with their "security, security, security" mantra...
:-)
• 10.3.3 - that's the go for me... ;-D •12-30-16 01:06 AMLike 0 - Hardware root of trust...?
How deep goes the root, and how far the trust...? ;-D
BlackBerry would have to analyze random samples of the TCL production lines, right? Do they have 1) the capacity and 2) - more importantly - the business case for this..? If you follow their marketing (statements), it's probably 1) no, 2) yes, with their "security, security, security" mantra...
:-)
• 10.3.3 - that's the go for me... ;-D •12-30-16 09:58 AMLike 0 - Honestly I'm far less comfortable with the US Govt having a Grey Hat entity develop a backdoor into any iPhone.12-30-16 12:47 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
TCL sending customers data to China
Similar Threads
-
Priv bluetooth won't stay connected to car
By alibridge in forum BlackBerry PrivReplies: 3Last Post: 12-30-16, 12:13 AM -
New to Crackberry, not to Blackberry!
By VeryBadTim in forum New to the Forums? Introduce Yourself Here!Replies: 3Last Post: 12-29-16, 12:32 PM -
BlackBerry 'Mercury' could make its way to Verizon
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 1Last Post: 12-27-16, 08:39 PM -
How can I add Threema Messenger to the BlackBerry Hub?
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 12-27-16, 05:08 PM -
how do I move apps and info from an android device to a blackberry dtek50
By CrackBerry Question in forum Ask a QuestionReplies: 2Last Post: 12-27-16, 03:35 PM
LINK TO POST COPIED TO CLIPBOARD