[conite]

So you are basically telling us that BlackBerry are idiots, and will take full accountability for anything someone else slaps their logo on...as long as they sign their licensing agreement? Nonsense.

I'm not suggesting they would be legally responsible, but they would be defacto responsible as far as public perception, and the credibility of their software is concerned.

[planetbollox]

I may not know much about the vulnerabilities of smartphone software but I do know that smartphones fall broadly into two camps. Those predominately or principally made in China (most phones even including Sony), or phones not made in China (Samsung) that have had reported issues with combustible batteries. You pays your money and you takes your chances. Decisions, decisions..

[sorinv]

There is no way for this to happen without blackberry knowing. It is pretty obvious why they locked the bootloader, hardened the kernel, etc. If they didn't take all the steps they did then yes, something could theoretically get through. If it did now, blackberry would have to design workarounds for your theoretical script to pull data and send to an outside source in a different country. Anything is possible but lets be realistic, this is basically all blackberry has to hang their hat on in the mobile sector. Once they lose accountability for being secure they are basically screwed. The math doesn't add up with this one. The target is too difficult. Try iphones, galaxy phones, etc. They sell millions of phones, it would be a more worthwhile target for this kind of crap.

I don't think you understand hardware or the paper I posted. It has nothing to do with the bootloader, scripts or OS or even the digital gates in the processor which the processor design house designed. It's an analog circuit that triggers an action in the processor that not even the processor design house (Qualcomm or Mediatek, presumably not Intel because Intel manufactures their chips in house) knows about, let alone BlackBerry.

As far as I infer from Qualcomm's announcements, in the Priv and Dteks, BlackBerry takes advantage of Qualcomm's own firmware which identifies malicious activity at the hardware level.
In the example of the paper posted earlier, Qualcomm firmware would not be able to detect the hardware attack.

Again, I am not saying that a BlackBerry phone sends data somewhere else. All I am saying is that it is a possibility against which BlackBerry is unlikely to be able to defend itself because it does not control the phone
manufacturing and the manufacturing of the ICs in the phone.

Qualcomm typically uses TSMC to fabricate their chips in Taiwan.
Maybe the ones that go in the BlackBerry phones are manufactured in US by IBM/Global Foundries. In that case they would most likely be trusted.

Posted via CB10

[anon(9353145)]

I don't think you understand hardware or the paper I posted. It has nothing to do with the bootloader, scripts or OS or even the digital gates in the processor which the processor design house designed. It's an analog circuit that triggers an action in the processor that not even the processor design house (Qualcomm or Mediatek, presumably not Intel because Intel manufactures their chips in house) knows about, let alone BlackBerry.

As far as I infer from Qualcomm's announcements, in the Priv and Dteks, BlackBerry takes advantage of Qualcomm's own firmware which identifies malicious activity at the hardware level.
In the example of the paper posted earlier, Qualcomm firmware would not be able to detest the hardware attack.

Again, I am not saying that a BlackBerry phone sends data somewhere else. All I am saying is that it is a possibility against which BlackBerry is unlikely to be able to defend itself because it does not control the phone
manufacturing and the manufacturing of the ICs in the phone.

Qualcomm typically uses TSMC to fabricate their chips in Taiwan.
Maybe the ones that go in the BlackBerry phones are manufactured in US by IBM/Global Foundries. In that case they would most likely be trusted.

Posted via CB10

But if that happened, would BlackBerry not be able to find it after the fact by testing the hardware in lab?

[sorinv]

So BlackBerry is incapable of testing TCL devices after manufacture and seeing if they phone home? I'm no expert but I fail to see how TCL could accomplish this without BlackBerry catching it. They'd have to be in cahoots with them in order for this to happen, no?

Read the paper I posted. It explains exactly how this is done at the IC level without Mediatek or Qualcomm knowing about it and being unable to detect it through digital hardware verification tests.

Again, I am not saying that this is the technique used in these TLC leaks.
All I am saying is that it has been demonstrated experimentally by a research group at the University of Ann Arbor Michigan that this can be done without the processor designer and the OS designer being able to detect it.

Posted via CB10

[DaFoxGrey]

But if that happened, would BlackBerry not be able to find it after the fact by testing the hardware in lab?

Unless they were either physically looking at the chip under a micro scope and comparing the layout from the master, trace by trace, or happened across the exact "trigger" that switched on the hardware backdoor, they or anyone else would never find it.
Refer to the link I posted earlier in this thread.

Could it be done by anyone within the hardware production loop of the electronics?
How about some non-malicious chip redesigning.... Killroy Was Here:
The Secret Art Of Chip Graffiti - IEEE Spectrum

[sorinv]

But if that happened, would BlackBerry not be able to find it after the fact by testing the hardware in lab?

No. It's not detectable by the IC designer (unless, as explained above by DaFoxGrey, they inspect the layout post fabrication), let alone by the software designer which relies on the hardware description and firmware to develop the software.

Posted via CB10

[anon(9607753)]

I'm not suggesting they would be legally responsible, but they would be defacto responsible as far as public perception, and the credibility of their software is concerned.

Ha ha, nice try. So now BlackBerry would only be guilty by association, in the court of public opinion? Sounds a lot like back pedalling to me...

Anyway, whatevs right? BlackBerry clearly doesn't have to be concerned about hardware security anymore because it's 100% outsourced to China. Hardware security is now TCL's problem. I am sure BlackBerry's high security government clients are going to find that extremely re-assuring.

[conite]

BlackBerry clearly doesn't have to be concerned about hardware security anymore because it's 100% outsourced to China.

Because BlackBerry's entire future is dependent on the actions of its licencees, I would very much imagine any agreements would have minimum standards, and some level of participation from BlackBerry in the quality control department.

[app_Developer]

Because BlackBerry's entire future is dependent on the actions of its licencees, I would very much imagine any agreements would have minimum standards, and some level of participation from BlackBerry in the quality control department.

That may have been their position going into the negotiations with TCL, but we don't know what the actual agreement says.

Also, in practice, if the license fees (which are presumed to be per device on sell through) start to amount to significant revenue, how seriously will BB enforce any such standards? It would have been different if there had been multiple competing licensees, but with just 3 how much leverage does BB have anymore? Will they ever tell TCL "no that phone doesn't meet our standards and so you can't make it and therefore you can't pay us?"

We'll see how this works in practice over the course of the next year or so.

[anon(9353145)]

No. It's not detectable by the IC designer (unless, as explained above by DaFoxGrey, they inspect the layout post fabrication), let alone by the software designer which relies on the hardware description and firmware to develop the software.

Posted via CB10

Ok, fair enough, read the link on the analog circuit. Basically any phone is potentially vulnerable to this kind of attack, not just phones made in China. We all know that all governments love to snoop after all.

So basically the only way to avoid it with any certainty is to not use any kind of mobile device, computer, etc. Correct?

[TgeekB]

So the Chinese know i like tacos? What am i gonna do now?

[thurask]

So basically the only way to avoid it with any certainty is to not use any kind of mobile device, computer, etc. Correct?

If any IC being compromised means all of them are...

[sorinv]

Ok, fair enough, read the link on the analog circuit. Basically any phone is potentially vulnerable to this kind of attack, not just phones made in China. We all know that all governments love to snoop after all.

So basically the only way to avoid it with any certainty is to not use any kind of mobile device, computer, etc. Correct?

Correct.

Posted via CB10

[sorinv]

If any IC being compromised means all of them are...

Indeed. That's why US has a trusted foundry, or used to have...

Posted via CB10

[anon(9353145)]

Correct.

Posted via CB10

Well it's a crappy state of affairs but I'm not sure what can be done. Personally my main concern is to avoid the non-government private hackers etc. Identity theft, phishing, my banking info, etc. I trust BlackBerry to be diligent about doing their best to keep me safe in that regard. It's equally on me to be safe online - and of course BlackBerry isn't the only company that cares about security...

[sorinv]

Well it's a crappy state of affairs but I'm not sure what can be done. Personally my main concern is to avoid the non-government private hackers etc. Identity theft, phishing, my banking info, etc. I trust BlackBerry to be diligent about doing their best to keep me safe in that regard. It's equally on me to be safe online - and of course BlackBerry isn't the only company that cares about security...

As others have pointed out here, this doesn't mean that most ICs would have that backdoor installed. It would have to be sneaked in by a big semiconductor foundry or someone working for it or by the designer of the processor or of some IP block in the processor.

Posted via CB10

[ray689]

I was not implying it, I was saying it. If BlackBerry has outsourced all hardware design and manufacturing, and declares themselves to be a software company ONLY...what other scenario is there? So you are basically telling us that BlackBerry are idiots, and will take full accountability for anything someone else slaps their logo on...as long as they sign their licensing agreement? Nonsense. That is one mighty profound statement indeed. I think I would have to own quite a few shares before I drank that Cool-aid!

You are assuming that after the licence agreement is signed there are no restrictions on the licencee whatsoever and they can go ahead and slap BlackBerry logo on anything. I find that hard to believe as there is still a software aspect BlackBerry needs to optimize and thus likely has to be somewhat involved with what the OEM is actually producing.

[jevinzac]

I don't know why, but I love this thread lol! Maybe because conite tried to mock the other guy, and he got owned instead!
No offence to anybody intended, just found it funny xD.
And Conite is a really helpful CB member as well, so cheers to you Conite .

Posted via CB10

[Superdupont 2_0]

No. It's not detectable by the IC designer (unless, as explained above by DaFoxGrey, they inspect the layout post fabrication), let alone by the software designer which relies on the hardware description and firmware to develop the software.

Posted via CB10

If you infect a server or desktop computer, chances are this is happening in an Windows AD environment with a good firewall appliance etc etc... so it at least the suspicious traffic could be detected and the infected device could be identified.

But how many enterprise is really monitoring cell phone traffic?

The more I think of it, the more I like the idea of compromised hardware, although it still sounds like an expensive TAO adventure.

Posted via CB10

[conite]

I don't know why, but I love this thread lol! Maybe because conite tried to mock the other guy, and he got owned instead!No offence to anybody intended, just found it funny xD.
And Conite is a really helpful CB member as well, so cheers to you Conite .

Posted via CB10

I never mocked anyone.

I stand by my statement that BlackBerry would have sufficient controls in place for something like this not to happen.

I have not read anything here that would convince me otherwise. I don't buy the conspiracy theory, sorry. A couple of data points far out in left field, perhaps.

[Thud Hardsmack]

[info]Let's bring it back to TCL or find a new thread for the hardware flaw, it has nothing to do wth TCL.[/info]

[Prem WatsApp]

Hardware root of trust...?

How deep goes the root, and how far the trust...? ;-D

BlackBerry would have to analyze random samples of the TCL production lines, right? Do they have 1) the capacity and 2) - more importantly - the business case for this..? If you follow their marketing (statements), it's probably 1) no, 2) yes, with their "security, security, security" mantra...

:-)

•   10.3.3 - that's the go for me... ;-D   •

[anon(9607753)]

Hardware root of trust...?

How deep goes the root, and how far the trust...? ;-D

BlackBerry would have to analyze random samples of the TCL production lines, right? Do they have 1) the capacity and 2) - more importantly - the business case for this..? If you follow their marketing (statements), it's probably 1) no, 2) yes, with their "security, security, security" mantra...

:-)

•   10.3.3 - that's the go for me... ;-D   •

My response to your second question would be skin deep...or the back cover with the logo on it, whichever comes first. They haven't shown me any reason I should believe otherwise, at least not yet. Anyone who knows anything about security knows the idea of rubber stamping another company's product is a laughable proposition. We'll see. I'm all for pleasant surprises. ;-)

[asublimeday]

Honestly I'm far less comfortable with the US Govt having a Grey Hat entity develop a backdoor into any iPhone.