[Omnitech]

Quotes from Scott Totzke, senior vice-president for security, Blackberry

---

Presentation at Ottawa conference 2013-11:

"It’s critical for not only industry and solution vendors like Blackberry but the whole telecom industry to really have a strong voice in governance and oversight because the last thing we want to do is get into a situation where there isn’t oversight and you just get overrun with requests from the government (for customer data) and you get these things we see going on in the U.S.

It’s detrimental to vendors and service providers here, but it’s also detrimental to Canada because it does set up a state that can be perceived as being overly aggressive from a monitoring standpoint. This is where industry really needs to step into that discussion."

---

Article for Federal Times (Publication for US govt agency managers) 2013-11

Excerpts:

Today’s smartphones contain some of our most sensitive information, including credit card numbers, text messages, contacts, photos, passwords, location tracking software and details about users’ behaviors and search histories.

The proliferation of mobile computing means that we’re storing more important information on our devices than ever before. Then we take that data with us wherever we go, so that we can constantly be productive and connected from any location.

Leading part of an organization that has worked with governments and enterprises around the globe, my team and I have a unique perspective on what policies and practices are required to ensure that sensitive data is safeguarded. There are five principles to help guide the implementation of smart, secure solutions from our perspective: [...]

The mobile technology industry must refrain from implanting “back doors” into their programs that could allow federal agencies or hackers to break into their otherwise secure platforms. Companies should feel confident that their mobile providers are not colluding with the government to access secure mobile systems. For example, my company, BlackBerry, intentionally developed our technology with no back doors embedded in our mobile security communications protocols. [...]

Consumers can drastically improve their mobile safety by following tips such as using strong passwords, being mindful of private credentials when accessing public Wi-Fi connections, and following best practices for physical device security, including using the lock function on mobile devices and frequently changing passwords.

---

Facebook 2013-10 (29,389,xxx likes):

When it comes to security, BlackBerry is best in class. “[It’s] at the core of everything we do. We build our solutions without backdoors or compromise,” says Scott Totzke, Senior Vice President for BlackBerry Security. Here, Totzke explains exactly how our technology works to protect your privacy: http://blck.by/168NJgF

---

Guest Post, Congress Blog, The Hill magazine 2013-10:

[...] I hope to explain what consumers, enterprises and governments really need to know when listening to reports about alleged security vulnerabilities. [...]

In the context of the BlackBerry solution, we use multiple sources of entropy to create dynamic and changing keys that ensure that mobile data is encrypted and unreadable until it is safely delivered and decrypted at its destination. These keys change for every packet of data that is sent. So when you receive a one megabyte presentation on your device that actually represents 500 individual packets (or transactions) – each encrypted with a unique key. [...]

So when it comes to trusting your communications or mobile infrastructure, security has to be built in, end-to-end and at every layer: from the hardware, software and the network itself, in order to protect data where it’s most vulnerable. [...]

At BlackBerry, that means we have teams dedicated to the security that is at the core of everything we do. We build our solutions without “backdoors” or compromise.

---

[Omnitech]

There has been pressure from the Obama administration in the USA to come up with a "Code of Conduct" for mobile apps, to get a handle on the rampant abuse of user information and security that has been going on for years now.

Of course, many organizations resist this for obvious commercial reasons, but my hope is that citizen awareness of the importance of this issue will rise to the point where companies ignore it at their own peril.

I found it interesting that the list of supporters working on the latest draft specification for this initiative included BlackBerry, Apple and even Facebook - but one very large and notable company was missing. I wonder why?

App code of conduct testing underway - FierceMobileGovernment

[Dgree03]

There has been pressure from the Obama administration in the USA to come up with a "Code of Conduct" for mobile apps, to get a handle on the rampant abuse of user information and security that has been going on for years now.

Of course, many organizations resist this for obvious commercial reasons, but my hope is that citizen awareness of the importance of this issue will rise to the point where companies ignore it at their own peril.

I found it interesting that the list of supporters working on the latest draft specification for this initiative included BlackBerry, Apple and even Facebook - but one very large and notable company was missing. I wonder why?

App code of conduct testing underway - FierceMobileGovernment

I still stand by that bbos 10.1 non BES, is no more secure than android kitkat 4.4 or iOS 7.0.3.

We can argue given the size of android and the murky upgrade path for devices that there are some exploited OS versions still running.

The articles you post from a Bbry executive are of course going to trumpet security... Doesn't mean it is true.

Also the fact that bb10 hasn't been rooted does not mean it can't be rooted...

[R Field]

I still stand by that bbos 10.1 non BES, is no more secure than android kitkat 4.4 or iOS 7.0.3.

We can argue given the size of android and the murky upgrade path for devices that there are some exploited OS versions still running.

The articles you post from a Bbry executive are of course going to trumpet security... Doesn't mean it is true.

Also the fact that bb10 hasn't been rooted does not mean it can't be rooted...

Did you read anything he wrote in his first few posts in this thread or did you just gloss over it?

BlackBerry Z10 (Z30 inbound) | 10.2.1.1055 | C0006E212

[Dgree03]

Did you read anything he wrote in his first few posts in this thread or did you just gloss over it?

BlackBerry Z10 (Z30 inbound) | 10.2.1.1055 | C0006E212

I read it all, what is your point?

[R Field]

I read it all, what is your point?

So your saying the OS built from scratch in house with all the points he made is worth nothing?

BlackBerry Z10 (Z30 inbound) | 10.2.1.1055 | C0006E212

[diogoteixeira87]

Ask Obama.

Posted via CB10

[Dgree03]

So your saying the OS built from scratch in house with all the points he made is worth nothing?

BlackBerry Z10 (Z30 inbound) | 10.2.1.1055 | C0006E212

Nope didn't say it was worth nothing, I am just pointing out that the OS is no more secure, than the latest iOS or android OS.

The fact that is hasn't been rooted means nothing to me.

Now put a z10 in BES and all bets are off.. He'll put an iPhone or android on BES... All now secure

[axeman1000]

I still stand by that bbos 10.1 non BES, is no more secure than android kitkat 4.4 or iOS 7.0.3.

We can argue given the size of android and the murky upgrade path for devices that there are some exploited OS versions still running.

The articles you post from a Bbry executive are of course going to trumpet security... Doesn't mean it is true.

Also the fact that bb10 hasn't been rooted does not mean it can't be rooted...

Wow, even documented facts can't wake you up......it's more secure, now run along and admit all you have better on BlackBerry now is a number of apps.

BlackBerry forever, haters never!

[bungaboy]

BB10 phones that are not on BES10 are no more secure than any other phone.

BB10 phones that are on BES10 have, potentially, several services that ARE more secure than other phones, but even then, phone calls, SMS/MMS, Web browsing, and other services are still no different than other phones.

One of the most important aspects of security is understanding what is and isn't secure. Merely "having faith" is not security - security has real definitions and limitations, on every platform.

That and $1.73 will buy you a double double at your local Timmies.

[Troy Tiscareno]

Omnitech,

Explain to everyone how BB10 phones have made voice calls and SMS/MMS messages more secure than other phones. Explain how BB10 phones can't be location-tracked by the carriers, or have their browsing history recorded by them. I know I'm interested in hearing about that.

[SEAWARRIOR]

"TCSM: Is the BlackBerry really more secure than the iPhone?"

given that i read about ios being hacked a few times a year, i'd say, "you betcha!!!",,, & i won't even mention 'droid...

[stlabrat]

Omni tech, look like you are in for the bull fighting.. hard to change the perceptions. (left and right hemisphere brain cell connection would be difficult more than ever).

Posted via CB10

[R Field]

It has private browsing features. Something you might know if you actually had a BB10 device.

BlackBerry 10 Security Features [Infographic] | Inside BlackBerry

Attachment 227939

[axeman1000]

Omnitech,

Explain to everyone how BB10 phones have made voice calls and SMS/MMS messages more secure than other phones. Explain how BB10 phones can't be location-tracked by the carriers, or have their browsing history recorded by them. I know I'm interested in hearing about that.

Were you nicknamed the wall in high school by chance? And this is not for a football thing. Lol

BlackBerry forever, haters never!

[anon(2729369)]

Root and patches
BB10 has been rooted, but you can't keep it when you upgrade the OS and BlackBerry's security team is usually reacting quickly when flaws are disclosed.
They do have similar problems to Google's though. They depend on carriers to send security patches to users, so you have lots of theoretically exploitable versions out there, but they have the advantage of having a better defence mechanism built into the OS to protect the user from someone trying to exploit a bug.

Information security
If you don't use BES and want to send sensitive information via SMS, BBM or plain text emails, then don't complain if that gets stolen. If you give "Internet" permission to apps from developers you know nothing about, then it doesn't matter which platform you're using. You love the convenience of the cloud? Then love the thought of your data being made available to hackers and governments.

On Android, you can find many more products which can help you protect your data: Email, IM and cloud encryption, Tor browsing, secure voice calls, consumer friendly VPN, but the only problem is: Can you trust the OS to not intercept what's happening between the UI and the app? I'm sure many Android owners were surprised to hear that their microphone could be remotely activated by law enforcement. Are you sure they or some 14yo from his basement can't read the screen or take screenshots of what you're doing?

Enterprise solutions
Also, Balance is second to none, especially on 10.2.1. We're not talking about a secure container with everything stuffed in it, but apps which can give you different views depending on whether you need access to work or personal data. This is only possible on BB10, for all reasons mentioned by Omnitech earlier.

It's about what you need
So, there is no perfect mobile solution and you have to evaluate the risks of using one OS vs the others, as well as all the apps you plan on putting on it. Luckily for him, Obama has an entire team dedicated to the task of securing his phone and they even provide BES, which can't be beaten, yet, but Apple is working very hard on adding IT policies to their OS in order to make their products more competitive in the enterprise space, so I wouldn't be surprised if the next US president would be given a choice of device to communicate with his family.

[JR A]

Wrong again, Troy.

There are some fundamental aspects of the system architecture that are designed from the ground-up to have a focus on being either inherently secure or securable. This is a distinct differentiating aspect of the Blackberry platform, with or without BES.

Tell me when was the last time you heard of someone with a BB10 device that was rooted.

I thought so.

Enough of your FUD.

Thanks omnitech bout time someone did what you did, it seems that's the new thing to throw around these days, "BlackBerry phones not on bes are no more secure than other phones"



CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

BB10 was rooted.

But even if it wasn't, just because it isn't rootable doesn't mean it's secure.

Actually, before we move this discussion further, what is it exactly you speak of when you say, "Security" or "Secure"?

I think we're talking about different things...

[Omnitech]

Omnitech,

Explain to everyone how BB10 phones have made voice calls and SMS/MMS messages more secure than other phones. Explain how BB10 phones can't be location-tracked by the carriers, or have their browsing history recorded by them. I know I'm interested in hearing about that.

It's a cellphone, it makes calls via mobile carriers.

That has nothing to do with whether the platform is more secure and harder to exploit in a variety of ways compared to major competitors.

You don't get to pick and choose a couple of things and then pretend that that's all that matters. Sorry.


IT Threat Evolution: Q3 2013 - Securelist


Quoting:

---

"Android accounted for 99.92% of all attacks on mobile platforms in Q3 2013. This comes as no surprise: the platform remains popular and open; in addition, even its latest versions support the installation of applications from unknown sources."

---

Put that in your pipe and smoke it.

You are so predictable.

[Omnitech]

BB10 was rooted.

A version of the OS that doesn't exist in the wild any more (only existed for a short time anyway) and that loophole has been closed, which people would have discovered if they read the links I posted earlier.

But even if it wasn't, just because it isn't rootable doesn't mean it's secure.

Never claimed that. I did claim it is MORE secure than most of its competition, and it is. For a variety of reasons.

Actually, before we move this discussion further, what is it exactly you speak of when you say, "Security" or "Secure"?

I think we're talking about different things...

You remind me of Bill Gates deposition in the Netscape case where he asked "What do you mean, "browser"?"

[BitPusher2600]

OK here we go:
Regular BlackBerrys aren't more secure than anything else, they suck, I am so wrong to choose BlackBerry and I'm going to run out and buy a new Samsung or maybe an iPhone RIGHT NOW. You all WIN. Big 1080p screens and APP GAP NO MORE! BlackBerry is DEAD. Thanks to whom it applies for showing me how wrong I am and how much better everything else is!



There, have those few of you with something to prove against BlackBerry been satisfied now? You aren't going to make people who love BlackBerry STOP loving BlackBerry nor are you changing anyone's mind. And in all of this, thank you for presenting technical information demonstrating how BlackBerry is not OVERALL more secure a platform and OS than anyone else. Why again do people who do not love BlackBerry come again and again to a site that is devoted to people who love BlackBerry? I concede the loss, because i'll never understand it.

Posted from BitPusher's Q10

[Omnitech]

As anyone in the security field knows, the "BlackHat" conferences each year are one of the most well-known venues where hackers discuss the current state of technology and information security, and it is here that they frequently showcase the latest methods of breaking into digital systems.

At the BlackHat 2013 conference in July, there was a highly-touted session by Ralf-Phillip Weinmann of the University of Luxenbourg, who was claiming to talk about weaknesses in BlackBerry 10 and/or how to break-in or exploit the OS.

Only one problem: he didn't really offer any concrete plans or examples of how this actually could be or had been done.

Contrast this with all the presentations at that same conference showcasing live exploits of Android and iOS.

'Nuff said.

BlackHat Session on BlackBerry 10 Security a Total "Un-amusing" FLOP - BerryReview


There has to be a reason why 99.92% of mobile malware infections right now are occurring on the Android platform. Android certainly doesn't have a 99.92% share of the market.

In terms of security, iOS is actually better than Android in several respects too. Pity about all those jailbreaks and that insecure fingerprint sensor though.

[stackberry369]

As anyone in the security field knows, the "BlackHat" conferences each year are one of the most well-known venues where hackers discuss the current state of technology and information security, and it is here that they frequently showcase the latest methods of breaking into digital systems.

At the BlackHat 2013 conference in July, there was a highly-touted session by Ralf-Phillip Weinmann of the University of Luxenbourg, who was claiming to talk about weaknesses in BlackBerry 10 and/or how to break-in or exploit the OS.

Only one problem: he didn't really offer any concrete plans or examples of how this actually could be or had been done.

Contrast this with all the presentations at that same conference showcasing live exploits of Android and iOS.

'Nuff said.

BlackHat Session on BlackBerry 10 Security a Total "Un-amusing" FLOP - BerryReview


There has to be a reason why 99.92% of mobile malware infections right now are occurring on the Android platform. Android certainly doesn't have a 99.92% share of the market.

In terms of security, iOS is actually better than Android in several respects too. Pity about all those jailbreaks and that insecure fingerprint sensor though.

Malware. Infections will affect those who download unsupported and unauthorized app onto their phones.

sent from my galaxy note 3

[ccan]

BB10 phones that are not on BES10 are no more secure than any other phone.

BB10 phones that are on BES10 have, potentially, several services that ARE more secure than other phones, but even then, phone calls, SMS/MMS, Web browsing, and other services are still no different than other phones.

One of the most important aspects of security is understanding what is and isn't secure. Merely "having faith" is not security - security has real definitions and limitations, on every platform.

BlackBerry 10 that are not using BES10 can be encrypted. Go into settings, click on security and privacy then you have the option to encrypted your device and/or your media card.

Posted via CB10

[raggdoll]

Wow, are you BlackBerry guys ever geeky, holy!!!! You must really like this in depth tech stuff…

[Omnitech]

Malware. Infections will affect those who download unsupported and unauthorized app onto their phones.

I guess the only people that download unauthorized apps then are Android users. Why is that?

sent from my galaxy note 3

But of course.