07-10-16 06:30 PM
81 ... 234
tools
  1. LazyEvul's Avatar
    Interesting, there's a bit more information about BID here,

    BlackBerry Integrity Detection is here! | BlackBerry Developer Blog

    Basically developers can integrate BID into their apps and check the status of a device before performing an action (if the device has BID of course). The FAQ goes into a bit more detail,

    https://supportforums.blackberry.com...w/ta-p/3178827

    They use NFC payments as an example but I wonder if any OS level apps are using it on the Priv?
    Hard to say. This is why BlackBerry needs to be more transparent. Though if the device were popular enough, I'm sure some researchers would have figured this out regardless, but alas.


    It would depend on the exploit but in current cases the protection definitely isn't minimal,

    BSRT-2016-002 Vulnerability in Android/Linux kernel impacts BlackBerry PRIV smartphones (under "Mitigations")

    For other devices the only option was to wait for an OEM update,

    Android rooting bug opens Nexus phones to ?permanent device compromise? | Ars Technica

    I think it's a pretty safe assumption that the Priv would handle other root based vulnerabilities the same way. Granted we're likely a few years away from EOL and there's no telling how exploits will advance in that time but assuming the Priv is still able to detect root access the device seems to have a system in place to block exploits and restore system integrity.
    Fair point, sounds like it might be providing good protection, but I wish BlackBerry would be more transparent with what exactly is happening. They say "Attempts to use this vulnerability to gain persistent elevated privileges on a BlackBerry PRIV are likely to fail," but how likely are we talking? Why are they likely to fail? What kind of situation would it succeed in?
    07-09-16 12:21 PM
  2. Invictus0's Avatar
    Hard to say. This is why BlackBerry needs to be more transparent. Though if the device were popular enough, I'm sure some researchers would have figured this out regardless, but alas.




    Fair point, sounds like it might be providing good protection, but I wish BlackBerry would be more transparent with what exactly is happening. They say "Attempts to use this vulnerability to gain persistent elevated privileges on a BlackBerry PRIV are likely to fail," but how likely are we talking? Why are they likely to fail? What kind of situation would it succeed in?
    Agreed on both accounts, more transparency would definitely make discussions like this a bit easier.

    I'm not sure how realistic this would be but it would actually be kind of cool if they demonstrate how the Priv reacts to a vulnerability. They've done it at events in the past with medical devices IIRC.
    07-09-16 12:41 PM
  3. LazyEvul's Avatar
    I'm not sure how realistic this would be but it would actually be kind of cool if they demonstrate how the Priv reacts to a vulnerability. They've done it at events in the past with medical devices IIRC.
    I'm sure it'd be possible, maybe they'd consider something like that for future Android devices. Though it's always worth noting that the malware would probably be cherry-picked by BlackBerry so that the phone reacts exactly the way they want. Not necessarily reflective of a real-world scenario, but it might give us some helpful insight.
    Invictus0 likes this.
    07-09-16 05:02 PM
  4. fschmeck's Avatar
    Google does not sell your data. Why do people keep saying this?
    They do however sell ads that are targeted using your data. So they might not sell my location, time of day and sites I accessed. Pretty sure they will however sell a company ad space targeting someone who has been shopping for DVD players at Best Buy stores in New York, for example. When that info spreads, and is cross referenced with other data from other sources, doesn't this amount to the same thing?

    Not saying it is avoidable, but Google is an advertising company so it is in their best interest to know as much as they can about you. Like the saying goes, if the service is "free", then you are the product.

    Posted via CB10
    07-10-16 11:05 AM
  5. TgeekB's Avatar
    They do however sell ads that are targeted using your data. So they might not sell my location, time of day and sites I accessed. Pretty sure they will however sell a company ad space targeting someone who has been shopping for DVD players at Best Buy stores in New York, for example. When that info spreads, and is cross referenced with other data from other sources, doesn't this amount to the same thing?

    Not saying it is avoidable, but Google is an advertising company so it is in their best interest to know as much as they can about you. Like the saying goes, if the service is "free", then you are the product.

    Posted via CB10
    I find it different.
    There's no way to stop people from observing our conscious intentions every day, unless we're going to hide under a rock. When I go out in public to a concert, for instance, people (if they wish) can get an idea of what types of music I like. If I go to a store and purchase golf clubs, it's pretty easy to see what sports I like. It's near impossible to be invisible. Only people observing will see that though.
    Taking that data and selling it to the world is quite different, in my eyes anyways. You are right though that this data can be cross referenced, etc, and I'm not sure what we can do about that in this technologically run world.
    07-10-16 11:35 AM
  6. Prem WatsApp's Avatar
    Security is what's left over when all fails... :-D

      There's a Crack in the Berry right now...  
    07-10-16 06:30 PM
81 ... 234

Similar Threads

  1. What phones/tablets do you own?
    By GLAT in forum BlackBerry Priv
    Replies: 27
    Last Post: 02-16-18, 10:24 AM
  2. Comparing wireless Qi chargers -- the Tylt VU is a winner
    By classact in forum BlackBerry Priv
    Replies: 13
    Last Post: 07-29-16, 11:01 AM
  3. When is AT&T Priv getting Marshmallow?
    By ShipyStyle in forum BlackBerry Priv
    Replies: 13
    Last Post: 07-07-16, 10:08 PM
  4. Replies: 2
    Last Post: 07-04-16, 06:50 AM
LINK TO POST COPIED TO CLIPBOARD