This is why I trust Blackberry
- After reading this on Cnet, I'm glad I have a Blackberry....
When good Android apps go bad -- a security lesson | Security & Privacy - CNET News07-20-12 06:01 PMLike 4 - Reminds me of the H-series antihack performed by DirecTV back in 2000.
DirecTV's Secret War On Hackers - Slashdotfanatical and SnoozerBold like this.07-20-12 06:13 PMLike 2 -
- My God man doesn't ipad run this...impossible!!!! This is just another lie ipad is the best....OK....OK...sorry I couldn't keep a straight face.07-20-12 06:46 PMLike 0
-
- Reminds me of the H-series antihack performed by DirecTV back in 2000.
DirecTV's Secret War On Hackers - Slashdot07-20-12 08:47 PMLike 0 - 07-20-12 08:59 PMLike 2
- Reminds me of the H-series antihack performed by DirecTV back in 2000.
DirecTV's Secret War On Hackers - Slashdot
To add a little pizzazz to the operation, DirecTV personally "signed" the anti-hacker attack. The first 8 computer bytes of all hacked cards were rewritten to read "GAME OVER".07-20-12 09:15 PMLike 0 - I feel bad for android users who use their phone to make payments or have sensitive information on their phone. I ask my self this question, when are consumers going to take security very seriously? I always do. That is why I chose blackberry and Ill be waiting on line for BB10 phone. BLACKBERRY, THE BEST IN SECURITY.07-21-12 12:23 AMLike 6
- What ? Another security flaw in Android ? WOW I never would have guessed.. Something tells me this won't be the last either.
But really, as long as Google is still able to manipulate their users to generate more ad revenue, it's all good....
Who cares about security anyway!! Android users can get their free ad\virus laden apps, and Google can keep collecting their pennies.... alls good..... Right ???bk1022 and calicocat2010 like this.07-21-12 10:40 PMLike 2 - BrantaRetired Network ModAt a theoretical level this kind of attack could impact any software, on any platform. In the hands of an intelligent user the relatively granular permissions settings should put BlackBerry amongst the more resistant systems, but in the hands of the average "just ignore the message and click OK" user... game over!
As always the greatest vulnerability is the human element, the seat-keyboard interface which fails to consider the risks involved with software from an unknown developer.
There is no such thing as a "free lunch" and the developer will usually seek to recover the cost of development one way or another. It may be in-app advertising, it may be direct charges to the user, or in a few unscrupulous cases it may be by data-mining the device and misusing or selling the user's data.
I am amazed that we still see relatively trivial (declared functionality) applications which will only run with "Allow All" security settings which are far in excess of any rational requirement - and users are still surprised when they get scammed after explicitly approving global permissions without a second glance. They wouldn't grant such freedom on a PC so why do they do it on a smartphone?07-22-12 06:39 PMLike 5 - The current Blackberry platform?
It's possible.
The QNX platform?
Here's a quote from their own website:
Q: What does the QNX Neutrino RTOS do to ensure security?
A: The QNX Neutrino RTOS is an exceptionally secure operating system by design. Its microkernel architecture along with a high availability framework, adaptive partitioning, and Common Criteria certification are all the right ingredients for building a secure product. See the whitepaper on building secure, fault-tolerant systems.
Q: What about viruses and other malware?
A: Viruses are desktop computing phenomenon that are unusual in embedded devices. While the QNX Neutrino RTOS does have desktop components, there are currently no documented cases of a virus specifically designed for it. This, along with the fact the RTOS supports a fully POSIX-compliant user-privilege model, robust design fundamentals, and fault tolerance, makes a virus attack on it unlikely. There are no existing virus or malware scanners for the QNX Neutrino RTOS and QNX Software Systems does not anticipate a need for these types of products.
Q: We’re planning to enable the user to download arbitrary JAVA apps from untrusted sources. What can we do to prevent these apps from harming the system?
A: The best solution for dealing with virtual machines, such as a Java runtime, is to isolate the virtual machine (VM) process into its own adaptive partition. This way, the VM can get access to as many CPU cycles as needed but never more that its budget when the CPU is fully loaded. If, for some reason, an application goes into an infinite loop or tries to hog all of the available CPU, it will be throttled back to the partition’s budget. Using a secure partition in this way ensures downloadable Java applications can never interfere with the rest of the system.
I wonder if Android malware would function on the Playbook as intended at all.unimaginative username likes this.07-22-12 09:10 PMLike 1 - If the trick you refer to is apps asking for unnecessary permissions/overstepping their functionality, It DOES happen on the BlackBerry platform, although not with the nefarious end goal of malware dropping. I have at least 4 apps right now asking for unnecessary (i.e. not needed to run) permissions at every reboot. At the very least, one app tries to get me to write a review, and others like Jaredco straight up spam your email account.
So, as branta said, the human element is a big factor. I spent a good 20-30 minutes modifying permissions for ALL my third party apps, and I was really surprised at how many apps had a free reign on my phone. But who takes the time to go back and look at permissions?07-22-12 09:31 PMLike 0 - If the trick you refer to is apps asking for unnecessary permissions/overstepping their functionality, It DOES happen on the BlackBerry platform, although not with the nefarious end goal of malware dropping. I have at least 4 apps right now asking for unnecessary (i.e. not needed to run) permissions at every reboot. At the very least, one app tries to get me to write a review, and others like Jaredco straight up spam your email account.
So, as branta said, the human element is a big factor. I spent a good 20-30 minutes modifying permissions for ALL my third party apps, and I was really surprised at how many apps had a free reign on my phone. But who takes the time to go back and look at permissions?07-22-12 11:06 PMLike 0 - I'd be happy with a one line explanation as to why the app needs a specific permission it asks for. An average user does not (and cannot be expected to) know what "organizer data", "security timer reset" permissions are, and a blind approve-all is obviously not the way to go.07-22-12 11:51 PMLike 0
- BrantaRetired Network ModI'd be happy with a one line explanation as to why the app needs a specific permission it asks for. An average user does not (and cannot be expected to) know what "organizer data", "security timer reset" permissions are, and a blind approve-all is obviously not the way to go.
A minority will be deliberately set with malicious intent - like the notorious JaredCo apps which raid the user's personal data to send spam. In these cases the app either checks and demands wider permission before it will even load, or the undesirable functions may fail with or without an error message. Unfortunately the average user is conditioned to granting whatever the app demands. After all... I wouldn't be stupid enough to install malware... I paid for it and I want it to work...raino likes this.07-23-12 04:23 AMLike 1 - BrantaRetired Network ModThe current Blackberry platform?
It's possible.
The QNX platform?
Here's a quote from their own website:
It's interesting that the untrusted Java app solution seems very similar to the current Android solution.
I wonder if Android malware would function on the Playbook as intended at all.
As always when security is considered, if the human (malicious or stupid) has uncontrolled physical access to the hardware it is almost impossible to ensure continued security.07-23-12 04:29 AMLike 0 - They used to do something like this by charing for the code signing keys. To access any functions that needed access rights, you needed to purchase and sign your code with keys from RIM. This drove away quite a few devs, so te keys are (for now) free.07-23-12 07:41 AMLike 0
- The QNX quote suggests it may be difficult for a true virus to impact the core OS - and it should certainly be difficult to achieve without human intervention. However these mechanisms would do absolutely nothing to prevent the user actively installing a trojan style malicious application, and granting all necessary permissions for undesirable activity.
As always when security is considered, if the human (malicious or stupid) has uncontrolled physical access to the hardware it is almost impossible to ensure continued security.07-23-12 11:47 AMLike 0 -
I don't really see this permission problem being addressed by any OS. It's more of a developer education and accountability issue. When an app is submitted, I'm sure RIM asks for price, description, screenshots etc--they should just add another question about what permissions are asked for, and why (in terms understandable to the end user.)07-23-12 11:58 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
This is why I trust Blackberry
LINK TO POST COPIED TO CLIPBOARD