06-22-12 09:56 PM
32 12
tools
  1. jly.public's Avatar
    I'm curious if BIS, and ultimately confidential information on end user devices, has ever been compromised. Another concern I have is BBM security. What's the probabilty of my device getting compromised from use of BBM (file trasfer, messages, etc)?

    Any security experts care to shed some lights on security?
    06-21-12 04:03 PM
  2. Pete6's Avatar
    No need for a security expert. BIS is very secure indeed. It is so secure that the Indian givernment shut down BIS because it was unable to crak it.

    BBM uses BIS as its transport so over the air BBM is also secure.

    If you do not put a Device Password on your phone then it is vulnerable. If you do, then it is not vulnerable unless you are a law enforcement agency wishing to access the device. Even then it takes time.
    Slayohslay likes this.
    06-21-12 04:08 PM
  3. anon3700711's Avatar
    BIS is not very secure at all and has the lowest form of security. BES has the highest.
    BBM is totally secure, as far as I'm aware.

    There has only been one successful hack of a BlackBerry AFAIK and it was merely a WebKit Browser hack back on OS6 which has since been patched.
    06-21-12 04:09 PM
  4. Ben1232's Avatar
    Pete beat me to the Indian government part I thought of when reading the thread title
    06-21-12 04:20 PM
  5. jly.public's Avatar
    I just enabled encryption on device memory and media card. Are these precautionary measures necessary in order to protect me from someone hacking into my phone via public wifi or BIS?
    06-21-12 04:28 PM
  6. Ben1232's Avatar
    I just enabled encryption on device memory and media card. Are these precautionary measures necessary in order to protect me from someone hacking into my phone via public wifi or BIS?
    My enabled compression has been turned off since I heard it slows bb's down by always compressing memory / storage in the back ground.

    I also heard it isn't needed as much and was for old bb's with small amounts of memory / storage.

    I don't think its for security.
    06-21-12 04:33 PM
  7. Pete6's Avatar
    BIS is not very secure at all and has the lowest form of security. BES has the highest.
    BBM is totally secure, as far as I'm aware.

    There has only been one successful hack of a BlackBerry AFAIK and it was merely a WebKit Browser hack back on OS6 which has since been patched.
    BIS uses TES (Triple DES) I is highly secure. The Webkit browser issue was only related to Javascript use and as you said, has been corrected for about a year now.

    There is no difference between BIS and BES from a wireless encryption standpoint. BES (BlackBerry Enterprise Service) does have much more control over member phones connected to it but, this is mainly used by well, enterprises although there are ways to buy into a BES system if you really need it.

    Make no mistake, BIS is very, very secure from a transmission standpoint. If you do not password protect your phone then just like leaving your front door open, you can get ripped off.
    06-21-12 04:34 PM
  8. Phill_UK's Avatar
    I don't think its for security.
    Encryption is for security... compression isn't


    Sent from my  Bold
    06-21-12 04:34 PM
  9. T
    I just enabled encryption on device memory and media card. Are these precautionary measures necessary in order to protect me from someone hacking into my phone via public wifi or BIS?
    The data stored on a locked BlackBerry is completely safe if security settings are applied properly. Here's a topic with some relevant information: http://forums.crackberry.com/tips-ho...a-card-607887/.

    With public wifi, there's always a risk of someone capturing the information you transmit right over the air. I wouldn't send any passwords over it.

    BIS is just the BlackBerry data service; it's your connection to BlackBerry services via RIM's network operations center. It pushes email to your handheld when you have email and allows you to manage your pushed email accounts from your handheld to a certain extent. BIS also compresses the data you transmit so you use less data than other smartphone platforms would for transmitting the same information.

    Be careful with third-party applications you download. With BlackBerry, you yourself can set the permissions for each application. You can even severely restrict them, but the trouble is that many applications won't work well or at all if you don't give them every permission under the sun. And that, in my opinion, is part of the smartphone app scam; it's intentional, for whatever reason. If you give an application "Trusted Application" status, it won't even ask you whenever it accesses sensitive information on your phone. So, I would guess that the highest security risk on the BlackBerry platform comes from using applications that require access to sensitive information stored on your smartphone. The choice may often be give them access or don't use the app. I'd rather not use the app. My data is worth more to me than some screenshot app.
    GeoK likes this.
    06-21-12 04:50 PM
  10. jly.public's Avatar
    If I'm using public wifi, would that mean BIS is disabled and all Internet and BBM traffic are now routed through the public wifi connection? I'm also concerned about security related to emails/bbm messages pushed to my Bold while I'm connected through a public wifi network.
    06-21-12 05:00 PM
  11. Ben1232's Avatar
    The data stored on a locked BlackBerry is completely safe if security settings are applied properly. Here's a topic with some relevant information: http://forums.crackberry.com/tips-ho...a-card-607887/.

    With public wifi, there's always a risk of someone capturing the information you transmit right over the air. I wouldn't send any passwords over it.

    BIS is just the BlackBerry data service; it's your connection to BlackBerry services via RIM's network operations center. It pushes email to your handheld when you have email and allows you to manage your pushed email accounts from your handheld to a certain extent. BIS also compresses the data you transmit so you use less data than other smartphone platforms would for transmitting the same information.
    Be careful with third-party applications you download. With BlackBerry, you yourself can set the permissions for each application. You can even severely restrict them, but the trouble is that many applications won't work well or at all if you don't give them every permission under the sun. And that, in my opinion, is part of the smartphone app scam; it's intentional, for whatever reason. If you give an application "Trusted Application" status, it won't even ask you whenever it accesses sensitive information on your phone. So, I would guess that the highest security risk on the BlackBerry platform comes from using applications that require access to sensitive information stored on your smartphone. The choice may often be give them access or don't use the app. I'd rather not use the app. My data is worth more to me than some screenshot app.

    I noticed not giving apps all the permissions stopped an app working for me today. The app is Amplify, I downloaded the trial before it was on the CB main page after seeing it on Youtube.

    Bad eh !
    06-21-12 05:06 PM
  12. dentynefire's Avatar
    Correct me if I'm wrong but only files added after encryption is turned on will be encrypted. Meaning the files on the device before you do that are still unencrypted. Might be important
    06-21-12 05:12 PM
  13. T
    Correct me if I'm wrong but only files added after encryption is turned on will be encrypted. Meaning the files on the device before you do that are still unencrypted. Might be important
    Even files you add after encryption is turned on might not be encrypted. It depends on the method of transfer. (When I say "files," I mean pictures and videos; I have no experience with other types of files.)

    If encryption is turned on, files received in emails will be encrypted; files received over Bluetooth will be encrypted; and files transferred using Desktop Software's "Files" feature will be encrypted. If Desktop Software is not used, and files are dragged and dropped onto a BlackBerry's micro sd card using the BlackBerry as a USB drive (Mass Storage Mode), they will not be encrytped.
    Last edited by Tnis; 06-21-12 at 05:29 PM.
    06-21-12 05:26 PM
  14. T
    If I'm using public wifi, would that mean BIS is disabled and all Internet and BBM traffic are now routed through the public wifi connection? I'm also concerned about security related to emails/bbm messages pushed to my Bold while I'm connected through a public wifi network.
    Mostly through the wifi. Some things won't use wifi (like AppWorld, maybe something else). As for the content of the emails, I would think it would be visible to someone snooping near the access point, but I'm not sure. I would be very careful on any device (phone, tablet, laptop) with a public access point, especially when it comes to passwords and account numbers. Use the cellular network for those things. Again, I would think that's more secure (no guarantees).
    Last edited by Tnis; 06-21-12 at 05:40 PM.
    06-21-12 05:38 PM
  15. Pete6's Avatar
    If I'm using public wifi, would that mean BIS is disabled and all Internet and BBM traffic are now routed through the public wifi connection? I'm also concerned about security related to emails/bbm messages pushed to my Bold while I'm connected through a public wifi network.
    BIS is active even over WiFi. You still have the TES encryption.
    06-21-12 05:46 PM
  16. GeoK's Avatar
    06-21-12 05:59 PM
  17. ridemaster's Avatar
    PGP is a third party security/encryption software that can be installed on your blackberry for emails on phone/transmission encryption. it will typically be installed and many features on the phone will be disabled, for max protection.

    PGP will need to be installed on all the phones that want to see the emails.

    PGP --- pretty good protection

    Government uses systems like PGP
    as does Barack Obama


    google it
    Last edited by ridemaster; 06-21-12 at 06:50 PM.
    melander likes this.
    06-21-12 06:23 PM
  18. ridemaster's Avatar
    someone else was mentioning the app scam and they are totally correct. which is why i have few apps installed and always deny permissions. how dare they try and take from my bb.

    and ppl wonder why there pics/info are randomly popping up on the internet with no rhyme or reason.
    06-21-12 06:27 PM
  19. hornlovah's Avatar
    Not sure what was going on with the Indian government, but here are the facts: The encryption key for BIS BBMs is present on every BlackBerry phone. If your service provider receives a wiretap order for you data, or if some skilled adversary is able to capture and manipulate your BBM data packets, they will be able to read and archive the contents of your BBMs.
    06-21-12 06:39 PM
  20. T
    ^With BES, the keys are on your organization's BES.
    06-21-12 06:45 PM
  21. T
    Encryption is for security... compression isn't
    There may be some incidental security-by-obscurity benefit to compression. I was reading on one of the sites where a forensic expert was trying to extract data directly from a BlackBerry's hardware. He was running into complications, because of RIM's proprietary compression of the handset's data. So, even if compression wasn't designed intended to be a security feature, it may still help with making a BlackBerry more secure.

    ... and ppl wonder why there pics/info are randomly popping up on the internet with no rhyme or reason.
    Yes, interesting all the pictures that are showing up on Google Image searches. It's hard to believe some of them were intended to be "shared" with the world by their owners.
    06-21-12 06:54 PM
  22. ridemaster's Avatar
    your so smart...

    obviously i am referring to the ones that were not intended to make it on the free google market.
    06-21-12 06:59 PM
  23. T
    Ah, I'm not so smart. Just a bit paranoid.
    06-21-12 07:01 PM
  24. ridemaster's Avatar
    i think rimm should actually set some standard for the bb devices to disable any unwanted theft of info / pics by apps.. given that some apps disable or reduce the usability of the app when permissions are denied.
    06-21-12 07:07 PM
  25. T
    i think rimm should actually set some standard for the bb devices to disable any unwanted theft of info / pics by apps.. given that some apps disable or reduce the usability of the app when permissions are denied.
    Sure. I would call those RIM apps. for example, I'm sure the RIM version of AIM doesn't steal your pics. Now AOL's version ... not so sure, lol.
    06-21-12 07:16 PM
32 12
LINK TO POST COPIED TO CLIPBOARD