04-12-15 03:41 PM
83 ... 234
tools
  1. Dougie011's Avatar
    Can you show which settings control that?
    Note that there are 3 possible states :
    1. always send as sms
    2. never send sms
    3. prefer iMessage and fallback to sms if no data connection

    How to set #1?

    Posted via CB10
    If you turn off iMessage, it will only send as sms.
    04-12-15 09:26 AM
  2. vrud's Avatar
    If you turn off iMessage, it will only send as sms.
    Sorry, I meant how to send iMessage only and never sms.

    Posted via CB10
    04-12-15 09:42 AM
  3. miss gold gibson's Avatar
    This s vry interesting


    Posted via CB10
    04-12-15 10:29 AM
  4. LazyEvul's Avatar
    Can you show which settings control that?
    Note that there are 3 possible states :
    1. always send as sms
    2. never send sms
    3. prefer iMessage and fallback to sms if no data connection

    How to set #2?

    Posted via CB10
    BlackBerry Messenger helps uncover a Brazilian corruption scandal-ask-20131018-1a.jpg

    Just turn off "Send as SMS." But like I said, this won't apply when messaging non-Apple devices, or Apple devices with iMessage disabled - it will have no choice but to use SMS in that case, naturally.

    Oh, that's good marketing, really. Anyways, do you feel that the WhatsApp company was interested in providing security for their chats if they were using a simplistic encryption first and then their chats were easily accessible to games installed on your android and then were forced to partner with some 3rd parties? If there is a breach then who is responsible - WhatsApp, the user who installed the game or the 3rd party that provides encryption? Check history of hacks for WhatsApp and BBM or another chat messaging service in order to understand what to expect from them.

    Posted via CB10
    The third-party, Open Whisper Systems, is responsible for providing and implementing the TextSecure encryption protocol. They have a very good track record. An independent security audit was conducted in November and it found just a single attack vector which, so far as I can understand, has since been patched.

    And yes, considering WhatsApp's past, it is in their best business interests to get rid of security issues. One less thing for people to complain about hardly seems like a bad business move, and a well-implemented end-to-end encryption solution is a huge advantage over competitors - it's a much better implementation than iMessage, and it uses similar methods to BBM Protected without charging users a subscription fee.
    04-12-15 10:50 AM
  5. vrud's Avatar
    Just turn off "Send as SMS."
    According to user experiences that setting maps to #3 above - prefer iMessage but can send SMS on occasion.

    The third-party, Open Whisper Systems, is responsible for providing and implementing the TextSecure encryption protocol. They have a very good track record. An independent security audit was conducted in November and it found just a single attack vector which, so far as I can understand, has since been patched.
    Sounds promising.
    But it's only a single link in the security chain. Regardless of mathematical complexity of encryption protocol, developer negligence such as sending unencrypted SMS in iPhone or WhatsApp opening chats to games will render the whole security to none. That's why I suggest doing your own diligence by at least looking at history of incidents. Marketing materials are for lazy mostly and don't apply when the question of security comes up.

    without charging users a subscription fee.
    There's no such thing as a free lunch in this world. Sorry if this is news to anyone.
    * iMessage works on specific overpriced hardware only
    * WhatsApp charges subscription fee
    * BBM shows ads (which I'm yet to see on my Z10 but folks on android say it's more prominent)
    * BBM Pro charges subscription fee
    Superdupont 2_0 likes this.
    04-12-15 11:26 AM
  6. LazyEvul's Avatar
    According to user experiences that setting maps to #3 above - prefer iMessage but can send SMS on occasion.
    Then that is an issue that should be addressed, I suppose. Don't use iMessage much personally so I always just assumed that setting was self-explanatory. I stand corrected.

    Sounds promising.
    But it's only a single link in the security chain. Regardless of mathematical complexity of encryption protocol, developer negligence such as sending unencrypted SMS in iPhone or WhatsApp opening chats to games will render the whole security to none. That's why I suggest doing your own diligence by at least looking at history of incidents. Marketing materials are for lazy mostly and don't apply when the question of security comes up.
    I always do my own due diligence. The entire TextSecure source code is available on GitHub, including a vast array of bug reports and their respective fixes. And that security audit was not published by Open Whisper Systems, it was conducted and published by a third-party. You can find the entire thing here. It is not a "marketing material." They just responded by acknowledging and addressing the exploit that was found.

    As for that WhatsApp bug, even assuming that it is still around (which is doubtful, since it has been nearly a year and a half since it was discovered), the TextSecure protocol encrypts messages when they are stored locally as well - so anyone taking advantage of the exploit would just steal a bunch of encrypted gibberish.

    There's no such thing as a free lunch in this world. Sorry if this is news to anyone.
    * iMessage works on specific overpriced hardware only
    * WhatsApp charges subscription fee
    * BBM shows ads (which I'm yet to see on my Z10 but folks on android say it's more prominent)
    * BBM Pro charges subscription fee
    You're technically correct about WhatsApp, as they are supposed to charge $1/year in subscription fees. I was just going off of the few people I know who use it, who have yet to pay any fees - I have no idea if this is a glitch or on purpose. But if we assume that all users are paying the $1/year as they should, that's still a lot less than BBM Protected ($33.50/yr in Canada), which offers a similar level of security. You're really just paying for FIPS 140-2 certification, as well as logging and auditing capabilities - both of which are irrelevant to consumers.
    04-12-15 12:00 PM
  7. vrud's Avatar
    You push for WhatsApp so hard that I had to try it myself

    I installed it from app world, chatted and backed up my messages.
    WhatsApp said that it'll backup automatically at 4:00AM.
    It created a file in misc/whatsapp/backup folder shared to any other apps.
    The file extension was .crypt which I assume it's encrypted.
    Next I uninstalled WhatsApp in order to clean up any encryption keys.
    Reinstalled it back from app world.
    The reinstalled application asked if I want to restore my messages from backup.
    I was a little surprised how it could do that if all the keys were presumably wiped out.
    So I agreed to the offer.
    After I reinstalled it, all my chats were decrypted by WhatsApp without me providing any password or anything
    I asked a buddy to install WhatsApp and sent him my encrypted file.
    Fortunately the file couldn't be imported on another device.

    This led me to believe that WA encrypts with device PIN or something.
    When I first installed it, I rejected the permission to access my device information and WhatsApp insisted that the permission must be granted.
    I didn't wipe my device to confirm device PIN binding but maybe will do some time in the future.

    So far, I believe saved whatsapp messages can be decrypted by:
    1. New owner of my phone even after factory reset
    2. WhatsApp employees who know the master key
    3. BlackBerry employees who can simulate device PIN

    I would say it's less secure than pure BBM (not Pro) as the access is broadened to 1st and 2nd groups.
    And if the pricing you provided is correct then WhatsApp is more expensive than BBM (not Pro) and less secure.

    I hope you included these findings in your DD analysis.
    MarsupilamiX likes this.
    04-12-15 03:02 PM
  8. LazyEvul's Avatar
    You push for WhatsApp so hard that I had to try it myself

    I installed it from app world, chatted and backed up my messages.
    WhatsApp said that it'll backup automatically at 4:00AM.
    It created a file in misc/whatsapp/backup folder shared to any other apps.
    The file extension was .crypt which I assume it's encrypted.
    Next I uninstalled WhatsApp in order to clean up any encryption keys.
    Reinstalled it back from app world.
    The reinstalled application asked if I want to restore my messages from backup.
    I was a little surprised how it could do that if all the keys were presumably wiped out.
    So I agreed to the offer.
    After I reinstalled it, all my chats were decrypted by WhatsApp without me providing any password or anything
    I asked a buddy to install WhatsApp and sent him my encrypted file.
    Fortunately the file couldn't be imported on another device.

    This led me to believe that WA encrypts with device PIN or something.
    When I first installed it, I rejected the permission to access my device information and WhatsApp insisted that the permission must be granted.
    I didn't wipe my device to confirm device PIN binding but maybe will do some time in the future.

    So far, I believe saved whatsapp messages can be decrypted by:
    1. New owner of my phone even after factory reset
    2. WhatsApp employees who know the master key
    3. BlackBerry employees who can simulate device PIN

    I would say it's less secure than pure BBM (not Pro) as the access is broadened to 1st and 2nd groups.
    And if the pricing you provided is correct then WhatsApp is more expensive than BBM (not Pro) and less secure.

    I hope you included these findings in your DD analysis.
    I'm not really pushing for WhatsApp, heck I don't even use it myself, but end-to-end encryption is a huge feature, credit where credit is due. If anything, I'm pushing for the TextSecure/Signal app from which the encryption comes from, as the source code for those is available for auditing in its entirety - including all functions of the app, not just the encryption of text messages.

    Having said that, one possibility is that the BlackBerry 10 WhatsApp client hasn't been updated to implement end-to-end yet. The way the TextSecure app deals with backups, it asks for a passphrase to use for encryption. But on launch, end-to-end was only available for the Android version of WhatsApp, and knowing how far behind BlackBerry usually is with app updates, we could still be missing that functionality.

    It's also possible that backups are still on a legacy system, maybe for convenience or maybe because the system from TextSecure hasn't been implemented yet. The app could decrypt your messages, then transfer them to a backup file (which is tied to your phone number, not PIN, by the way). The crypt format for WhatsApp backups was around before end-to-end was implemented, and is quite easily cracked judging by a quick Google. That would make the backups quite vulnerable, and not something I'd advise using if your messages require privacy - although you could mitigate some of the risk by placing it on an encrypted storage device. The TextSecure app has a much more robust backup system from the start, however.

    Posted via CB10
    04-12-15 03:41 PM
83 ... 234

Similar Threads

  1. WTS: BlackBerry Chargers & Mini USB Cables
    By crazigee in forum The Marketplace - Buy, Sell & Trade
    Replies: 4
    Last Post: 04-06-15, 05:12 PM
  2. I'm having trouble installing the dater app. Can anyone help?
    By Charliefreak_112 in forum BlackBerry Q5
    Replies: 1
    Last Post: 04-06-15, 04:42 PM
  3. How can I remove Blackberry Link from my device?
    By CrackBerry Question in forum BlackBerry Link
    Replies: 1
    Last Post: 04-06-15, 04:18 PM
  4. WTS: BlackBerry Curve 8830 Cases
    By crazigee in forum The Marketplace - Buy, Sell & Trade
    Replies: 1
    Last Post: 04-06-15, 04:17 PM
  5. BlackBerry offers up a quick look at apps on the BlackBerry Leap
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 04-06-15, 03:22 PM
LINK TO POST COPIED TO CLIPBOARD