1. bbschorsch's Avatar
    Ok most of you guys have heard about the iphone hack and the security issues the press raised again after this.

    So where are the problems? What's different between iOS and BB10?
    Does it really mean this cant happen to any BB10 user?
    What do BB10 user have to take away form this if they want to say this cant happen to us


    1. So where are the problems? What's different between iOS and BB10?

    As many of you know iOS offers their users a variety of services. For example "Find my iPhone" or the much appreciated "iCloud".
    BlackBerry users only have their BlackBerry ID which is pretty similar to Apple's "apple ID" it consists of an email address and a user choose password.
    Here the problem starts, since you are using an email address you are using for probably most of your communication its easy to guess whats your apple or BlackBerry ID. Second problem comes with the password: research showed that most people use simple passwords because its easier to remember them. And there comes the second problem : People are lazy therefor they tend to have the same password for many different accounts
    For any Hacker this makes it really easy - if you have the email you have half of it : if you have the password - katching your done

    So the problem with apple is that it offers a unique thing that should make it easier for user : store all you data in the iCloud.
    OK so whats ALL DATA???
    you can only store you photos and videos or you decide to store everything, and everything means even the backup.
    Storing the backup is cool - it sents it over while you are sleeping and the phone is on the wifi so you don't have to connect it to a pc to back it up - its just extremely convenient.

    But the problem is who has access to it?

    Just several month ago the main german television ARD had a documentary where they tried to hack one of their reporters - via the iphone.
    They idea was pretty basic :
    1. get the email address he uses
    2. get the password (here the used a spam mail)
    3. download the backup of the iphone to a new iphone
    4. since it was iphone 5s they needed a fingerprint ( they got it from a glass and made their own in 2h - I would go with brut-force attack on the 4 digit pin - much easier (you can find videos how to build a machine doing it for you))
    5. now the fun starts you have a copy of the iphone and can try everything

    So whats different to BlackBerry10?
    BB10 does not have that feature to back up your data with BB. Backups exist only on your PC.
    But there still is the problem with the password and the BB ID.
    for those users who still remember the feature OS7 offered you know you could back up some of your data with BlackBerry.
    And surprise surprise - get an empty BB10 device and connect it to you BB ID - it will give you a one time feature : migrate your data from BBProtect.
    So here you go - this is not a one time feature; it shows up again and again so you could actually download these data several times, including your phonebook and wifi passwords.
    they are also only protected by you email and password.

    Does it really mean this cant happen to any BB10 user?
    Basically this answer is a yes and no.
    There is no BB ID that lets you store data like photos to a iCloud like BB service but if you are using Dropbox or Box or any similar service and allowed that to back up all your photos to the cloud, then you are probably facing similar problems.
    Anyone having your ID and the password can access it from anywhere.

    What do BB10 user have to take away form this if they want to say this cant happen to us
    Don't trust cloud online storage. What ever you put into the cloud can be accessed by anyone having your email plus password.
    Password:
    choose a alphanumeric password and change it at least once a year better every 6 or 3 month.
    Do use different Passwords for each service!

    Ok I know this is pretty hard to keep up with since we are all using so many services. But take a Sunday and sit down with your BlackBerry and get PasswordKeeper from BlackBerryWorld. ( Password Keeper - BlackBerry World)

    Set it up properly !
    - length to 16
    - include letters
    - include numbers
    - include symbols


    ok there you go let BB PasswordKeeper take care of your passwords!

    Ah and for our beloved Mac users: don't give your main password to anyone.
    As soon as I have it there is an option to see all your passwords stored on a Mac.
    Last edited by bbschorsch; 09-03-14 at 10:49 PM.
    09-03-14 10:23 PM
  2. allisos's Avatar
    This does not mention that a brute force attack doesn't work against a system that limits incorrect logins.

    Why does everyone overlook this epic fail by apple?

    Posted via CB10
    spikesolie likes this.
    09-03-14 10:26 PM
  3. bbschorsch's Avatar
    you are right that Apple failed here.
    but I am not sure how many times you can try to log into your BlackBerry ID with the wrong password.

    But I think BB has a device advantage, you can only give it 10 tries.
    on iOS you can break into the device using brute force. . .

    Ah and who many other systems prevent hackers from using brute force on passwords?
    Like i said the problem is that you most of the time only need one system that allows it since the users will use the same password everywhere
    09-03-14 10:45 PM
  4. f0xG3's Avatar
    I agree, why Apple allows multiple attempts? Perhaps their way of saying "Hey, let this ***** user try and try until s/he remembers the password!" matches perfectly with iOS/Mac with their philosophy that all users are idiots.

    Why not simply say "Hey, it seems you tried enough, can we help you with that?"

    Q10 | Q10SQN100-3/10.3.0.1130 | Globe PH
    09-03-14 10:48 PM
  5. howarmat's Avatar
    you are right that Apple failed here.
    but I am not sure how many times you can try to log into your BlackBerry ID with the wrong password.

    But I think BB has a device advantage, you can only give it 10 tries.
    on iOS you can break into the device using brute force. . .

    Ah and who many other systems prevent hackers from using brute force on passwords?
    Like i said the problem is that you most of the time only need one system that allows it since the users will use the same password everywhere
    actually for iOS devices you can set it to wipe after 10 tries as well
    techvisor likes this.
    09-03-14 10:52 PM
  6. bbschorsch's Avatar
    actually for iOS devices you can set it to wipe after 10 tries as well
    you are right just discovered it myself ^^

    But anyway who needs ten attempts :P give me some time with you and I only need one
    09-03-14 11:00 PM
  7. MmmHmm's Avatar
    Good post. If you use the same password on multiple services, then you are only as secure as your least secure service. Also, simple passwords are easier to figure out especially through brute force, which might be used in an attack on one of your other, less secure services. As the OP noted, a hacker really only needs your password, as the user ID is easy to figure out if it is based on your email. These are huge problems for security.

    A good password manager is really important to make it much more convenient to avoid these password mistakes - and the password manager should be protected by two factor authorization so that the manager itself has some additional protection. By far, the hardest things to prevent in security are bad user habits.

    That said, a large, well funded service like iCloud should not be open to simple brute force attacks, and Apple is rightfully criticized if it allowed such an attack by not limiting the number of tries.

    I don't think Apple's mistake will harm Apple or help BlackBerry to anywhere near the extent that some people on CrackBerry think though. Apple has a ton of goodwill with customers through years of making quality products with the best customer service most have ever experienced with an electronics company, and very good marketing. BlackBerry's problem is that it does a few things well, like security, but is terrible at other very visible and important things, like customer service, marketing, and ability to create an ecosystem. Therefore, unlike Apple, BlackBerry does not get the benefit of a positive halo and its faults are not as easily overlooked by consumers. I know a lot of people throw around words like "sheep" and "media manipulation" as excuses for why the public is so forgiving of Apple's mistakes here and there, without any consideration of the things that Apple does so much better than BlackBerry. BlackBerry offers great security but it is lacking in many other important areas that affect the public perception of it.

    After so many years with vulnerability on people's PCs and phones, I think the public has developed some level of risk tolerance with the possibility of being hacked. What matters is that people have the perception and trust that a company will patch the security hole and push the patch out to users quickly.
    09-04-14 02:22 AM
  8. ozdezignr's Avatar
    At the moment the assumption is a brute force attack and the assumption is that the hackers not only got all the celebrities email addresses even when most people have more than one, but also used all those emails to do the hack. So it is everyone else's fault they got in cause they had easy passwords. Nice spin.

    Z30 144GB
    deremi, spikesolie and D.Sandman like this.
    09-04-14 05:21 AM
  9. sentimentGX4's Avatar
    The media focus is on iCloud; but, the photos actually came from a variety of different sources. The entire pinning of Apple is merely for the sake of headlines.

    Blackberry can protect your smartphone data at best; but, smartphones are actually only a part of your digital life. You must also protect your computers and be wary of cloud services. For this reason, Blackberry may not receive a huge boost from the incident.
    09-04-14 05:48 AM
  10. ozdezignr's Avatar
    The media focus is on iCloud; but, the photos actually came from a variety of different sources. The entire pinning of Apple is merely for the sake of headlines.

    Blackberry can protect your smartphone data at best; but, smartphones are actually only a part of your digital life. You must also protect your computers and be wary of cloud services. For this reason, Blackberry may not receive a huge boost from the incident.
    Do you have a link to the news about which other cloud services got hacked?

    Z30 144GB
    09-04-14 07:24 AM
  11. notafanboy's Avatar
    At the moment the assumption is a brute force attack and the assumption is that the hackers not only got all the celebrities email addresses even when most people have more than one, but also used all those emails to do the hack. So it is everyone else's fault they got in cause they had easy passwords. Nice spin.

    Z30 144GB
    I'm sure the celebrities were holding their phone wrong as well.

    Posted via CB10
    09-04-14 09:15 AM
  12. Cozz4ever's Avatar
    actually for iOS devices you can set it to wipe after 10 tries as well
    The trick is to wipe before the 10th time via iTunes. The phone will show partial email address when setting it from scratch. You'll have unlimited amount of times to crack the password. Then restore from icloud. The new user will have full access to everything.

    Posted via CB10
    spikesolie likes this.
    09-04-14 02:33 PM
  13. spikesolie's Avatar
    The trick is to wipe before the 10th time via iTunes. The phone will show partial email address when setting it from scratch. You'll have unlimited amount of times to crack the password. Then restore from icloud. The new user will have full access to everything.

    Posted via CB10
    are you serious?

    Posted from zee flicking coolest smartphone evah!
    09-04-14 02:43 PM
  14. MB64's Avatar
    Going back to the topic of how many attempts you have for password, a while back I had posted a question that before you ha d the option to minimize the attempts from 10 to 5 and I think 3. That was on the OS7 I believe. The feature is not available on the OS 10? I was looking for it the other day and did t find it.

    Posted via CB10 with my z30
    09-04-14 02:48 PM
  15. Cozz4ever's Avatar
    are you serious?

    Posted from zee flicking coolest smartphone evah!
    Yes I am. Go to any iphone that's been backed up to icloud. Do a clean wipe and reinstall via itunes. Only the original email will activate it. It will show partial email as a hint. If you know the full email then you have time to get the right password and restore from there.

    Posted via CB10
    09-04-14 07:03 PM
  16. tchocky77's Avatar
    Yes I am. Go to any iphone that's been backed up to icloud. Do a clean wipe and reinstall via itunes. Only the original email will activate it. It will show partial email as a hint. If you know the full email then you have time to get the right password and restore from there.

    Posted via CB10
    This hasn't been fixed?

    It sounds like your missing a step. I've done this. Are you accounting for having two-factor authentication switched on?

    Posted via the CrackBerry App for Android
    techvisor likes this.
    09-04-14 09:25 PM

Similar Threads

  1. Why is BlackBerry always behind launching new devices?
    By elhot69 in forum General BlackBerry Discussion
    Replies: 95
    Last Post: 09-10-14, 08:32 PM
  2. Snap will only load the first page of apps...
    By ChrisBB2011 in forum Android Apps (Amazon Store & APK Files)
    Replies: 6
    Last Post: 09-06-14, 12:49 PM
  3. Replies: 10
    Last Post: 09-04-14, 11:10 AM
  4. On Tour with the Z30
    By randy050 in forum BlackBerry Z30
    Replies: 1
    Last Post: 09-03-14, 09:45 PM
  5. Google Talk and Google for Business accounts
    By alexkinsella in forum Ask a Question
    Replies: 1
    Last Post: 09-03-14, 08:45 PM
LINK TO POST COPIED TO CLIPBOARD