 |  BerryReviewBlackBerry News and Reviews You Can Use! http://www.berryreview.com рекомендовать друзьям >> |
- BlackHat Session on BlackBerry 10 Security a Total "Un-amusing" FLOP
I have to say I am highly surprised that BlackHat offered Ralf-Phillip Weinmann of the University of Luxenbourg a chance to speak on BlackBerry 10 security during the conference. This is the same conference where researchers showed how to compromise the latest Apple iOS (even the iOS 7 beta) devices through a malicious USB cable and mount trojans or other spy tools. Weinmann on the other hand had very little of interest to share during his presentation. He proceeded to state the obvious by saying that the BlackBerry 10 security model "fundamentally hinges on privilege-escalation exploits not to be available." The irony of that statement is that most secure devices hinge on that same exact model.
Weinmann promised to analyze the "attack surface of BBOS 10" and consider ways to escalate privileges locally and routes for remote entry including persistence on the device. He did a great job of highlighting theoretical issues if the devices are possibly exploited but other than that he came up short. His biggest "discovery" was that BlackBerry offers an optional diagnostics application in BlackBerry OS 10, QUIP, that users have to manually enable under Settings->Privacy & Security. That tool has the ability to collect data like screen captures, raw memory dumps, audio, and video and forward it to BlackBerry if an issue arises. He claims he "was not amused" by this though it is clearly disabled by default on ALL BlackBerry 10 devices.
BlackBerry's Adrian Stone replied (via threatpost) that:
"All of it is clearly enumerated to the user. QUIP is off by default," said Adrian Stone, head of security response at BlackBerry. "It's a diagnostic tool. Users can turn it on if they want to. I wouldn't expect that to be a large number. For us it was a clear choice. We wanted to have that diagnostic capability but we also wanted to respect users' privacy."
Weinmann really had a pretty lame duck presentation to offer at BlackHat. On the other hand he did confirm that ASLR, DEP, and stack cookies are baked into BlackBerry 10. His other main issue that he claims on BlackBerry 10 is that any user can "copy binaries to the device and execute them." In other words apps can be sideloaded…
I was expecting more from a BlackHat session… Just compare this session to the one covering how a majority of Android devices in the world are vulnerable to applications that can be modified with malicious code yet still pretend to be the genuine thing with legitimate signatures.
Kudos to Threatpost for the details
Posted by Ronen Halevy for ©BerryReview | BlackHat Session on BlackBerry 10 Security a Total "Un-amusing" FLOP
Переслать - Fixmo Teams Up With BlackBerry to Bring Their Sentinel App for the US Government
Fixmo Sentinel is an interesting product that resulted from a R&D agreement with the NSA built on a product (AutoBerry) developed originally for the DoD. It allows the government to ensure the integrity of the devices on their network and check if they have been tampered with. There is quite a bit of irony in the NSA developing such a product due to recent news but still the idea is to make sure that devices start and remain in a "trusted state." Now Fixmo and BlackBerry are bringing that integrated functionality to BlackBerry 10 federal customers through an integrated app. That should help them funnel more BlackBerry 10 devices into the federal government. The irony is that Fixmo is one of BlackBerry's biggest competitors in the MDM space against BES 10.
Check out the details below:
Fixmo and BlackBerry Collaborate to Bring Fully Integrated Solution for Government and Enterprise Customers on BlackBerry 10
STERLING, Va. & WATERLOO, Ontario–(BUSINESS WIRE)–
Fixmo, a leading provider of mobile security and risk management solutions, and BlackBerry® (NASDAQ: BBRY; TSX: BB) today announced plans to bring the Fixmo Sentinel device integrity verification and tamper detection solution to the BlackBerry® 10 platform. Fixmo Sentinel is used today throughout the U.S. Federal Government to meet the Security Technical Implementation Guidelines (STIGs) for mobile device deployments. Today's announcement expands on a collaborative effort between Fixmo and BlackBerry that began in 2009.
Developed under a Co-operative Research and Development Agreement with the U.S. National Security Agency, Fixmo Sentinel helps IT organizations ensure mobile devices start, and remain, in a known trusted state and within corporate compliance. Fixmo will offer a fully integrated version of Fixmo Sentinel for BlackBerry 10 smartphones that will enable Government agencies and Enterprise customers to track and audit all system-level and application-level modules residing on each smartphone. Enterprises and government customers will be able to proactively detect the installation of unverified or disallowed third party software and undesired changes to software configurations or settings, as well as attempts at malicious tampering or rooting of the operating system.
"BlackBerry 10 continues to be well received by government agencies and large enterprises looking to embrace the next wave of mobility in the workplace without compromising security or regulatory compliance," said Scott Totzke, Senior Vice President, BlackBerry Security Group at BlackBerry. "Our collaboration with Fixmo is another important step in providing our government, DoD, and enterprise customers with the tools they need to meet stringent security and compliance requirements as they expand their use of mobile technologies and applications."
Through a collaborative development project, Fixmo and BlackBerry are working to ensure that Fixmo Sentinel for BlackBerry 10 meets the evolving DoD STIG and Security Requirements Guide (SRG) specifications for mobile device management developed by the U.S. Defense Information Systems Agency (DISA). The development project builds on the existing relationship between the two companies that began in 2009 as a collaborative effort to bring the NSA-developed AutoBerry technology to BlackBerry® 7 smartphones across the U.S. Department of Defense (DoD).
"BlackBerry is a critical platform for our government and enterprise customers, and we're seeing wide-spread demand for Fixmo Sentinel on BlackBerry 10 smartphones," said Bruce Gilley, President of Fixmo U.S. "We're thrilled to be partnering with BlackBerry to deliver a tightly integrated version of Fixmo Sentinel that will enable our mutual customers to maximize their use of BlackBerry 10 smartphones while mitigating security and compliance risks."
Fixmo Sentinel for BlackBerry 10 will be available to U.S. Government agencies as part of an exclusive Technology Preview program later this year. To learn more about Fixmo Sentinel, and to register for updates on availability for BlackBerry 10, please visit http://fixmo.com/products/sentinel.
Posted by Ronen Halevy for ©BerryReview | Fixmo Teams Up With BlackBerry to Bring Their Sentinel App for the US Government
Переслать - Foursquare for BlackBerry 10 Updated with "Lots of Bug Fixes"
You have to love when a developer lists "Lots of Bug Fixes" as their first item in a change log. Foursquare has pushed out v10.2.0.235 of their BlackBerry 10 app promising just those bug fixes along with some UI tweaks. Not a bad idea to upgrade then…
You can find the latest version of Foursquare for BlackBerry 10 free in BlackBerry World
Posted by Ronen Halevy for ©BerryReview | Foursquare for BlackBerry 10 Updated with "Lots of Bug Fixes"
Переслать - More Screenshots of BBM for Android
It seems like BBM for Android is starting to leak out. We now have more images of the app running courtesy of BBOS. Looks like it fits nicely with the layout of Android ICS but check it out for yourself.
Posted by Ronen Halevy for ©BerryReview | More Screenshots of BBM for Android
Переслать - BBM for Android Hits Beta Zone for Select Users – Splash Screen Caught on Camera
We are still hearing about an end of summer release of BBM for Android and iOS but we have not heard much new in awhile. Now it looks like BlackBerry is testing out BBM for Android in their Beta Zone for a select number of users. No word on what the criteria is but hopefully we will learn more soon! Kudos to BBOS for spotting the invites. The only requirements set so far is that BBM for Android requires OS 4.0 Ice Cream Sandwich or iOS 6. BGR also managed to snag this screen below showing the splash screen for BBM for Android on a Galaxy S3. They are hearing that the software "isn't bad" whatever that means and its nice to see it using a BlackBerry ID.
Posted by Ronen Halevy for ©BerryReview | BBM for Android Hits Beta Zone for Select Users – Splash Screen Caught on Camera
Переслать
| rss2email.ru |
| rss2email.ru | отписаться: http://www.rss2email.ru/unsubscribe.asp?c=183550&u=1491427&r=834356991 управление подпиской: http://www.rss2email.ru/manage.asp партнерская программа: http://partner.rss2email.ru/?pid=1 |
No comments:
Post a Comment