While Blackberry introduced that it changed into bringing an Android-primarily based device to marketplace, it promised that it may do so with out compromising its own recognition for protection.
the day past, the employer shared a number of the modifications it made to Google’s Android OS, and how the ones modifications impact the approaching Blackberry Priv.
the primary aspect to understand is just how basically insecure Android virtually is. Repeated research have proven that the overpowering majority of Android devices in the marketplace these days are critically insecure.
A latest look at from the university of Cambridge found that the common Android tool gets just 1.26 software program updates in line with yr. This turned into earlier than Stagefright, which impacts up to 95% of Android phones.
here’s how Blackberry goes to fasten down the Priv (and presumably destiny gadgets):
First, all hardware is cryptographically signed and tested. The CPU has an embedded boot ROM that verifies the virtual signature of the boot ROM, which then verifies the OS signing key.
The OS verifies the report system and the document gadget verifies the hashes of all loaded programs. given that Blackberry devices are built on ARM processors, we will assume that the organization makes use of ARM’s TrustZone technology. A diagram of the verification manner is shown beneath:
Blackberry is also promising that its picture logins will be more secure than traditional methods. I’m dubious on that, especially since the government might be able to compel you to offer your head for a login photo (they can already compel you to give up fingerprints). Blackberry’s next point is that it supports a variety of communication services that are built on offering high levels of security, including WatchDox private file sharing, various BBM services, and SecurSuite for private voice calls. Blackberry also claims that none of its software is backdoored and all use cryptography schemes that have been certified by BlackBerry Certicom. Whether or not those services actually provide the security they claim to offer is an entirely different question. Claiming to offer cryptography is easy, actually certifying that code is bug-free is extremely difficult. Other features of the OS include “a hardened Linux kernel with numerous patches and configuration changes to improve security,” full disk encryption enabled by default, and full support for BES12, Blackberry’s enterprise security platform.
As for user privacy, Blackberry is claiming that its version of Android contains “privacy monitoring hooks deep within Android that provide users with powerful feedback and control over how applications make use of security-critical device resources. This includes the exclusive DTEK™ by BlackBerry warning system app, as well as other features. Privacy health is communicated in a simple and elegant manner, resulting in confidence instead of complexity.”
Screenshots of Dtek in action are shown below:
at the surface, Dtek looks as if a simple privateness tracking software that offers the person an at-a-glance precis of device privateness and safety settings. There’s nothing wrong with that, to make sure, but Blackberry’s weblog posts tips at additional functionality and according to-software tracking. This form of flexibility and oversight will be a game-changer for the privateness conscious — other gadgets have attempted to offer deep security protections inside Android, however Blackberry (still) has lots deeper wallet than the likes of Blackphone. for the reason that Google’s complete approach of getting cash with Android relies on being able to display devices and collect consumer statistics, but, we’ll must be patient if the privateness protections mentioned right here are sizeable or snake oil.
If there’s motive to be optimistic, it’s this: Blackberry’s CEO has already admitted that if the Priv doesn’t sell well, the organization will probable exit the hardware enterprise. businesses that buy merchandise especially for security capabilities don’t generally tend to offer 2nd possibilities, and the Canadian phone producer is out of wiggle room. under those circumstances, Blackberry goes to be exquisitely aware that they have got to get this proper the first time.
Post a Comment