Tag Archives: Blackberry

BlackBerry Phone Cracked

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/08/blackberry_phon.html

Australia is reporting that a BlackBerry device has been cracked after five years:

An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state’s longest-running drug importation investigations.

In April, new technology “capabilities” allowed authorities to probe the encrypted device….

No details about those capabilities.

State of MAC address randomization

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/09/state-of-mac-address-randomization.html

tldr: I went to DragonCon, a conference of 85,000 people, so sniff WiFi packets and test how many phones now uses MAC address randomization. Almost all iPhones nowadays do, but it seems only a third of Android phones do.

Ten years ago at BlackHat, we presented the “data seepage” problem, how the broadcasts from your devices allow you to be tracked. Among the things we highlighted was how WiFi probes looking to connect to access-points expose the unique hardware address burned into the phone, the MAC address. This hardware address is unique to your phone, shared by no other device in the world. Evildoers, such as the NSA or GRU, could install passive listening devices in airports and train-stations around the world in order to track your movements. This could be done with $25 devices sprinkled around a few thousand places — within the budget of not only a police state, but also the average hacker.

In 2014, with the release of iOS 8, Apple addressed this problem by randomizing the MAC address. Every time you restart your phone, it picks a new, random, hardware address for connecting to WiFi. This causes a few problems: every time you restart your iOS devices, your home network sees a completely new device, which can fill up your router’s connection table. Since that table usually has at least 100 entries, this shouldn’t be a problem for your home, but corporations and other owners of big networks saw their connection tables suddenly get big with iOS 8.

In 2015, Google added the feature to Android as well. However, even though most Android phones today support this feature in theory, it’s usually not enabled.

Recently, I went to DragonCon in order to test out how well this works. DragonCon is a huge sci-fi/fantasy conference in Atlanta in August, second to San Diego’s ComicCon in popularity. It’s spread across several neighboring hotels in the downtown area. A lot of the traffic funnels through the Marriot Marquis hotel, which has a large open area where, from above, you can see thousands of people at a time.

And, with a laptop, see their broadcast packets.

So I went up on a higher floor and setup my laptop in order to capture “probe” broadcasts coming from phones, in order to record the hardware MAC addresses. I’ve done this in years past, before address randomization, in order to record the popularity of iPhones. The first three bytes of an old-style, non-randomized address, identifies the manufacturer. This time, I should see a lot fewer manufacturer IDs, and mostly just random addresses instead.

I recorded 9,095 unique probes over a couple hours. I’m not sure exactly how long — my laptop would go to sleep occasionally because of lack of activity on the keyboard. I should probably setup a Raspberry Pi somewhere next year to get a more consistent result.

A quick summary of the results are:

The 9,000 devices were split almost evenly between Apple and Android. Almost all of the Apple devices randomized their addresses. About a third of the Android devices randomized. (This assumes Android only randomizes the final 3 bytes of the address, and that Apple randomizes all 6 bytes — my assumption may be wrong).

A table of the major results are below. A little explanation:

  • The first item in the table is the number of phones that randomized the full 6 bytes of the MAC address. I’m guessing these are either mostly or all Apple iOS devices. They are nearly half of the total, or 4498 out of 9095 unique probes.
  • The second number is those that randomized the final 3 bytes of the MAC address, but left the first three bytes identifying themselves as Android devices. I’m guessing this represents all the Android devices that randomize. My guesses may be wrong, maybe some Androids randomize the full 6 bytes, which would get them counted in the first number.
  • The following numbers are phones from major Android manufacturers like Motorola, LG, HTC, Huawei, OnePlus, ZTE. Remember: the first 3 bytes of an un-randomized address identifies who made it. There are roughly 2500 of these devices.
  • There is a count for 309 Apple devices. These are either older iOS devices pre iOS 8, or which have turned off the feature (some corporations demand this), or which are actually MacBooks instead of phones.
  • The vendor of the access-points that Marriot uses is “Ruckus”. There have a lot of access-points in the hotel.
  • The “TCT mobile” entry is actually BlackBerry. Apparently, BlackBerry stopped making phones and instead just licenses the software/brand to other hardware makers. If you buy a BlackBerry from the phone store, it’s likely going to be a TCT phone instead.
  • I’m assuming the “Amazon” devices are Kindle ebooks.
  • Lastly, I’d like to point out the two records for “Ford”. I was capturing while walking out of the building, I think I got a few cars driving by.

(random)  4498
(Android)  1562
Samsung  646
Motorola  579
Murata  505
LG  412
Apple  309
HTC-phone  226
Huawei  66
Ruckus  60
OnePlus Tec  40
ZTE  23
TCT mobile  20
Amazon Tech  19
Nintendo  17
Intel  14
Microsoft  9
-hp-  8
BLU Product  8
Kyocera  8
AsusTek  6
Yulong Comp  6
Lite-On  4
Sony Mobile  4
Z-COM, INC.  4
ARRIS Group  2
AzureWave  2
Barnes&Nobl  2
Canon  2
Ford Motor  2
Foxconn  2
Google, Inc  2
Motorola (W  2
Sonos, Inc.  2
SparkLAN Co  2
Wi2Wi, Inc  2
Xiaomi Comm  2
Alps Electr  1
Askey  1
BlackBerry  1
Chi Mei Com  1
Clover Netw  1
CNet Techno  1
eSSys Co.,L  1
GoPro  1
InPro Comm  1
JJPlus Corp  1
Private  1
Quanta  1
Raspberry P  1
Roku, Inc.  1
Sonim Techn  1
Texas Instr  1
Vizio, Inc  1

Yacht Security

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/05/yacht_security.html

Turns out, multi-million dollar yachts are no more secure than anything else out there:

The ease with which ocean-going oligarchs or other billionaires can be hijacked on the high seas was revealed at a superyacht conference held in a private members club in central London this week.


Murray, a cybercrime expert at BlackBerry, was demonstrating how criminal gangs could exploit lax data security on superyachts to steal their owners’ financial information, private photos ­ and even force the yacht off course.

I’m sure it was a surprise to the yacht owners.

Let’s Encrypt will be trusted by Firefox 50

Post Syndicated from n8willis original http://lwn.net/Articles/696587/rss

The Let’s Encrypt project, which provides a free SSL/TLS certificate authority (CA), has announced that Mozilla has accepted the project’s root key into the Mozilla root program and will be trusted by default as of Firefox 50. This is a step forward from Let’s Encrypt’s earlier status. “In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root ‘vouches for’ the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible. However, our plan has always been to operate as an independently trusted CA. Having our root trusted directly by the Mozilla root program represents significant progress towards that independence.” The project has also applied for inclusion the CA trust roots maintained by Apple, Microsoft, Google, Oracle, and Blackberry. News on those programs is still pending.

Let’s Encrypt Root to be Trusted by Mozilla

Post Syndicated from Let's Encrypt - Free SSL/TLS Certificates original https://letsencrypt.org//2016/08/05/le-root-to-be-trusted-by-mozilla.html

The Let’s Encrypt root key (ISRG Root X1) will be trusted by default in Firefox 50, which is scheduled to ship in Q4 2016. Acceptance into the Mozilla root program is a major milestone as we aim to rely on our own root for trust and have greater independence as a certificate authority (CA).

Public CAs need their certificates to be trusted by browsers and devices. CAs that want to issue independently under their own root accomplish this by either buying an existing trusted root, or by creating a new root and working to get it trusted. Let’s Encrypt chose to go the second route.

Getting a new root trusted and propagated broadly can take 3-6 years. In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root “vouches for” the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible.

Chain of trust between Firefox and Let's Encrypt certificates.
Chain of Trust Between Firefox and Let’s Encrypt Certificates

However, our plan has always been to operate as an independently trusted CA. Having our root trusted directly by the Mozilla root program represents significant progress towards that independence.

We have also applied to the Microsoft, Apple, Google, Oracle and Blackberry root programs. We look forward to acceptance into these programs as well.

Let’s Encrypt depends on industry and community support. Please consider getting involved, and if your company or organization would like to sponsor Let’s Encrypt please email us at sponsor@letsencrypt.org.

BlackBerry’s Global Encryption Key

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/04/blackberrys_glo.html

Last week, there was a big news story about the BlackBerry encryption key. The news was that all BlackBerry devices share a global encryption key, and that the Canadian RCMP has a copy of it. Stupid design, certainly, but it’s not news. As the Register points out, this has been repeatedly reported on since 2010.

And note that this only holds for a individual users. If your organization uses a BlackBerry Enterprise Server (BES), you have your own unique key.

The Android Security 2015 Annual Report

Post Syndicated from corbet original http://lwn.net/Articles/684297/rss

Google has announced
the availability of the Android
security 2015 year in review [PDF]
. “Android’s open source model
has also allowed device manufacturers to introduce new security
capabilities. Samsung KNOX, for example, has taken advantage of unique
hardware capabilities to strengthen the root of trust on Samsung
devices. Samsung has also introduced new kernel monitoring capabilities on
their Android devices. Samsung is not unique in their contributions to the
Android ecosystem. Blackberry has worked to enhance the security of their
devices by enabling kernel hardening and other features in the Blackberry
PRIV. CopperheadOS has both introduced security improvements to their own
version of Android and made significant contributions to the Android Open
Source Project. These are just some of the various contributions made
possible through open sourcing that improved the Android ecosystem in

The New Era of Big Company Forks

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/02/08/android-linux-google.html

I was intrigued to
read Greg
Kroah-Hartman’s analysis of what’s gone wrong with the Android fork of
, and the discussion
that followed on lwn.net
. Like Greg, I am hopeful that the Android
platform has a future that will work closely with upstream developers.
I also have my own agenda: I believe Android/Linux is the closest thing
we have to a viable fully FaiF phone operating system platform to take on the
proprietary alternatives like the BlackBerry and the iPhone.

I believe Greg’s comments hint at a “new era” problem that
the FLOSS community hasn’t yet learned to solve. In the “old
days”, we had only big proprietary companies like Apple and
Microsoft that had little interest in ever touching copylefted software.
They didn’t want to make improvements and share them. Back then (and
today too) they prefer to consume all the permissively licensed Free
Software they can, and release/maintain proprietary forks for years.

I’m often critical of Google, but I must admit Google is (at least
sometimes) not afraid of dumping code on a regular basis to the
public, at least when it behooves them to do
it0. A
source-available Android/Linux helps Google, because Google executives
know the profit can be found in pushing proprietary user-space Android
application programs that link to Google’s advertising. They don’t want
to fight with Apple or Research in Motion to get their ads onto those
platforms; they’ll instead use Free Software to shift the underlying

So, in this case, the interests of software freedom align a bit with
Google’s for-profit motive. We want a fully FaiF phone operating
system, that also has a vibrant group of Free Software applications for
that operating system. While Google doesn’t care a bit about Free
Software applications on the phone, they need a readily available phone
operating system so that many hardware phone manufacturers will adopt
it. The FLOSS community and Google thus can work together here, in much
the same way various companies have always helped improve GNU/Linux on
the desktop because they thought it would foil their competitors (i.e.,
Microsoft and Apple).

Yet, the problematic spot for FLOSS developers is Google doesn’t
actually need our development help. Sure, Google needs the FLOSS
licenses we developed, and they need to get access to the upstream. But
they have that by default; all that knowledge and code is public.
Meanwhile, they can easily afford to have their engineers maintain
Android’s Linux fork indefinitely, and can more or less ignore Greg’s
suggestions for shepherding the code upstream. A small company with
limited resources would have to listen to Greg, lest the endeavor run
out of steam. But Google has plenty of steam.

We’re thus left appealing to Google’s sense of decency, goodwill,
collaboration and other software freedom principles that don’t necessarily
make an impact on their business. This can be a losing battle when
communicating with a for-profit company (particularly a publicly traded
one). They don’t have any self-interest nor for-profit reason to work
with upstream; they can hire as many good Linux hackers as they need to
keep their fork going.

This new era problem is actually harder than the old problem. In other
words, I can’t simply write an anti-Google blog post here like I’d write
an anti-Apple one. Google is releasing their changes, making them
available. They even have a public git repository for (at least) the
HTC Dream platform. True, I can and do criticize both Google and HTC
for making some hardware interface
proprietary, but that makes them akin to NVidia, not Microsoft and

I don’t have an answer for this problem; I suggest only that our
community get serious about volunteer development and improvement of
Android/Linux. When Free Software started, we needed people to spend
their nights and weekends writing Free Software because there weren’t
any companies and for-profit business models to pay them yet. The
community even donated to Free Software charitable non-profits to
sponsor development that served the public. The need for that hasn’t
diminished; it’s actually increased. Now, there is more code
than ever available under FaiF licenses, but even more limited
not-for-profit community resources to shepherd that code in a
community-oriented direction. For-profit employers are beginning to
control the destiny of more community developers, and this will lead to
more scenarios like the one Greg describes. We need people to step
forward and say: I want to do what’s right with this code for this
particular userbase, not what’s right for one company. I hope someone
will see the value in this community-directed type of development and
fund it, but for the meantime, it has my nights and weekends. Just
about every famous FLOSS hacker today started with that attitude. We
need a bit more of that to go around.

(I don’t think I can end a blog post on this topic without giving a
little bit of kudos to a company whom I rarely agree with: Novell. As
near as I can tell, despite the many negative things Novell does, they
have created a position for Greg that allows him to do what’s right for
Linux with what (appears to be) minimal interference. They deserve
credit for this, and I think more companies that benefit from FLOSS
should create more positions like this. Or, even better, create such
positions through non-profit intermediaries, as the companies that fund
Linux Foundation do for Linus Torvalds.)

this to Apple, which is so allergic to copyleft licenses that
they will do bizarre things that are clearly against their own
interest and more or less a waste of time merely to avoid GPL’d

I originally wrote drivers here,
but Greg
pointed out
that there aren’t actually Linux drivers that
are proprietary. I am not sure what to
call these
various .so files which are clearly designed to interface with
the HTC hardware in some way
, so I just called
them hardware interface libraries.