Black Hat 2013 session on BlackBerry 10 security fails to offer anything interesting

By Bla1ze on 2 Aug 2013 01:18 am EDT

Remember when we told you about the Black Hat session that would be covering BlackBerry 10 OS security? At the time, the description sounded as though Ralf-Philipp Weinmann, who is a research associate at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg, had some interesting things to say but as we now know, he didn't have anything overly interesting to say at all.

Rather than dropping a bombshell of knowledge on folks, he ended up stating nothing outside of the obvious for BlackBerry and most users. His biggest piece of news was that BlackBerry 10 contains QUIP, a diagnostic tool that has the ability to collect various user data, including voice and audio communications, screen captures and memory dumps which can be sent to BlackBerry and it's off by default.

Outside of that, his other 'major' findings were that applications can be easily loaded onto the devices and maintain persistence, something in his own words is not as secure as iOS but "it’s somewhat, if not significantly, better than on most Android phones.” In short, applications can be side loaded and when such a thing takes place, they'll remain on the device. A possible entry point for exploits that could potentially allow escalated privileges. Again, something that is well known.

Perhaps the most interesting thing to come from Ralf-Philipp Weinmann's session is the noted fact that BlackBerry 10 contains additional security features that help with exploit mitigation such as ASLR, DEP and stack cookies. In the end, the whole session was based on theoretical conversation with no 'proof of concepts' shown off or exploits divulged. Just the obvious fact that it could, potentially, be exploitable.

tl;dr: The BlackBerry Security Incident Response Team isn't running around trying to figure out how to patch any exploits uncovered by this guy and that's a good thing.

Read more at ThreatPost

Reader comments

Black Hat 2013 session on BlackBerry 10 security fails to offer anything interesting


What the hell does all of this mean to the average person? What does it mean for the Corporate IS and BES10 deployment? What does it mean about active sync technology? This makes no sense to me. Maybe I'm just an obtuse dolt...

Basically someone tried to tear a hole in BlackBerry security and failed miserably. BlackBerry is as secure as ever.

Now let's see how popular media spins it. If even THEY can't spin it in the negative I am guessing it doesn't get reported on at all.

There is Boo from the media, an example is the CTV interview with HOSTs are after headlines not making headlines Total Joke !! Blackberry is secure period !

Well he said little not nothing. There is theory - but it's difficult enough to implement that we have no roadshow.

That's a good thing :).

Posted via CB from my LE

Actually, the fact he didn't have much to say is, in itself, good news.

I believe the whole point of having him talk was exactly that.

You're right. Nothing good to say saying that BlackBerry10s ability to side load makes it less secure then iOS but what's funny is when you jailbreak iOS you can basically do the same thing. I had a friend do it and it crashed his phone because an app he had installed.

Truth is when the user starts to manipulate the system that's when things can go wrong and bottom line is if you fiddle and manipulate that's when you cause issues and its all at own risk

Posted via CB10

Maybe the speaker assumed he'd have something to present by the time the conference came along, but failed to actually come up with anything. So instead, he just mumbled through it and filled the time.

Only if you're getting pirated apps that have been tampered with into your device.

People can't sideload apps to your device without you knowing, so not much of a big deal there.

What the guy said was pretty much "Well, if you sideload an app, the app will remain in the device untill deleted. If the app is malware, you're gonna have a bad time!"

If you get your APKs from Google Play and do the porting yourself, there is very little chance of getting malware (unless of course the original apk from Google Play actually has some malware in it, which Google tries really hard to prevent from happening).

I have seen an instance of malware already, because someone installed a bad launcher, and now their whole android system is kaput

Posted via CB10

true I tried initially with my Z10, and got really lost, but I did see my buddy side load Instagram, it took 2 tries and was successful and has been working smoothly. Not for me

Nope, because after you sideload the app it still has to explicitly ask for permission to access any personal data, and you can still say no.
And when it asks, it displays the name of the person who registered for the keys used to sign it (which, admittedly, someone could put anything for).

So to get malware:
1. Someone would have to actually create it (a difficult task due to limited APIs)
2. You would have to sideload it.
3. You would have to give it permission.
4. You would have to run it.

To your point. Those keys are also tied to our photo ID's.

So if bbry gets serious about your app...

Posted via CB from my LE

It's only a security issue if someone finds a vulnerability and injects it into an app which a user later downloads from some other source than BBW and sie loads onto their device. Kind of unlikely. Once an exploit is found on either iOS or BB10 it can be hacked if you can get an app on it. iOS is "more secure" because you can't sideload an app with an exploit without being a dev but with BB10 you can. It's really the human element at that point though.

Posted via CB10

His statements that he is worried about BB10 security are ridiculous. "I'm worried because maybe it's hackable."

FFS everything is hackable it's just a matter of resources and time. Everything has a flaw somewhere.

Posted via CB10

Deutsch Baggery from someone that people expect atypical results, but when they have none, they state the obvious to keep their rep at a stand still. Big name, obvious answers; his efforts were wasted on a system that the government approves. This is one of the core reasons I chose blackberry once again. Security and QWERTY; that doesn't need this Summer's Eve's approval, accomplishment, or failure to justify an established rep from BlackBerry. My favorite "Fruit" and "Machine".

I use a BlackBerry because it makes sense

Actually very positive for those with any security knowledge, while the media will jump on every "maybe" or "could". Lots of ignorants will use this "report" to say "you see BB is not 100% secure". Idiots. Nothing is 100% secure. Nothing.

Though we all know that security is an illusion, the fact that it has "Just the obvious fact that it could, potentially, be exploitable." means that BBRY better get some good pentesters. All it takes is 1 script kiddy to fuck everything up. Bla1ze, I know you don't want to say anything major on this because it's mostly the Android part of things but the core OS itself still needs some work if it wants to shape up with security to the same height as BBOS.

The key thing, for BlackBerry, is not to become complacent.

It's a good thing no major issues were presented - that doesn't mean there are none; BlackBerry should keep moving forward and insure the status quo remains!

Posted via CB10 on my BlackBerry Q10

He says security could be compromised by sideloading which makes it weaker than iOS. But doesn't mention that iOS could be jailbroken which allows sideloading as well? One of those things that makes ya go hmmm.

It's not just the sideloading, it's the ease by which sideloading can occur that was his concern. As you just pointed out, iOS has to be jail broken to allow sideloading, while all someone has to do with BB10 is go into the settings and enable development mode.

It's a theoretical vulnerability. For example, if someone leaves their phone around for a few minutes and doesn't have it password protected, I could enable development mode and install a malicious app in hardly any time with a laptop and wifi. And with 10.2 bringing headless apps, you might not even know it is running.

Posted via CB10

Well, Development Mode requires a password so you need to get someone's phone, set up a password, enable development mode, sideload the malicious application then remove the password again and rerun the phone.

Sounds like a hassle. Then again, just about any device can be compromised if there is physical access and there is no access restriction of any kind.
(And even if there is, who knows if they can be bypassed)

Posted via CB10

why bust your fingers to sideload and hack an iOS ?.. just use the charger and hack away , real easy ! Lol !!

I am BlackBerry at heart and will never leave BlackBerry unless they stop making them.

I never used iOS before, all I had from Apple was a regular ipod music player. I decided to buy the iPod touch 3 weeks ago for the apps and also so I can get to see what all the hoopla is about with iOS. I can confirm fully and with informed fact and user experience that iOS has nothing on BB10 except apps. Just to close an app on iOS take 5 steps to completely close the app. BB10 is a swipe up and click the x. Simple.

I still have the iPod touch, but here is where it get interesting. I bought the iPod at Best Buy, Apple in it money hungry usual fashion decided that I don't need a wall charger, just plug it into your computer that have to be on and you can charge it, or just pay us $30+ to get the wall charger. I decided not to go with Apple offer because I saw Apple charger on Groupon (which I took as a deal site) for $9.99. I bought the charger from Groupon instead. I got the charger, plugged it in and the iPod charged. It wasn't until I noticed that I posted on twitter when I actually never did. Never suspected the charger until one morning I got up and used the app on my iPod to disarm my security system while on the charger, put the ipod down and noticed my screen switching. I still did not suspect the charger, I simply turned the iPod off and later on did a security wipe thinking it was an app I installed from the app store. The next day after the security wipe, and installing just 2 apps that I said was not the possible suspects, I had the iPod plugged in, did the same as I do when I get up, disarm my security system with the app, put the ipod down and walked away. It wasn't until 2 minutes later my security system was re-armed and the ipod started playing music. I came back to the ipod immediately and started recording the ipod being controlled remotely. I noticed as soon as I plugged it out from the charger, it stopped, as soon as I plugged it back in, it started again being controlled remotely. That when I determined it was the charger.

I made up my mind at that point that I will never buy another Apple product again regardless if apple made the charger because unless you plan to play security guard on your cell phone, if you put that phone down, lets say in an airport to charge and turn your back which I see lots of people do, someone can easily swap your charger out and they in your device while you sitting over there waiting for your device to charge and the hacker having a field day with your device information. To top it off, you get up, collect now your hackable charger and that person controls your phone forever.

No more iProducts for me... Sorry Apple and to the Apple fanboys out there, you can say what you want to me about denouncing apple products, but this happened to me first hand and NEVER did it happen to me with a BlackBerry product. So trash me and say what you want, my heart is at peace with my decision.

Plug the iPhone into a hacking charger and the phone is infected. Much easier than sideloading...

Well, the security team has patched one of the rooting exploit that was in 10.0 and is busy fixing all the apps which segfault, so that's a good start, but there are still potential vulnerabilities and those probably won't be known for a while since security specialists are too busy selling exploits to governments...
Looking forward to using a fully rooted device in the near future though and it's good that nothing big came out of that presentation as BB doesn't need any more bad publicity...

One advantage of blackberry having such a small market share... almost no one is gonna waste time hacking BB10, so we're all safe!

Posted via CB10

I disagree @BlackBerry519. The people with the most valuable data in the world are carrying BlackBerry handsets. You think the Iranian and Chinese intelligence agencies want to see naked pics of Scarlet Johansen? Okay, they do, but the reason they get a paycheck is to get at our power grids, financial networks, intelligence agencies, etc.

Posted via CB10

At a conference like Black Hat they are trying to portray *all* computing devices as being insecure. This is their reason to exist. If a presenter got on stage and said, "Blackberry is secure with just a few normal potential vulnerabilities" then he wouldn't be back next year. The presenters need to present some sort of security crisis in order to keep the whole conference rolling. Otherwise, there would be no conference and no pay for them.

Like others have said, based on the quality of his comments, Blackberry sounds really secure to me. Just put a password on your device and be careful with apps.

Good to see Blackberry has built in comprehensive data mining software ready to pass all your information onto the NSA ;o)

Well, to a BlackBerry h4x0r like Bla1ze, it may not be interesting, but to the target demographic of the presentation (h4x0rs in general) this is quite good.

Posted via CB10

I still would like to see a true security comparison between BBOS and BB 10. While the architectural changes with BB 10 offer a lot of advantages over BBOS, I'm not sure security is one of them--at least not when looked at holistically. I don't know, but I'm sure someone does, and it would be cool for that person to weigh in.

I work close to NSA headquarters at fort meade,md. When I go to lunch, You invariably see the younger government types carrying/playing with a mix of I toys and droids-the older folks (higher ups?)almost to a man are carrying blackberry bolds...
I have had a number of chances to show off my zed 10 to some of these folks; most comment on how fast it is, and how fluid the swiping to access the hub is...(that and the spiffy "stormtrooper" color scheme on my phone) .. many have also off handed commented that blackberry is simply the most secure phone in the world. I'm not a geek or super knowledgeable with computers, these folks are...
These guys play with computers and data collection (ahem..) and ELINT day in and day out...what they use speaks volumes-and they use blackberrys. Anything can be hacked-but BlackBerry phones promise to give a hacker a hard time.
BlackBerry by choice,blackberry for life

Posted via CB10

It was interesting in that it laid a good ground work for questions and future research. When I left the presentation, people were already sitting down to try and abuse quip.....

Posted via CB10