Throughout the history of BlackBerry, they've always pushed the fact that security in their devices isn't just an afterthought, it's not just 'bolted on' after and that it's built right in the core of all their hardware. If you've ever wondered what exactly that means, Alex Manea, Manager of Security Services at BlackBerry over at the Inside BlackBerry Biz Blog has laid it out in a way that's easy to understand.
The power and complexity of mobile devices highlights the need for integrated security. But while most people focus on the OS, the security of BlackBerry is actually embedded in the hardware. Let's take a closer look.
Every building needs a solid foundation and the tallest buildings need the strongest foundations. In security, we call this the "Root of Trust". The deeper down the Root of Trust is embedded into the system, the more difficult it is to compromise.
BlackBerry signs all of its hardware to ensure device integrity. The keys are injected at manufacturing and verified whenever the devices connect to the BlackBerry network. The keys are also used to verify the software of the device.
Hardware Root of Trust is the foundation of BlackBerry security. Every single time any BlackBerry device in the world boots up, it goes through a complex and unique series of checks to confirm the integrity of each component:
- The CPU Embedded Boot ROM verifies the digital signature of the Boot ROM.
- The Boot ROM verifies the signing key of the Operating System.
- The Operating System verifies the hash of the Base File System.
- The Base File System verifies the hashes of all loaded Applications.
Nearly two years ago, BlackBerry 10 introduced the ability to securely run Android apps using the Android Player. BlackBerry 10.2.1 added the ability to install any APK file, and starting with BlackBerry 10.3, the OS comes pre-loaded with the Amazon Appstore for Android. Using BlackBerry's Hardware Root of Trust and Trend Micro's expertise on mobile malware, we're able to run Android apps without compromising user privacy or device security (see this blog post for all of the details).
In addition to managing Android and iOS with BES 12 and Secure Work Space, BlackBerry recently announced a new partnership with Samsung to provide end-to-end security for Android devices. By combining the trusted EMM of BES 12 with the security of Samsung KNOX, we're able to provide a tightly integrated, highly secure solution for the Android platform.
In a way, it sort of also answers the age old question of what your BlackBerry is doing while it's booting as well. I jokingly noted on my BBM Channel that this process is also known as why your BlackBerry takes so long to boot and there's likely a bit of truth to that. However, I'm willing to give up a few extra seconds of my life if in the end it means my device is more secure. This approach to building in security from the ground up has placed BlackBerry in a good spot as the need for embedded technology and security grows with the Internet of Things.