The Security Berry-meter | Security and The Blackberry

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Blackberry Security

Flak upon flak, hay upon hay, has been dumped on the Blackberry, and its maker, RIM, since the announcement, few days ago, of availability of >a code allowing someone to turn the berry into a microphone. This is not an indictment against RIM, conversely – it is a triumph.



Unlike other electronic “toys” (such as the iPhone, see my article here and my other article (here), Blackberry always took security seriously. From the secure implementation of the “BES” system, to almost-bullet-proof browser, attacks against the Berry and its Operating Systems, have been many.

Successes have been very few.

There is still no other device with quite the popularity of the Berry, especially within the corporate world. Its Outlook integration is second to none. The push technology was revolutionary, and the keyboard lent to such historical quotes, as made by my pal Howard (More time in the Air than on the Ground) Schmidt: “Our next generation will be born with all thumbs” because of the Berry.

It took over ten years for such a “hack” as the listening software to be available. And it is not even a hack. It is no more a hack than a user being asked, in bold letters, to peform five steps to install spyware software on their pc.   In this case, the user would be asked to perform three(3) separate steps in order to install this software:




then provide a phone number:

then perform another step:


If someone does all of the above accidently, they should be reminded how to buckle their belts on every airliner they board, and they indeed do not deserve a berry.




Apple Just Doesn’t Get It | Apple and Security

Apple doesn’t believe in Security?

As I said nearly two months ago, in my blog post here, "I am concerned about the attitude by Apple which suggests complete laxity, and indeed, abhorrence, of the concept of Information security."  I also pointed out that at hitting the milemark of 40 million iPhones, Apple is now positioned to become a major, sexy, target for computer hackers and malefactors.

As I feared by stating

"Oh, what happens if (or when) a Cracker finds that code or connects remotely to your cell/wifi enabled phone and does the trick for you?"

Less than a month later, a code was revealed that would let attackers run software code on the phone that is sent by SMS and allow them to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.   Sigh.

And, of course, when you combine the above with the statement I made about "Steal a Phone, get a CAR!”, just imagine what can happen now….

So, Apple, it is nice that you put an encryption chip in the phone.  But without proper testing and validation, what you get is this (from The Register): 

"A researcher has delved into the encryption used to protect content on the iPhone 3GS, only to claim it is "entirely useless" and that he had "[never] seen encryption implemented so poorly before".

It is nice that you, Apple, spend time making sure that iTunes does not get "mis-used" by such "evil" devices as the Palm Pre.  But you are not going to be taken seriously by Corporate America until you show more attention to Risk and Security.   Now that over 40 million devices are there, you really should.

Better yet.  Contact me.  I will fix it for you.