BlackBerry Balance, the new feature in BB10 aimed at meeting demand for bring-your-own-device regimes, has been found insufficiently secure for that purpose by Britain's Communications Electronics Security Group (CESG). The CESG, an offshoot of the British signals and electronic intelligence agency GCHQ, describes itself as " …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 20th March 2013 03:09 GMT TheRealRoland

Bis / bes

Not sure how much has changed between 7.1 and 10, but the fact that there's no more bis on bb10, doesn't bode well. Maybe it's like a placebo effective, but it seemed all a bit more secure to me.

If nothing else, the fact we're no longer getting compression on the requested data, using a bb10 will cost more per month. Having read up on cost per plan in Europe vs US, I'm shocked. Shocked!

0 0
1. Wednesday 20th March 2013 10:16 GMT Anonymous Coward
  
  Re: Bis / bes
  
  Blackberry are a Dodo on life support. #deadphone
  
  0 5
  1. Wednesday 20th March 2013 10:21 GMT Anonymous Coward
    
    Re: Bis / bes
    
    #tiresome
    
    3 0
Wednesday 20th March 2013 04:26 GMT Archimedes_Circle

Or...

K-9 and APG to provide gpg signing and encryption

Textsecure for encrypted texting records and messaging, although why doctors need to discuss patients over texting is not something I understand.

Gibberbot for jabber/gmail encrypted chat comms.

Redphone for voice.

And android built in encryption. I'm not going to claim android is better than IOS for full disk encryption, but if that's your threat model the game is already over, because you shouldn't have copies of secured docs sitting on your phone.

0 1
Wednesday 20th March 2013 06:49 GMT Montreal Sean

I know why they can't get "restricted" certification.

As yet BlackBerry hasn't forgotten a z10 on public transit, which seems to be a requirement. :P

1 0
Wednesday 20th March 2013 07:30 GMT Anonymous Coward

Bring your own Blackberry to work?

What craziness is this... isn't the reason you have a blackberry either ;-

1) You are a south london scalywag teenager who doesn't want to pay for SMS

2) You have been given it by your office when what you really wanted was an iPhone.

3 9
1. Wednesday 20th March 2013 09:53 GMT Anonymous Coward
  
  Re: Bring your own Blackberry to work?
  
  Or - you're a perfectly normal teenager who got one for Christmas with a £7 or £10 a month contract, can send unlimited messages to friends, and know your parents can't afford £600 up front or £43 a month for an iPhone?
  
  Or you're someone who sends a lot of messages and really cannot get on with glass keyboards.
  
  Much of the Apple or big screen Android owner mockery is directed purely at people with less money than they have.
  
  10 0
  1. Wednesday 20th March 2013 12:45 GMT jason 7
    
    Re: Bring your own Blackberry to work?
    
    An iPhone....oh how ordinary!
    
    1 1
Wednesday 20th March 2013 07:58 GMT LarsG

Still hackable by the Newspapers?

0 1
Wednesday 20th March 2013 09:12 GMT DrXym

So broken by design or just a bug?

If it's just a bug they can rectify the issue with a firmware update. They should be more worried if it's something about balance that can't be fixed without seriously compromising the entire design of the software.

0 0
Wednesday 20th March 2013 09:49 GMT Anonymous Coward

I suspect, based on other sources

It's possible that the issue is that Balance prevents remote wipe of user data, which includes the removable micro SD card. Balance is supposed to prevent you from moving data from the green zone to the red zone, but there is always the possibility of photographing a secret document and saving it on the removable card. Like the old Minox, where you could photograph a load of documents, remove the cassette, cut off the feed side, lose the camera down a ventilation chute or the like, and walk out of the building with all the data on a plastic thing in a pocket (or an intimate cavity) that would probably be missed by most searchers.

It's already been suggested that BlackBerry may have to bring out a crippled BB10 phone for government use with no removable card and no camera.

Removable micro SD cards are an endangered species with many manufacturers, partly because they want you to depend on their cloud services for data storage but, I suspect, largely for security reasons.

2 0
1. Wednesday 20th March 2013 11:50 GMT Paul_Murphy
  
  Re: I suspect, based on other sources
  
  >Removable micro SD cards are an endangered species with many manufacturers, partly because they want >you to depend on their cloud services for data storage but, I suspect, largely for security reasons.
  
  I suspect it's the other way around, at least with tablets - apple, google and amazon devices are rather light on microSD card support, whereas my (sort of no-name) Novo7 Fire for example has one, and since I wanted to have my music on a large card rather than taking up memory the big names have lost me as a customer.
  
  'follow the money' seems to suggest that those with large online shops would prefer you didn't have a microSd card slot.
  
  Oh - and I wanted OTG support which at least the Kindle Fire doesn't support, I didn't bother checking the other tablets.
  
  1 0
2. Wednesday 20th March 2013 13:41 GMT DrXym
  
  Re: I suspect, based on other sources
  
  I think the main reason they're cutting SD is because Microsoft is suing them over bogus patents relating to FAT32. Easiest way to avoid the lawsuit is not to include FAT32. That said, it's annoying that so many choose to implement MTP rather than USB mass storage. MTP is okay at a pinch but it's piss poor for things like zips or avis where the entire file has to be copied off the device to be opened.
  
  0 0
  1. Wednesday 20th March 2013 15:25 GMT Anonymous Coward
    
    Re: I suspect, based on other sources
    
    Why not simply agree to use a file system which is not Redmond's profit centre? If Android went with an Ext variant then before long it would be Microsoft feeling the pain of people unable to open their SD cards on Windows.
    
    No, I overstated it I agree, it is mainly about selling cloud services, but getting into the secure market may well explain why models like the Lumia 920 do not have an SD slot, but other cheaper models do.
    
    0 0
  2. Wednesday 20th March 2013 19:04 GMT Anonymous Coward
    
    Re: I suspect, based on other sources
    
    How are those FAT patents bogus? They have been tested in court a number of times.
    
    1 0
    1. Thursday 21st March 2013 08:50 GMT DrXym
      
      Re: I suspect, based on other sources
      
      Those FAT patents are bogus because they essentially relate to a look up table which maps a short name to a long name. Anyone software engineering experience tasked with a way to put long names on an FS supporting short names would come up with a similar solution. It's an obvious and trivial invention and should be struck out for that.
      
      It's so trivial that the Linux kernel produced a patch to prevent generating a valid short short *and* a long name at the same time. It only stores one or the other depending on the name length but never both to work around the lookup patent.
      
      As for "tested in court", it was tested only to see if the patent was violated, not if the patent was valid. Two different things. If it deserves to be a patent at all should merit a payment in pennies at most.
      
      0 0
3. Wednesday 20th March 2013 13:43 GMT Mark Dowling
  
  Re: I suspect, based on other sources
  
  Why would Blackberry bring out a phone with no camera, when disabling the camera has been a BES policy item for eons?
  
  0 0
  1. Wednesday 20th March 2013 15:20 GMT Anonymous Coward
    
    Re: I suspect, based on other sources
    
    Because with Balance the corporate may not have any control over your camera. Remember this was not a security assessment of BB 10, it was specifically a security assessment of BB10 with Balance. If MI5 can't stop its operatives from using the camera to save stuff to the red zone, it will fail. If they can't encrypt your micro-SD card so you cannot read it out of the phone, it will fail.
    
    The real root problem for our beloved Government departments and the like is that the whole idea of mobile phones is that they have become tiny computers optimised for receiving and sending data on a huge range of bands from audio through various radio frequencies all the way to optical, and that is inherently a very bad basis for limiting people's ability to shift data around.
    
    1 0
Wednesday 20th March 2013 10:06 GMT Anonymous Coward

Hogwash...

This report makes no sense to me. Why would CESG even look at Balance? It doesn't seem to fit with what they'd be interested in, which would be a device that was completely under corporate/government control with no personal side.

1 0
1. Wednesday 20th March 2013 12:01 GMT Anonymous Coward
  
  Re: Hogwash...
  
  You can't currently turn balance off.
  
  0 0
  1. Thursday 21st March 2013 09:32 GMT Keyboard warrior
    
    Re: Hogwash...
    
    BES10.1 which is currently in testing will provide the ability to remove the personal partition from a BB10 device, leaving only the work partition.
    
    1 0
Wednesday 20th March 2013 12:01 GMT RobertD

The point is...

That Balance enables BYOD for iOS and Android devices isn't it? So you don't have to bring a BlackBerry to work. Have I missed something?

0 1
1. Wednesday 20th March 2013 15:37 GMT Anonymous Coward
  
  Re: "Have I missed something?"
  
  Yes.
  
  http://uk.blackberry.com/business/software/blackberry-balance.html
  
  0 0
Wednesday 20th March 2013 12:34 GMT cortland

While they boast

Recently received (today) link

http://globalsecurity.tradepub.com/free/w_ri89/prgm.cgi

excerpt from page:

"In this overview document, find out about the security features BlackBerry 10 can deliver for all the devices in your enterprise, whether they're running on an iOS, Android™ or BlackBerry® platform. "

0 1
1. Thursday 21st March 2013 11:33 GMT Anonymous Coward
  
  Re: While they boast
  
  Well, yes, the story appears to be bogus and I have sent a correction to El Reg. It looks like someone at the Guardian was trolled. Who by, they're not saying. But they do carry awfully big ads for a well known fruit vendor.
  
  1 0