Copperhead CTO: Nexus Phones Already More Secure Than BlackBerry Priv

Status
Not open for further replies.

elduque

Reputable
Dec 15, 2014
1
0
4,510
Can you root it? If so, it's not as secure as the Priv. Fingerprint scanners on phones are a joke. A smart thief will lift your print from the phone and make a mold. Further to that, if it can be rooted/jailbroken all security bets are off.

Android itself is a privacy nightmare, unless you're cool with sharing every detail of your life with Google.
 

randomroyalty

Reputable
Nov 13, 2015
3
0
4,510
A nexus more secure? Seriously? Any phone that Is easy to unlock the bootloader and root is inherently less secure. Any tampering with the hardware key signed BlackBerry kernel renders the phone useless. Higher level exploits are possible of course.
 

strcat

Reputable
Nov 13, 2015
5
0
4,510
Being able to unlock Nexus devices isn't a security issue. It requires physical access and wipes the device, so an attacker would be better off replacing your phone with a malicious one and capturing your encryption password when you turn it on (sending it to them). Then, they can decrypt your phone and retrieve your data. If they wipe it, the data is gone. In what threat model does a locked bootloader help the user? It's to protect carriers from the user (cannot remove things like marking tethered data and their spyware), not users themselves.
 

randomroyalty

Reputable
Nov 13, 2015
3
0
4,510


 

strcat

Reputable
Nov 13, 2015
5
0
4,510
Oh, and on new Nexus devices like the Nexus 9, Nexus 5x and Nexus 6p, unlocking the bootloader requires first enabling unlocking inside of the OS. So the encryption password is required to do it. They already have your data if they're able to unlock. It's a non-issue from a security perspective. Note that the bootloader can be fully locked against after replacing the OS too.
 

randomroyalty

Reputable
Nov 13, 2015
3
0
4,510
If a phone can be tampered with, then all kinds of man in the middle attacks are possible when the phone is issued to a user. If i was in a high security environment issuing mobile devices, there is no way i would ever issue a Nexus.
 

Nate650

Distinguished
May 15, 2002
20
0
18,520
Interesting. So what happens when Android 6.0 comes to the Priv?

From his answers, it seems Daniel doesn't exactly know what BlackBerry's security enhancements were.
 

strcat

Reputable
Nov 13, 2015
5
0
4,510
The comments on kernel changes are based on analysis from the source code (https://github.com/blackberry/android-linux-kernel/tree/msm8992/AAC724) but analysis of userspace had to be done by probing at it from an app. So it's easy to tell that they didn't fix ASLR or do much hardening, but it's not possible to state with confidence that they didn't do any meaningful userspace hardening. It sure does seem that way though.
 

strcat

Reputable
Nov 13, 2015
5
0
4,510
i.e. they didn't seem to do any improvements that would make apps more secure, but they have have locked down one or more of the system services more (seems unlikely, otherwise it'd be a point in their marketing rather than just 'applied hardening patches to kernel')
 
nexus devices are more secure because google controls them.the priv is less secure because it is using a modified version of android which can compromise security with the additional pre loaded software and there will be a delay with updates like every other brand because of it. anyone saying the pric is more secure than nexus is just grasping at straws trying to defend it or another apple sheep because everyone knows someone will find a way to root and unlock t it anyway just like every other android or apple phone
 


wow, you are either really ignorant or a fanboy of some sorts. anyone who knows anything about the mobile industry would know nexus devices would be the best in a work environment because they are always first to get any major or security updates. during the stagefright scare it took less then a week to get the security patch sent to my nexus 4

 

anubis44

Distinguished
Jul 22, 2008
71
0
18,640


wow, you are either really ignorant or a fanboy of some sorts. anyone who knows anything about the mobile industry would know nexus devices would be the best in a work environment because they are always first to get any major or security updates. during the stagefright scare it took less then a week to get the security patch sent to my nexus 4.

Then you must be a Google fanboy, because every intelligence, military and government agency with even the slightest security requirements uses a Blackberry. The Nexus and all Android and iPhones are pathetic toys compared to a Blackberry for security. I work for an organization where all our iPhones were taken away and replaced with Blackberrys two years ago, because the iPhones weren't secure enough.

I'll take Blackberry's security any second of any minute of any hour of any day over Google's.
 

johnmeredith

Distinguished
Nov 22, 2012
11
0
18,510
Looks like BlackBerry have answered:

http://blogs.blackberry.com/2015/11/why-blackberrys-android-is-best-for-security-and-privacy/

I'd take 15 years experience in security personally.
 

4ron

Honorable
Jul 6, 2013
2
0
10,510
I suggest you read the head of BlackBerry security own response to this claim. BlackBerry states that the Priv is unequivocally the most secure android device. Period!
 
Status
Not open for further replies.