But so do Apple and they are wildly successful. BlackBerry's security model relies on integration of the OS with the hardware in such a way that they'd need to rewrite the Android kernel anyway to keep the same benefits.
Can anyone comment on the Blackberry Priv? The article mentioned it, and I know their security goes down to hardware level and what they claim is a secure manufacturing process, but all I know is what they claim ...
I think it was just a guess that General Dynamics made the device. Since no one was on the record about anything, they just did a Google search for "secure pda" and came up with that one.
I wouldn't be surprised if it's a regular BlackBerry with modified software.
I'm not sure if you can get a secure solution at that rate. The more secure systems simultaneously have high development cost and almost no buyers. This means they're usually OEM licenses for custom work instead of mass market. So, trick would be a smart group of people licensing OKL4 or something then putting it and hardened Android on a specific phone.
Far as Blackberry, no Im not saying it's more secure. I'm saying using the QNX OS made it more secure, reliable, and responsive than it was. That's because of QNX's great design.
It's ironic to think that one of the main selling points of Blackberry was end-to-end security (the devices talked to an on-premises server via a dedicated mobile APN which had to comply with a number of requirements), and yet its on-device security model allowed an app to take over such critical functionality _by design_.
I have a number of fun stories about RIM (I was one of the BB product managers at a telco), and this post reminded me that it might be a good time to record them for posterity... :)
Blackberry's Software is DoD audited. If they change OS's they have to go though a lengthy re-certification program that Samsung KNOX and IOS6 only completed this 1 year ago.
The US government is one of their major customers, and a lot of business men and women like the piece of mind their phone is DoD approved for security... Even if they do nothing else to secure it.
Securing the blackberry is a red herring. What they wanted was a functionally equivalent mobile device. If providing such capabilities isn't exactly what the NSA should be doing, then they shouldn't exist.
I've been looking into Blackberry (Key2 specifically) because they seem to be putting security first and I don't mind if my platform is a tiny bit behind on the raw system specs. If anyone has experiences to share I am ALL ears!
This makes a lot of sense on Blackberry's side, making their enterprise security offering stronger and utilizing their strong advantage in the field, but does that mean they'll become an enterprise software company?
The security of the BlackBerry came from the fact that an organization could deploy their own data message servers, the “BES” that’s connected directly to your intranet. It was a bit vpn-like, but at the application layer. IT guys liked it because it made them feel like they were in charge, which is the main feature enterprise IT guys shop for.
This is likely because his modified BlackBerry was a one-off project suited to his security requirements.
My understanding is that internal hardware was removed/shielded, and I assume software modifications were made as well, like only connecting to specific cellular base stations (such as the one in his official vehicle).
Hardware seemed nice and it had the latest security updates.
Ironically, it was security that put me off BlackBerry as a brand.
There was the whole mess over whether their messaging systems were actually secure in technical terms, and the final conclusion seemed to be that some of them weren't. Apple handled the related issues much better.
More than that, when they brought out the Priv and made a big deal about putting their DTEK software on top of Android for security and privacy, there was a glaring hole in their presentation: it was all about detecting bad things when they were already happening, but I never found a single reference to preventing those bad things from happening in the first place.
Those two issues convinced me very clearly that modern BlackBerry is more about style than substance when it comes to security and privacy. It's sad, because as someone with a very productivity/professional focus with mobile devices, I should have been their ideal customer and they should have been the closest to my ideal phone maker of any of the major brands.
They are probably using QNX[1] which doesn't really have anything to do with Blackberry phones. QNX has a pretty wide adoption in the embedded systems community.
reply