The celebrity nude picture iPhone scandal. The payment systems hackings of KMart, Neiman Marcus, Target and Home Depot.
An attempt to hack nearly seven million DropBox accounts.
BlackBerry has always talked up its security advantage, but with online safety moving from the middle of the newspaper to the front page, are we finally living in an environment in which mobile device users will listen?
In a blog piece called “Four Key Ways that BlackBerry Protects Your Privacy” BlackBerry took aim at business users who fear the next security scandal could arrive on their doorstep.
“For over 15 years, BlackBerry has been synonymous with mobile privacy and security. We’ve already examined what makes BlackBerry so secure, so let’s look at what BlackBerry does to protect us as individuals,” said BlackBerry Security Services Manager Alex Manea.
Manea says the first thing the company tries to do is limit infuriatingly difficult password requirements. You know the ones: “Password must include a capital letter, six numbers and the lyrics to a Smiths song, pre-1985 era.”
Manea says data proves BlackBerry’s solution to the password problem is better.
“We limit password attempts so that after 10 incorrect tries, your device automatically wipes to protect your information,” he says. “This makes short, simple passwords much safer on BlackBerry. If a random lower-case 4-letter password requires an average of 228,000 guesses to break, the odds of someone guessing it in 10 tries is around 0.002%.”
Another hot-button security issue with consumers is the collection of data. Manea says that while this information can sometimes provide a more useful and relevant experience, it can also be a slippery slope. BlackBerry’s motto is “Ask for Permission, Not Forgiveness”.
“When you first boot your BlackBerry 10 device, you’ll see a screen that asks if you want to enable Location Diagnostics,” explains Manea. “We securely collect anonymous data to do neat things like improve turn-by-turn navigation in BlackBerry Maps and learn which BBM Emojis are the most popular, which is why most people choose to enable this. But if you change your mind later on, you can disable it anytime from Settings -> Security and Privacy -> Diagnostics.”
The third thing BlackBerry does is scan all apps you download and make sure the information they request cannot interfere with personal information.
“When you install an app, it gets put in its own sandbox separate from your personal data, and the only way to access things like your location, camera, or BBM is by asking your permission. And for BlackBerry apps, you can choose to deny individual permissions and still run the app,” says Manea.
Lastly, Manea says BlackBerry avoids the temptation of putting vendors above users.
Some vendors want to silently collect and sell our data, while others want to capitalize on our worries by selling privacy “features.” At BlackBerry, consumer privacy is not a new and exciting feature; it is, and has always been, an intrinsic part of our culture and technology.”
BlackBerry isn’t alone in touting its security features, but it appears to have a clear leadership position over its now much larger competition.
Samsung introduced an enterprise mobile security solution called Knox last year that aimed to separate the personal and professional data of business users. The US Department of Defense approved Samsung Knox-enabled devices in May, 2013 for use in its networks. But recent revelations by security researchers suggest Knox’s architecture may be weak.
Security experts also have concerns about Apple’s iOS8. Joseph Bonneau, a fellow at the Center For Information Technology Policy, Princeton, says iPhones are vulnerable because Apple won’t limit the frequency or total of log in attempts, for fear of inconveniencing its customers.
“By default, iOS devices are configured to be locked with a “Simple Passcode” which is only a 4-digit PIN,” explains Bonneau. “Once again, we have data showing that users pick a highly-skewed distribution of 4-digit PINs, but that doesn’t even matter here. The entire space of 10,000 possible PINs can be exhausted in just over 13 minutes at 12.5 Hz or 14 hours at 0.2 Hz. The average user will be at most half of this, and of course it will be faster in practice due to non-uniform user choices. In any case, users with any Simple Passcode have no security against a serious attacker who’s able to start guessing with the help of the device’s cryptographic coprocessor.”
Great read but wish there was more emphasis on encryption standards and the security behind BBM.
BTW – Blackberry is spelled “BlackBerry”, title failed
By limiting access attempts we could lose from our left had what we obtained by our right hand, since it could well urge the users to register hard-to-forget (=easy-to-break) passwords.
At the root of the password headache is the cognitive phenomena called “interference
of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images,
as well as conventional texts.
BBRY has picture passwords on BB10 http://helpblog.blackberry.com/2014/02/how-to-use-picture-password-in-blackberry-10-os-version-10-2-1/
The idea of using pictures for passwords is not new. It has been around for more than two decades but the simple forms of pictorial passwords were not as useful as had been expected. For the UNKNOWN pictures that we manage to remember afresh are still easy to forget or get confused, if not as badly as random alphanumeric characters.
It would be desirable to make good use of KNOWN images that are associated with our episodic/autobiographic memory. Since these pictures are the least subject to the interference of memory, it enables us to manage dozens of unique strong passwords without reusing the same password across many accounts or carrying around a memo with passwords on it.
The outline of the Expanded Password System that I referred to is explained at
This Expanded Password System is inclusive of textual as well as non-textual passwords.
Users can retain the textual passwords as before while they expand their password memory to include the non-textual passwords without being impeded by the cognitive effect of “interference of memory”. It is extremely difficult to imagine the users who would suffer disadvantage or inconvenience by taking up the expanded password system.
Leave a Reply
You must be logged in to post a comment.