The Market Ticker
Commentary on The Capital Markets- Category [Technology]

I've been under an NDA and thus couldn't post this for a while, but with the now-released Marshmallow update for the Priv BlackBerry has elevated itself to being the only Android-based smartphone you can purchase if you have any concern for actual security.

Let me explain.

Security is always a balance between hassle and safety.

That is, you can always design an extremely secure paradigm for something, but as you do so the hassle factor tends to increase.  At a certain point people say "**** it" and start cheating.  This is why "password re-use rules" tend to get violated by the user putting a sticky note on their terminal, for example; if you say "must be 10+ character, must contain at least one number, one special character and both upper and lower case alpha, and must not be any of the last 10 passwords" you're inviting the user to write it down.

Of course once written down it's no password at all if anyone can see, photograph or steal said piece of paper!

The same applies to phones.

One reason people have their phones broken into is that they use easy PIN numbers.  A 4-digit PIN or a "pattern draw" is pretty easy.  It's also not very secure.  Neither is a "fingerprint" especially when yours are probably all over the device and can be lifted in 30 seconds using a piece of scotch tape!  After all you only care about your device being broken into and its data pilfered after it's been lost or stolen at which point wiping it off is going to be kind of hard!

long alphanumeric password is extremely secure.  It is also a pain in the ass to key in every time you want to unlock the phone.

BlackBerry has, for quite a while on BB10 devices, had a nice mixture -- Picture Password plus the ability to use a long alpha password.  The picture password is much more-secure than a PIN or a pattern, but also very convenient and quick.  It's the only means that I've seen that is both very secure and resistant to even direct observation.  I've challenged people at my local watering holes repeatedly to watch me unlock my phone using it, then handed it to them and asked them to unlock it, offering a beer should they succeed.

I've yet to have to buy anyone a beer.

But the Priv, on initial release, had a problem.  Android 5.1 couldn't use the Picture Password to unlock the trust store.  That is, the Priv has hardware-backed trust storage for credentials -- including VPN certificates and similar which can contain a private key and thus must be protected.  If those are stolen the certificate is irrevocably compromised and would have to be revoked and reissued, assuming you know it was stolen.

Thus, if you had such things, or had passwords for other applications you cared about, you were forced to not use Picture Password and had to either use a PIN (sort of crappy security if more than 4 digits to terrible if only 4), a pattern (terrible security) or an alphanumeric password (excellent if long and complex but a severe pain in the ass.)

Marshmallow has fixed this.

You can now set up the phone the following way and it is the only way that is both convenient and secure.

  • A long, alphanumeric password required on boot.  No password, no unlocking of the FDE in storage, tough cookies you're not getting in.  Assuming there is no back door to the FDE a long password and strong key derived from it means "forget about it" when it comes to breaking into a turned-off device.  Period.

  • A picture password for the lock screen.  This now gives you both reasonable security and convenience.  Unlocking is extremely fast and convenient and rationally secure as the underlying unlock is the alpha password.

Five fails at the picture password sequentially forces you to input the alpha one.  If you don't know it, tough cookies.

What potentially remains active as a vulnerability is an Android Device Manager unlock via Google's services.  This can be disabled (you can revoke Device Manager's access if you wish), but there is a risk in doing so in that the Android Device Manager also allows for remote wipe.  It is unknown whether there's a back door in that code from Google but one must assume there is, so for maximum security you should shut it off and disable automatic updates to applications.  This should prohibit OTA updates without unlocking and your permission.

Since the Priv has a hardware-backed security storage module this now narrows the assault vector on the phone to being able to break the TCM.  That is a very narrow attack surface compared against everything else on the market in both the Android and IOS space.

Is it perfect?  Not having source access I can't say, and I don't trust Google (any more than I trust Apple!)  However, this renders the device quite-arguably the best current example out of any smartphone with a "popular" operating system when it comes to security structure periodand as such it's the only device I can recommend to those who care at all about the security of their data in a handheld device who also insist on having wide "app access", irrespective of who you care about protecting it from.

DTEK has also been updated since with permission management you not only now know which apps are accessing data you can shut off their access to same, and you should.  Location data, in particular, ought to be off for most apps although nearly all ask for it.  Why does WalMart's app need to know where you are, unless you're searching for a WalMart near you?  It doesn't, so turn it off to prevent it from sending your location to "mommy" every five minutes!  While base Marshmallow code now allows this from any vendor only BlackBerry's DTEK tells you what's being accessed and when so you can make an intelligent decision on what to shut off.

And finally the excellent BlackBerry "soft" keyboard now supports swype typing if you wish to use it.  It defaults off but is in the settings, can be turned on if you wish for the soft keyboard, the hardware keyboard or both as you wish, and works nicely -- without having to load the Swype keyboard and lose all the other BlackBerry keyboard goodness.

In addition Marshmallow took the Android 5.1x (and previous) niggles (which were not unique to the Priv; all were common to all Android phones) and got rid of many of them.  Among other things power management is materially improved (standby endurance has roughly doubled) and granular permissions are something Android should have had forever (and did back in 4.x if you knew how to find it, but Google removed it on purpose) so you can deny apps access to things like location -- and you should for essentially all, given how often they will steal that data and send it home to "mommy."  The age-old problem with Android interacting properly with Bluetooth AVRCP (e.g. volume controls on a bluetooth headset or paired car don't actually control the handset volume, they're separate) is fixed.

In addition while it is not yet fully fixed (and I hope that is corrected very soon!) S/MIME is now supported internally in the Hub.  This marks the Priv as the only Android handset with a well-designed and native integrated S/MIME client providing end-to-end email encryption for which there is no centrally-held key or back door that a manufacturer can turn over or "leak", court order or no.

Google will never do this, by the way, since Gmail rests on their server and they rely on being able to scan your email for advertising, an act that is impossible if the message body is encrypted!  And while other devices can load third-party software to do S/MIME or use non-integrated clients they may include the point of it being integrated is convenience, which is a huge issue -- security features you do not use because they're a pain in the ass are for all intents and purposes not there.

For those who care sending signed messages does not currently work properly.  Encrypted or signed and encrypted are both functional.  This is a problem mostly in the area of key exchange between correspondents, as the usual means of getting someone else's key to send them an encrypted message is for them to send you a plain-text signed one; the signature contains their certificate which you can then use to reply encrypted (and signed.)  There are ways around this (if your correspondent sends you a message first you can reply encrypted/signed, and he now has your certificate) but this does need to be addressed.  In addition for those with private CA infrastructure certificate verification is not working properly (the message will decrypt or validate as signed but the certificate itself does not verify); this is a serious issue for high-security enterprises and government agencies (think DOD, for example) who keep control of their entire certificate infrastructure as the entire point of certificate verification is knowing that the person who you're talking to really is who they say they are.

Neither of these problems should be hard to resolve and they can be fixed with a Hub application update (that is, without a full software release) but it's only fair to mention that they exist.

Bravo BlackBerry; you took a nice handset with a decent security posture (but a material pain in the ass to use in a secure fashion) and turned it into one with a materially better security posture that is no longer a pain in the ass.

While the user experience improvements are available on any Android device running Marshmallow this is not true of the security posture improvements, most of which center around making security convenient enough that you'll actually use it.  

Those are all BlackBerry-specific and cannot be found on anyone else's Android handset.

In other words there is now only one choice for security-conscious users in the Android marketplace.

BlackBerry Priv.

(Available from AT&T, T-Mobile, Verizon and unlocked, direct.  Note that at present only unlocked direct handsets have Marshmallow available; carrier versions are reported to be expected to receive the update starting around the first of May.)

View this entry with comments (registration required to post)

If you're wondering what sort of robbery you're being subjected to by the major cell carriers when it comes to individual plans, you need wonder no more.

I've written several times on T-Mobile's game with "individual" .vs. "family" plans, and how they outrageously discriminate against single individuals.  $70 for something that costs less than half that if you buy four lines is flat-out ridiculous.

But it doesn't end there.  Oh no.  The newest is a system of "business line" resellers.  You need a bona-fide business to sign up with these; an FEIN or some other evidence of actually running a business -- but if you have that the pricing is flat-out nuts.

Try $35 for just over 4Gb of data and unlimited voice and text monthly, or as little as $22 if you only need 1Gb!  And by the way, since this is with a level of indirection in there this is not below cost either; everyone is making money or they wouldn't be doing it.

There is, however, a problem -- the support is questionable at best, and, really, it can be horrid.

I recently grabbed an account on one of these, intending to test and, if it's good, port in.  Everything is great, except one thing -- no message waiting indicator for voicemails.

Everything else -- and I do mean everything -- works.  Data, voice, text, picture messages, I can even use my VPN over data (which often doesn't work due to portblocking.)  But..... no message-waiting indicator is a deal-breaker.

The "parent" (actual carrier) involved, which happens to have a logo suspiciously like a Death Star, is clueless -- including trying to blame the firmware on the phone.  Yeah.  On two different devices, it's the firmware's fault.  Oh, and with a different SIM from an MVNO in the phone?  It works perfectly, so somehow I doubt it's the phone.  Never mind that on mobile networks the message-waiting indicator is actually a specially-formatted SMS so a firmware fault would cause it to display as a "screwball" text message instead of disappearing into a black hole.

But anyway, problems aside (and this will probably keep me from using these guys "for real" instead of "in test") the fact remains that this tells you quite a bit about exactly how badly you're getting screwed with as an ordinary consumer when it comes to cell service.

Oh, and if you happen to have a small business of any sort what you might be able to do about it.

Update: It appears this is yet another "too many hands" problem.... or, if you prefer, "too many levels of indirection."  What this says for long-term stability of service via such an arrangement is open to some doubt, as you might imagine, so if you have to risk a long-held number possibly going poof in the night you may want to reconsider.  But if not any of these guys look awfully good, and there's a few of them out there right now.

Update #2: So..... swapped SIMs, now all is good. The culprit appears to be (upon examination) that AT&T has some old-prefix SIMs still in the pipeline at various dealers (including these guys) that don't provision properly with their voicemail system.  Of course AT&T should have been able to determine this instantly when I talked to their tech people since they know what SIM is on the account, but..... they either didn't look or didn't know.

View this entry with comments (registration required to post)

Running Quicktime for media file types on Windows?  You probably are, if you're not on Windows 7 or before.

Why?  Because it supports Apple's favored media types.

If you're on Windows you had damn well better remove that software right now.

The Windows app hasn't received an update since January, and security researchers from Trend Micro said it won't receive any security fixes in the future. In a blog post published Thursday, the researchers went on to say they know of at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.

"We’re not aware of any active attacks against these vulnerabilities currently," they wrote. "But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it."

Windows 8 and 10 have not supported it, nor has it been necessary.  But for Windows 7 users, of which there are still a lot, it's on damn near everyone's computer.

If it's on yours remove it now.

View this entry with comments (registration required to post)

This is a serious question, for serious people, in a serious time.

In fact, the most-serious of times.  Dianne Feinswine and Richard Burr are circulating a "discussion draft" bill that would make unlawful the sale or distribution of software or devices that contain encryption without the means to break it in the event a court order is issued.

The offending clause is right here:

Subsection (a) says you have to help if ordered by the court.

The above section says that you cannot distribute anything which cannot comply.

View this entry with comments (registration required to post)

Main Navigation
MUST-READ Selection:
Dawn In America?

Full-Text Search & Archives
Archive Access
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.