Posts Tagged ‘blackBerry’

« Older Entries

BlackBerry 10 OS will have multi-layered security model

May 9th, 2012
Share

RIM’s upcoming BlackBerry 10 operating system is intended to be as secure, if not more so, than the OS running on RIM’s current crop of BlackBerry devices. Mobile security could become a major selling point for the new platform, for enterprises, carriers and end users alike.

Essentially, RIM is blending security elements from its BlackBerry heritage with the security architecture of the new OS, which is based on the QNX Neutrino real-time operating system, acquired when RIM bought QNX Software Systems in 2010. While RIM has not revealed BlackBerry 10 security in detail, Scott Totzke, RIM’s senior vice president, BlackBerry security, talked about the topic generally during a briefing at last week’s BlackBerry World conference.

BACKGROUND: RIM CEO vows to wow with BlackBerry 10

“Security is becoming more complex for consumers than for the enterprise,” Totzke says. The enterprise typically has a security infrastructure in place, often with dedicated security staff. The BlackBerry Enterprise Server lets administrators set hundreds of device and data policies for the BlackBerry phones, and forges an encrypted link for the devices through RIM’s Network Operations Center. “The industry has been promising mobile commerce [to consumers] for years: the idea of using your phone as your wallet. But if that happens, it better be secure,” he says. “If the user can’t trust the [mobile] platform, it’s a tough sell.”

BB10 security will have multiple integrated layers, with the tight, cooperating relationship between hardware and software that’s been a BlackBerry hallmark. For mobile users, there will be a permissions-based security model for apps, in plain, understandable English, coupled with a various OS-level security and safety features borrowed from QNX’s experience in the embedded systems market.

At the OS level, QNX has offered a hardened variant of its OS called Neutrino RTOS Secure Kernel for several years. The secure kernel has been certified under the Common Criteria ISO/IEC 15408 Evaluation Assurance Level (EAL) 4+. The Common Criteria is intended to show that a computer security product has been specified, implemented and evaluated in a standard and thorough way. QNX says Neutrino was the first full-featured RTOS certified under this standard.

(In December 2011, QNX announced that Neutrino has also been received a safety certification, under the IEC 61508 standard for Safety Integrity Level 3 (SIL 3). Strictly speaking, this isn’t a security certification, but one intended to reduce the rate of “dangerous failures” to a system.)

But RIM doesn’t appear to be using the Secure Kernel variant. Rather, after RIM acquired QNX, the device maker’s security architects began working closely with the QNX software engineers, according to Totzke. The works seems to be focused on how to exploit the microkernel’s strengths while adding new security features.

This combined group has been focusing on a range of protections, such as:

Blocking root access, which enables a user or hacker to gain administrative access to the OS.
Memory randomization, which in effect “scrambles” where in memory routines may run, making it harder for these to be leveraged by attackers.
Adding security management, including auditing, to the kernel.
It’s a work in progress. Code to jailbreak or root the QNX-based PlayBook OS (so you can load apps apart from BlackBerry App World) is available from DingleBerry.it, specifically Version 3.3, which was a big step up in simplicity and ease of use. A 4.0 version is in development. The PlayBooks will eventually run BlackBerry 10, so if blocking root access is a priority for RIM, then they may be harder to jailbreak with the release of the new OS.

One advance to protect data is already present in the PlayBook OS and will be a key part of BlackBerry 10, according to Totzke. BlackBerry Balance creates separate and secure work and personal “perimeters” at the data level. Corporate apps and data are encrypted in the work perimeter, and can’t be transferred or copied to the personal perimeter. (Encryption for personal data will be available in the next release of the PlayBook OS, he says.)

“But I [as the end user] don’t have to think about this separation,” says Totzke. “There’s a unified presentation to the data [in the user interface], but under the covers, the system separates the data.” There is only one email system and UI, for example, on the device, but work and personal emails are kept separate by the underlying system.

Neutrino’s microkernel architecture keeps an essential set of services in the core, but drivers, applications, protocol stacks, and the file system run outside the microkernel, effectively sandboxed in what’s called memory-protected user space. This means that almost any of these external components can fail and be replaced and restarted without affecting other components or the kernel itself, according to QNX. Presumably malware designed to compromise the kernel likewise will be isolated in these protected spaces.

Another layer of protection lies in QNX Neutrino conforming to the POSIX standard, which specifies an API, and some shells and interfaces, for software compatibility between POSIX-compliant operating systems. “A POSIX API prevents the use of proprietary interfaces with the potential for insecure behavior and misunderstood results,” among other benefits, according to the QNX website. The RTOS was designed from the outset for POSIX support, an approach that eliminates the need for adding a “complex POSIX adaptation layer” that some rivals RTOSs require. The result is faster performance and lower memory requirements for applications, according to QNX.

Much of this security infrastructure will be invisible to end users. But if mobile payment technologies actually find some traction, security or at least the need for it may become more pressing for end users. RIM been an enthusiastic adopter of near-field communications (NFC) in its BlackBerry smartphones, to support using them for “contactless” mobile payments. U.K.-based The Inquirer reported this week that RIM says it accounted for 80% of NFC phones shipped to U.K. retailers in the first quarter.

“I think that’s where people want to go,” says Totzke. “I sometimes forget my wallet, but I never forget my phone.”

“Security has to become a little more in the forefront for consumers and a lot more in the forefront for device makers and app developers,” he adds.

Source:http://www.computerworld.com.au/article/424018/blackberry_10_os_will_multi-layered_security_model/

Comments Off »

Posted in Hardware News

Tags:

Mobile Application Testing – 01 Synergy

April 4th, 2012
Share

01 Synergy offers a complete and comprehensive range of Mobile Application testing servicesfrom Unit Testing to User Acceptance Testing. Complexities across handset makers, carriers, locations and operating systems has made building bug-free mobile apps really difficult.

Our areas of expertise include:

  • Requirements Capture and Analysis
  • Test Planning
  • Test case Design
  • Test Execution
  • Defect Tracking & Management
  • Reporting
  • Test Metrics

01 Synergy offers a wide range of Mobile Application testing services, including:

  • Functional Testing
  • Security Testing
  • Load & Performance Testing
  • Localization Testing
  • Usability Testing

Our QA professionals can help you with all your Mobile App testing projects,  including:

  • iOS Application Testing (iPhone, iPad, iPod Touch)
  • Android Application Testing
  • BlackBerry Application Testing
  • Windows Phone 7 Application Testing

01 Synergy is here to help, if you have a need to discuss Mobile application testing, agile testing, do count on us to help. Visit us online at www.01sqa.com or send us a mail here: mobile.testing@01synergy.com

Comments Off »

Posted in Hardware News

Tags:

Is the Blackberry Playbook Fire Sale Beginning?

January 4th, 2012
Share

Of the biggest tech stories in 2011 it was difficult to beat the news of the HP TouchPad fire sale where silly prices resulted in queues outside stores and websites crashing around the world. I was lucky enough to get a 32Gb TouchPad myself for a price so low I can barely remember paying for it at all.

Now after much speculation the prices of RIM’s Playbook 7 inch tablet are also beginning to crash with the 16Gb, 32Gb and 64Gb versions all for sale on the RIM website in the US for an equal $299. It’s not clear why all models have been pitched at the same price but this presents a $400 discount on the most expensive model and is almost 50% off the cheapest.

I have spoken to several people who were either given or bought themselves a Playbook for Christmas simply because of the price, and all of them told me the same story as was heard when the TouchPad fire sale was on. This being that the tablet is an excellent device for both home and work but that the price was simply too high before.

This is where Android tablets have a slight advantage, with the core operating system being free, but it’s a common trend because a tablet is seen much more as a consumer electronics device than a computer and, thus, people simply don’t want to spend PC money on something that will only be for light usage. This makes complete sense when compared to the pricing of other “dedicated” devices such as the Xbox 360 and Nintendo Wii.

So what does this mean for the tablet market going forward, and what might it mean for Windows 8 where Microsoft will levy a charge for the core OS on each tablet sold. Clearly consumers are speaking loudly with their wallets and saying that, overall, tablets are far too expensive. There’s still a good market for tablets but at $400 each they’re too expensive for most. While many people are anticipating Windows 8 tablets it’s very likely that overall sales will be sluggish, pushed downwards by tight profit margins and the high cost of hardware. Apple too could see sales figures drop and the iPad become a high-end product, unless they choose to release a 7 inch version sometime soon that is.

It’s also a pity that two really great tablet operating systems now look set to be lost forever as the TouchPad and Playbook disappear. Both operating systems, and some of the associated hardware such as the Playbook’s touch-sensitive bezel, were highly innovative. Having lived through the all-exciting home-computing revolution of the 1980′s I can say that it was inevitable that the number of tablet operating systems on the market would dwindle, but competition breeds innovation and, as such, it’s always sad to see something go.

If you’re in the market for a tablet then it might be a good time to buy a Playbook. In the UK the 16Gb and 32Gb versions can currently be bought from the Carphone Warehouse for just £169 and £199 respectively and it’s entirely possible that these prices might fall further and extend to other suppliers. Keep an eye on these prices because if the TouchPad fire sale taught us anything, it’s that the final few days could come and go very quickly indeed, and once they’re gone… they’re gone.

Source:http://www.ghacks.net/2012/01/03/is-the-blackberry-playbook-fire-sale-beginning/

Comments Off »

Posted in Hardware News

Tags:

Hackers jailbreak BlackBerry PlayBook

December 2nd, 2011
Share

Three hackers say they have exploited a vulnerability in Research In Motion’s PlayBook tablet to gain root access to the device, a claim that could damage the BlackBerry maker’s hard-won reputation for security.

Root access means a user has permission to alter any file or program on a device and can control hardware functions.

In a response to queries, RIM said it is investigating the claim, and if a ” jailbreak” is confirmed will release a patch to plug the hole.

The three hackers – who identify themselves as xpvqs, neuralic and Chris Wade – plan to release their data within a week as a tool called DingleBerry.

Apple’s iOS and Google’s Android operating systems are frequently attacked by users who want to run programs that have not been authorized by the manufacturers, but breaches of RIM’s software are more rare.

The PlayBook runs on a different operating system than RIM’s current BlackBerry smartphones. However, the QNX system will be incorporated into its smartphones starting next year.

The PlayBook in July became the first tablet device to win a security certification approving it for US government use.

In a video posted on YouTube, Wade shows the DingleBerry tool allowing the PlayBook to access the Internet video service Hulu, which is not currently available on RIM’s tablet.

Hulu, a service from Comcast’s NBC Universal, News Corp’s Fox and Walt Disney Co’s ABC, blocks all mobile browsers by default and has yet to offer an app for the PlayBook.

A second video showed neuralic typing commands into a computer to turn the PlayBook’s LED indicators on and off.

A source told Reuters that RIM had previously closed a PlayBook vulnerability that allowed a pre-loaded racing game to force a user to watch an introductory video.

Source:http://timesofindia.indiatimes.com/tech/news/hardware/Hackers-jailbreak-BlackBerry-PlayBook/articleshow/10940692.cms

Comments Off »

Posted in Hardware News

Tags:

Security flaws in BlackBerry PlayBook, research reveals

August 16th, 2011
Share

Research just released by the NCC Group’s NGS Secure penetration testing operation, claims that there are a number of security flaws in the BlackBerry PlayBook, the tablet computer companion to the BlackBerry range of smartphones.

As reported previously by Infosecurity, the PlayBook is a seven inch tablet computer that relies on a user’s BlackBerry smartphone for email and connectivity. According to NGS Secure’s independent research, however, it advises potential users to exercise caution when thinking of adopting the tablet computer.

The issues identified in the report include unintended access to the file system, security flaws in relation to a third party web server and also a flaw in the device’s HDMI video interface. In addition, the report says, the biggest unknown is the fact that many key applications for the tablet have yet to be released.

Andy Davis, research director at NGS Secure, said that, in his opinion – and judging from the results of his team’s research – there are a number of technologies that he is sure that Research in Motion would have liked to include in this version of the PlayBook, but were not ready in time for the release date of the tablet computer earlier this year.

“The decision to release the device with some of this functionality missing is likely to have been made due to the speed of its competitors in getting rival tablets to market, for example Apple had already released the iPad 2 before the PlayBook was finally made available”, he said.

“This has meant however that, if businesses are to take IT security as seriously as they should be, it is difficult for them to decide whether this technology is mature enough yet to be adopted in the Enterprise. Our advice to any business looking at tablet technology, or indeed any new technologies, is not to rush into implementing them until all aspects have been proven”, he added.

NCC Group’s report concludes that Research in Motion has built a robust system on top of the existing QNX microkernel and have have restricted file plus user permissions at the operating system level, so leaving a reduced attack surface.

“If past performance is any indication of future developments, some of the more user-friendly components included in the PlayBook such as the Flash and Air runtimes – or the WebKit browser – are most likely to be a source of security issues and system updates for PlayBook users”, the report notes.

“Organisations planning on introducing the PlayBook into their IT infrastructure should possibly consider waiting until further work has been published by the security community”, it adds.

The report rounds off by saying that many new technologies are being introduced to the device in the wake of its launch, such as payment services and hardware device drivers.

This means, says the analysis, that it many be worth waiting until the operating system and core technologies stabilise – and the risks they introduce are better understood – before embracing the tablet within the enterprise.

Source:http://www.infosecurity-magazine.com/view/20104/security-flaws-in-blackberry-playbook-research-reveals-/

Comments Off »

Posted in Hardware News

Tags:

BlackBerry PlayBook reviews praise hardware but blast app shortage

April 14th, 2011
Share

The BlackBerry PlayBook tablet is about to go on sale in the US, and the first wave of reviews have been published online, commending RIM’s new device for its strong hardware design and performance, but pinpointing software issues and a lack of apps as weaknesses.

We’ve been reading through the various tests, including those from the New York Times, Wired, TechCrunch, Boy Genius Report and — of course — our Yankee counterparts at CNET.com. So what are they saying?
Hardware

Wired’s Mike Isaac gives the consensus view, calling the 7-inch PlayBook “a good-looking piece of hardware” with bags of “business chic”. The rubbery backing is praised by most reviewers for feeling rugged, although TechCrunch’s MG Siegler thinks it “does make the device feel slightly cheaper than the iPad — more plasticky”.

The NYT’s David Pogue is more mixed in his views though, saying, “the PlayBook looks and feels great: hard rubberised back, brilliant, super-responsive multi-touch screen, solid heft”, but claiming it’s “about half an inch too wide” to be slipped into a jacket breast pocket.

Nobody is keen on the PlayBook’s power button though, which sits on the top edge of the device and is — in the words of CNET.com’s Donald Bell — “so small and recessed that you’ll need to whittle down your fingertip to use it”. Ouch. The HDMI-out feature and audio are warmly received, though.

Software
The QNX-based OS that powers the PlayBook has received a mixed reaction, even if, as Pogue points out, it clearly borrows some of its key UI elements from both webOS and iOS. TechCrunch reckons the OS is “well done”, with plenty of attention to detail and a logical navigation system. It also praises the way multi-tasking works on the PlayBook.

Boy Genius Report takes a different approach, however, suggesting that the software could be the PlayBook’s Achilles heel. “For all the advancements RIM has made in the OS department, the PlayBook’s software feels rushed in almost every way possible. From inconsistencies with the UI and design to random bugs and annoyances, the software on the PlayBook shows one of RIM’s biggest weaknesses: its lack of ability to execute.”

The PlayBook’s browser comes in for strong criticism too, while reviewers are none too keen on the lack of native email, contacts and calendar apps. The BlackBerry Bridge software that pairs the PlayBook with a BlackBerry smart phone is praised, though.

Apps
And apps? It looks as though RIM has missed a trick by only making a few PlayBook apps available at the time these reviewers were using the tablet — despite its claim that more than 3,000 have been submitted for approval.
CNET.com says the selection is “meagre”, Wired calls it “paltry”, and TechCrunch tears into the “complete and utter lack of native applications”. All refer to RIM’s 3,000 submissions claim, so the key now will be to see how many of those are approved and launched in time for the device’s on-sale date next week.

In conclusion? We’re sensing that if RIM co-CEO Mike Lazaridis doesn’t like questions about his company’s privacy policies, he may find more reasons to get the hump with the initial crop of reviews, with the sharpest criticisms coming down to that idea of execution. Or as Pogue witheringly puts it: “In its current half-baked form, it seems almost silly to try to assess it, let alone buy it.”

Source:http://crave.cnet.co.uk/laptops/blackberry-playbook-reviews-praise-hardware-but-blast-app-shortage-50003514/

Comments Off »

Posted in Hardware News

Tags:

Video: 01Synergy your Mobile phone application development partner

April 12th, 2011
Share

01 Synergy – your Mobile phone application development partner

Comments Off »

Posted in Hardware News

Tags:

Get Adobe Flash playerPlugin by wpburn.com wordpress themes