STO STRATEGY, profile picture
Uploaded bySTO STRATEGY
PDF, PPTX421 views

(Pdf) yury chemerkin _ath_con_2013

The document discusses differences in how integration features affect the security sandbox on BlackBerry devices. It notes that BlackBerry evaluates every application request to access device capabilities. However, malware boundaries can become unclear as BlackBerry handles technologies like native apps, third-party apps like Android and iOS, each with different controls through sandboxes, permissions, and device/MDM security features. Compliance standards also bring useless recommendations that are less extensive than mobile device management (MDM) features. The document outlines the various capabilities controlled on BlackBerry, Android, and iOS platforms and notes issues like useless solutions, GUI exploitation on older BlackBerry devices, and conclusions regarding oversimplified security controls through general permissions rather than concrete permissions.

Technology
Related topics:
Yury Chemerkin

Embed presentation

Download as PDF, PPTX
THE SANDBOX DIFFERENCES OR HOW AN INTEGRATION FEATURES AFFECT THE SANDBOX INDEPENDENT SECURITY RESEARCHER / PhD. YURY CHEMERKIN AthCon‘2013
[ Yury Chemerkin ] www.linkedin.com/in/yurychemerkin http://sto-strategy.com  Experienced in :  Reverse Engineering & AV  Software Programming & Documentation  Mobile Security and MDM  Cyber Security & Cloud Security  Compliance & Transparency  and Security Writing  Hakin9 Magazine, PenTest Magazine, eForensics Magazine,  Groteck Business Media  Participation at conferences  InfoSecurityRussia, NullCon, CONFidence, PHDays  CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec  ICITST, CyberTimes, ITA, I-Society yury.chemerkin@gmail.com
BLACKBERRY SECURITY ENVIRONMENT BLACKBERRY EVALUATESEVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A CAPABILITY BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND ANDROID DEVICES. UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMORY AND STORAGE ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE PROTECTION OF APPLICATION DATA USING SANDBOXING MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND APIs
KNOWN ISSUES MALWARE BOUNDSBECOME UNCLEAR…  BLACKBERRY HANDLES SEVERAL TECHNOLOGIES  NATIVE  BLACKBERRY 10, BLACKBERY PLAYBOOK  OLD BLACKBERRY DEVICES  THIRD PARTY  ADOBE AIR FOR NEW BB DEVICES  ANDROID APPLICATIONS & DEVICES  IOS DEVICES  EVERY CONTROLLED LIMITED BY    SANDBOX PERMISSIONS SECURITY FEATURES ON DEVICEs & MDMs COMPLIANCE BRINGS USELESS RECOMMENDATIONS  USER-MODE MALWARE    SPYWARE ROOTKITS EXPLOTS & ATTACKS  REVERSING NETWORK LAYER  PARTIALLY RECOVERING DATA VS. SANBOX  MDM vs. COMPLIANCE    A FEW RECOMMENDATIONS SET IS LESSER THAN SET OF MDM FEATURES YOUNG STANDARDS  FIRST REVISIONS  DRAFT REVISIONS
BLACKBERRY CAPABILITES - ANDROID CONTROLLEDFOUR GROUPSONLY by BlackBerry  CAMERA AND VIDEO  HIDE THE DEFAULT CAMERA APPLICATION  PASSWORD  DEFINE PASSWORD PROPERTIES  REQUIRE LETTERS (incl. case)  REQUIRE NUMBERS  REQUIRE SPECIAL CHARACTERS  DELETE DATA AND APPLICATIONS FROM THE DEVICE AFTER  INCORRECT PASSWORD ATTEMPTS  DEVICE PASSWORD  ENABLE AUTO-LOCK CONTROLLED 74 OUT 200 APIs ONLY by Android     LIMIT PASSWORD AGE LIMIT PASSWORD HISTORY RESTRICT PASSWORD LENGTH MINIMUM LENGTH FOR THE DEVICE PASSWORD THAT IS ALLOWED  ENCRYPTION  APPLY ENCRYPTION RULES  ENCRYPT INTERNAL DEVICE STORAGE  TOUCHDOWN SUPPORT  MICROSOFT EXCHANGE SYNCHRONIZATION  EMAIL PROFILES  ACTIVESYNC
BLACKBERRY CAPABILITES - iOS CONTROLLED16 GROUPS ONLY by BlackBerry   BROWSER   that‘s QUITE SIMLIAR to APPLE MDM SOLUTIONS DEFAULT APP, AUTOFILL, COOKIES, JAVASCRIPT, POPUPS MESSAGING (DEFAULT APP)   BACKUP / DOCUMENT PICTURE / SHARING ONLINE STORE  CAMERA, VIDEO, VIDEO CONF  CERTIFICATES (UNTRUSTED CERTs)  MESSAGING (DEFAULT APP)  CLOUD SERVICES  PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)  PHONE AND MESSAGING (VOICE DIALING)  CONNECTIVITY      OUTPUT, SCREEN CAPTURE, DEFAULT APP BACKUP / DOCUMENT / PICTURE / SHARING ONLINE STORES , PURCHASES, PASSWORD DEFAULT STORE / BOOK / MUSIC APP  PROFILE & CERTs (INTERACTIVE INSTALLATION) NETWORK, WIRELESS, ROAMING DATA, VOICE WHEN ROAMING  SOCIAL (DEFAULT APP) CONTENT (incl. EXPLICIT) RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS    CONTENT      DIAGNOSTICS AND USAGE (SUBMISSION LOGS) STORAGE AND BACKUP   SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS DEVICE BACKUP AND ENCRYPTION VOICE ASSISTANT (DEFAULT APP)
BLACKBERRY CAPABILITES – BLACKBERRY (QNX) CONTROLLED7 GROUPS ONLY by BlackBerry  that‘s NOT ENOUGH TO MANAGE ALL APIs     GENERAL   MOBILE HOTSPOT AND TETHERING PLANS APP, APPWORLD  PASSWORD (THE SAME WITH ANDROID, iOS)  BES MANAGEMENT (SMARTPHONES, TABLETS)  SOFTWARE      OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK SECURITY       CERTIFICATES & CIPHERS & S/MIME HASH & ENCRYPTION ALGS AND KEY PARAMS TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC WI-FI PROFILES    WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE VOICE CONTROL & DICTATION IN WORK & USER APPS BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE PC ACCESS TO WORK & PERSONAL SPACE (USB, BT) PERSONAL SPACE DATA ENCRYPTION EMAIL PROFILES     NETWORK ACCESS CONTROL FOR WORK APPS PERSONAL APPS ACCESS TO WORK CONTACTS SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS PROXY PASSWORD/PORT/SERVER/SUBNET MASK VPN PROFILES    PROXY, SCEP, AUTH PROFILE PARAMS TOKENS, IKE, IPSEC OTHER PARAMS PROXY PORTS, USERNAME, OTHER PARAMS
BLACKBERRY CAPABILITES – BLACKBERRY (OLD) INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MDM AND DEVICE     THERE 55 GROUPS CONTROLLED IN ALL EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED & HIDE/UNHIDE’ EACH EVENT IS  CONTROLLED BY CERTAIN PERMISSION  ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE  DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS  EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF  ‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY  SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)  SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF THAT PLUGIN
ISSUES : USELESS SOLUTIONS - I USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: MERGING PERMISSION UNITS AND GROUPS  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATEST BB)  QNX-BB: SCREEN CAPTURE  IS ALLOWED VIA HARDWARE BUTTONS ONLY  NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES  LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS  OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED  ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION  QNX-BB: OFFICIALLY ANNOUNCED SANBOX  MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECURITY  SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDERS
ISSUES : USELESS SOLUTIONS - II USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME  HAS ENCRYPTED COMMUNICATION SESSIONS  STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)  INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)  UPGRADE FEATURE AFFECT EVERYTHING   UPDATE APP THAT CALLS THIS API – USE GENERAL API REMOVE APP THAT CALLS THIS APPS – USE GENERAL API  REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION  HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE  OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)   REVEAL THE DATA IN REAL TIME BY ONE API CALL NATIVE WALLETS PROTECTS BY RETURNING NJULL  WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS  EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
ISSUES : USELESS SOLUTIONS – III THE GUI EXPLOITATION (OLD BB) –NATIVE APPs  INITIALLY BASED ON AUTHORIZED API COVERED   ALL PHYSICAL & NAVIGATION BUTTONS  TYPING TEXTUAL DATA, AFFECT ALL APPs SECONDARY BASED ON ADDING THE MENU ITEMS   INTO THE GLOBAL / “SEND VIA” MENU  AFFECT ALL NATIVE APPLICATIONS NATIVE APPs ARE DEVELOPED BY BLACKBERRY   WALLETS, SOCIAL, SETTINGS, IMs,… GUI EXPLOITATION      REDRAWING THE SCREENS GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD FIELD) ADDING, REMOVING THE FIELD DATA ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED ADDING GUI OBJECTS BUT NOT SHUFFLING 3RD PARTY SECURE SOLITUINS RUIN THE SECURITY  KASPERSKY MOBILE SECURITY PROVIDES    FIREWALL, WIPE, BLOCK, INFO FEATURES NO PROTECTION FROM REMOVING.CODs & UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  JUST SHOULD CHECK API “IS SIMULATOR” ONLY SMS MANAGEMENT VIA “QUITE” SECRET SMS  PASSWORD IS 4–16 DIGITS,AND MODIFIED IN REAL-TIME  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT  TABLES (VALUEHASH) ARE EASY BUILT  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY NOTIFICATION, BECAUSE KMS DELETE THE SENT MESSAGES  OUTCOMING SMS BLOCK/WIPE THE SAME/ANOTHERDEVICE
CONCLUSION - I PRIVILEGEDGENERAL PERMISSIONS OWN APPs, NATIVE & 3RD PARTY APPs FEATURES  DENIAL OF SERVICE  GENERAL PERMISSIONS  REPLACING/REMOVING EXEC FILES  DOS’ing EVENTs, NOISING FIELDS  GUI INTERCEPT  INFORMATION DISCLOSURE  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs  CONCRETE PERMISSIONS  CLIPBOARD, SCREEN CAPTURE  GUI INTERCEPT  DUMPING .COD FILES, SHARED FILES  MITM (INTERCEPTION / SPOOFING)    MESSAGES GUI INTERCEPT, THIRD PARTY APPs FAKE WINDOW/CLICKJACKING   BUT COMBINED INTO GENERAL PERMISSION A SCREENSHOT PERMISSION IS PART OF THE CAMERA  GENERAL PERMISSIONS    INSTEAD OF SPECIFIC SUB-PERMISSIONS A FEW NOTIFICATION/EVENT LOGs FOR USER BUILT PER APPLICATION INSTEAD OF APP SCREENs
CONCLUSION - II THE VENDOR SECURITY VISION              HAS NOTHING WITH REALITY AGGRAVATEDBY SIMPLICITY SIMPLIFICATION AND REDUCING SECURITY CONTROLS MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS THE SANDBOX PROTECT ONLY APPLICATION DATA USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY THE NATIVE SPOOFING AND INTERCEPTION FEATURES BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
Q&A

More Related Content

PDF
SecuSUITE for Enterprise Brochure
byBlackBerry
 
PDF
(Pdf) yury chemerkin _confidence_2013
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin _null_con_2013
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin _icitst_2012
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin hackfest.ca_2013
bySTO STRATEGY
 
PDF
(Pptx) yury chemerkin hacker_halted_2013
bySTO STRATEGY
 
PDF
Shmoocon 2010 - The Monkey Steals the Berries
byTyler Shields
 
PDF
(Pdf) yury chemerkin intelligence_sec_2013
bySTO STRATEGY
 
SecuSUITE for Enterprise Brochure
byBlackBerry
 
(Pdf) yury chemerkin _confidence_2013
bySTO STRATEGY
 
(Pdf) yury chemerkin _null_con_2013
bySTO STRATEGY
 
(Pdf) yury chemerkin _icitst_2012
bySTO STRATEGY
 
(Pdf) yury chemerkin hackfest.ca_2013
bySTO STRATEGY
 
(Pptx) yury chemerkin hacker_halted_2013
bySTO STRATEGY
 
Shmoocon 2010 - The Monkey Steals the Berries
byTyler Shields
 
(Pdf) yury chemerkin intelligence_sec_2013
bySTO STRATEGY
 

What's hot

PPTX
Web and Mobile Application Security
byPrateek Jain
 
PPTX
Mobile application security
byShubhneet Goel
 
PPTX
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
byIBM Security
 
PDF
Securing Mobile Apps - Appfest Version
bySubho Halder
 
PDF
Via forensics appsecusa-nov-2013
bydrewz lin
 
PDF
Security testing in mobile applications
byJose Manuel Ortega Candel
 
PDF
Android Security Development
byhackstuff
 
PDF
Unicom Conference - Mobile Application Security
bySubho Halder
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
PDF
Designing A Market-Ready Digital Key Solution
byBamboo Apps
 
PDF
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
bySubho Halder
 
PPTX
ANDROID SECURITY
byyogeshraut090
 
PDF
afam_portfolio
byOkonkwo Afam
 
PPSX
West Chester Tech Blog - Training Class - Session 10
byWilliam Mann
 
PPT
How BYOD Will Shape Wireless Network Security in 2012
byhemantchaskar
 
PDF
Llevando la autenticación de sus clientes a un siguiente nivel
byCristian Garcia G.
 
PDF
How apple can read your i messages
byArtem I. Baranov
 
PDF
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
byIdexcel Technologies
 
PDF
IoT to Human interactions - Stève Sfartz - Codemotion Milan 2016
byCodemotion
 
PPTX
TECHNOLOGY: ADVANTAGES AND DISADVANTAGES
byEloisamay
 
Web and Mobile Application Security
byPrateek Jain
 
Mobile application security
byShubhneet Goel
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
byIBM Security
 
Securing Mobile Apps - Appfest Version
bySubho Halder
 
Via forensics appsecusa-nov-2013
bydrewz lin
 
Security testing in mobile applications
byJose Manuel Ortega Candel
 
Android Security Development
byhackstuff
 
Unicom Conference - Mobile Application Security
bySubho Halder
 
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
Designing A Market-Ready Digital Key Solution
byBamboo Apps
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
bySubho Halder
 
ANDROID SECURITY
byyogeshraut090
 
afam_portfolio
byOkonkwo Afam
 
West Chester Tech Blog - Training Class - Session 10
byWilliam Mann
 
How BYOD Will Shape Wireless Network Security in 2012
byhemantchaskar
 
Llevando la autenticación de sus clientes a un siguiente nivel
byCristian Garcia G.
 
How apple can read your i messages
byArtem I. Baranov
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
byIdexcel Technologies
 
IoT to Human interactions - Stève Sfartz - Codemotion Milan 2016
byCodemotion
 
TECHNOLOGY: ADVANTAGES AND DISADVANTAGES
byEloisamay
 

Viewers also liked

PDF
SoloTaxi
bySoloten
 
PPT
H3 de grieken
bymhidema
 
PPTX
Conventions of thriller genre
bygmisso33
 
PDF
Digital Accessibility: Tips From the Met App Case Study @ MCN 2015
byLiz Filardi
 
PDF
My Flippts
bySoloten
 
PDF
Solo Good Bye Money
bySoloten
 
DOCX
NU Research Report #1
byDrew West
 
PPTX
Audience profiling
bygmisso33
 
PPT
Uzkrajosa apdros fizpers.01.10.2013
byAnda Biezā
 
PDF
The black saturday disaster by jasi
byjlayt009
 
PPTX
Flowers..............
by7Nitin7
 
PDF
Презентация игрового приложения для инвесторов
bySoloten
 
PPS
11 M - Atentado Terrorista
byJosé de María Pinto Pinto
 
SoloTaxi
bySoloten
 
H3 de grieken
bymhidema
 
Conventions of thriller genre
bygmisso33
 
Digital Accessibility: Tips From the Met App Case Study @ MCN 2015
byLiz Filardi
 
My Flippts
bySoloten
 
Solo Good Bye Money
bySoloten
 
NU Research Report #1
byDrew West
 
Audience profiling
bygmisso33
 
Uzkrajosa apdros fizpers.01.10.2013
byAnda Biezā
 
The black saturday disaster by jasi
byjlayt009
 
Flowers..............
by7Nitin7
 
Презентация игрового приложения для инвесторов
bySoloten
 
11 M - Atentado Terrorista
byJosé de María Pinto Pinto
 

Similar to (Pdf) yury chemerkin _ath_con_2013

PDF
YURY_CHEMERKIN__AthCon_2013._Conference.pdf
byYury Chemerkin
 
PPTX
Blackberry ppt
bySatish Kumar
 
PPTX
black berry
bysireeshabyreddy9
 
PPTX
Presentation on Blackberry
bySeemanaz27
 
PPTX
BlackBerry Secure Workspace for Android - Getting down to Business!
byDennis Reumer
 
PDF
YURY_CHEMERKIN__CONFidence_2013_Conference.pdf
byYury Chemerkin
 
PDF
YURY_CHEMERKIN__NullCon_2013_Conference.pdf
byYury Chemerkin
 
PDF
YURY_CHEMERKIN__ICITST_2012_Conference.pdf
byYury Chemerkin
 
PDF
(Pdf) yury chemerkin hacktivity_2013
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin balccon_2013
bySTO STRATEGY
 
PDF
YURY_CHEMERKIN_BalCCON_2013_Conference.pdf
byYury Chemerkin
 
PDF
YURY_CHEMERKIN_Hackfest.ca_2013_Conference.pdf
byYury Chemerkin
 
PDF
YURY_CHEMERKIN_HackerHalted_2013_Conference.pdf
byYury Chemerkin
 
PDF
YURY_CHEMERKIN_Hacktivity_2013_Confrence.pdf
byYury Chemerkin
 
PDF
YURY_CHEMERKIN_HackMiami_2014_Conference.pdf
byYury Chemerkin
 
PDF
6.3. How to get out of an inprivacy jail
bydefconmoscow
 
PDF
Mobile_Security_Challenges_On_Compliance.pdf
byYury Chemerkin
 
PPTX
Your App is been deployed behind the Firewall! Now What?
byDennis Reumer
 
PDF
YURY_CHEMERKIN__ICITST-2012_Proceedings.pdf
byYury Chemerkin
 
PDF
Enterprise Apps Development 101
byKareem ElSayyed
 
YURY_CHEMERKIN__AthCon_2013._Conference.pdf
byYury Chemerkin
 
Blackberry ppt
bySatish Kumar
 
black berry
bysireeshabyreddy9
 
Presentation on Blackberry
bySeemanaz27
 
BlackBerry Secure Workspace for Android - Getting down to Business!
byDennis Reumer
 
YURY_CHEMERKIN__CONFidence_2013_Conference.pdf
byYury Chemerkin
 
YURY_CHEMERKIN__NullCon_2013_Conference.pdf
byYury Chemerkin
 
YURY_CHEMERKIN__ICITST_2012_Conference.pdf
byYury Chemerkin
 
(Pdf) yury chemerkin hacktivity_2013
bySTO STRATEGY
 
(Pdf) yury chemerkin balccon_2013
bySTO STRATEGY
 
YURY_CHEMERKIN_BalCCON_2013_Conference.pdf
byYury Chemerkin
 
YURY_CHEMERKIN_Hackfest.ca_2013_Conference.pdf
byYury Chemerkin
 
YURY_CHEMERKIN_HackerHalted_2013_Conference.pdf
byYury Chemerkin
 
YURY_CHEMERKIN_Hacktivity_2013_Confrence.pdf
byYury Chemerkin
 
YURY_CHEMERKIN_HackMiami_2014_Conference.pdf
byYury Chemerkin
 
6.3. How to get out of an inprivacy jail
bydefconmoscow
 
Mobile_Security_Challenges_On_Compliance.pdf
byYury Chemerkin
 
Your App is been deployed behind the Firewall! Now What?
byDennis Reumer
 
YURY_CHEMERKIN__ICITST-2012_Proceedings.pdf
byYury Chemerkin
 
Enterprise Apps Development 101
byKareem ElSayyed
 

More from STO STRATEGY

PDF
(Pdf) yury chemerkin ita_2013
bySTO STRATEGY
 
PDF
Blackberry playbook – new challenges
bySTO STRATEGY
 
PDF
Comparison of android and black berry forensic techniques
bySTO STRATEGY
 
PDF
Social network privacy.
bySTO STRATEGY
 
PDF
Yury chemerkin _cyber_crime_forum_2012
bySTO STRATEGY
 
PDF
When developers api simplify user mode rootkits development – part ii
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin deep_intel_2013
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin _i-society_2013
bySTO STRATEGY
 
PDF
A security system that changed the world
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin def_con_2013
bySTO STRATEGY
 
PDF
State of art of mobile forensics
bySTO STRATEGY
 
PDF
AWS Security Challenges
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin _i-society-2013 proceedings
bySTO STRATEGY
 
PDF
Interview with yury chemerkin
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin _ita_2013 proceedings
bySTO STRATEGY
 
PDF
(Pdf) yury chemerkin info_securityrussia_2011
bySTO STRATEGY
 
PDF
Why is password protection a fallacy a point of view
bySTO STRATEGY
 
PDF
To get round to the heart of fortress
bySTO STRATEGY
 
PDF
Pen test career. how to begin
bySTO STRATEGY
 
PDF
Social network privacy
bySTO STRATEGY
 
(Pdf) yury chemerkin ita_2013
bySTO STRATEGY
 
Blackberry playbook – new challenges
bySTO STRATEGY
 
Comparison of android and black berry forensic techniques
bySTO STRATEGY
 
Social network privacy.
bySTO STRATEGY
 
Yury chemerkin _cyber_crime_forum_2012
bySTO STRATEGY
 
When developers api simplify user mode rootkits development – part ii
bySTO STRATEGY
 
(Pdf) yury chemerkin deep_intel_2013
bySTO STRATEGY
 
(Pdf) yury chemerkin _i-society_2013
bySTO STRATEGY
 
A security system that changed the world
bySTO STRATEGY
 
(Pdf) yury chemerkin def_con_2013
bySTO STRATEGY
 
State of art of mobile forensics
bySTO STRATEGY
 
AWS Security Challenges
bySTO STRATEGY
 
(Pdf) yury chemerkin _i-society-2013 proceedings
bySTO STRATEGY
 
Interview with yury chemerkin
bySTO STRATEGY
 
(Pdf) yury chemerkin _ita_2013 proceedings
bySTO STRATEGY
 
(Pdf) yury chemerkin info_securityrussia_2011
bySTO STRATEGY
 
Why is password protection a fallacy a point of view
bySTO STRATEGY
 
To get round to the heart of fortress
bySTO STRATEGY
 
Pen test career. how to begin
bySTO STRATEGY
 
Social network privacy
bySTO STRATEGY
 

Recently uploaded

PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPTX
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Dell poweredge-customer-presentation.pptx
byhungungphu123
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 

(Pdf) yury chemerkin _ath_con_2013

  • 1.
    THE SANDBOX DIFFERENCESOR HOW AN INTEGRATION FEATURES AFFECT THE SANDBOX INDEPENDENT SECURITY RESEARCHER / PhD. YURY CHEMERKIN AthCon‘2013
  • 2.
    [ Yury Chemerkin] www.linkedin.com/in/yurychemerkin http://sto-strategy.com  Experienced in :  Reverse Engineering & AV  Software Programming & Documentation  Mobile Security and MDM  Cyber Security & Cloud Security  Compliance & Transparency  and Security Writing  Hakin9 Magazine, PenTest Magazine, eForensics Magazine,  Groteck Business Media  Participation at conferences  InfoSecurityRussia, NullCon, CONFidence, PHDays  CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec  ICITST, CyberTimes, ITA, I-Society yury.chemerkin@gmail.com
  • 3.
    BLACKBERRY SECURITY ENVIRONMENT BLACKBERRYEVALUATESEVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A CAPABILITY BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND ANDROID DEVICES. UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMORY AND STORAGE ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE PROTECTION OF APPLICATION DATA USING SANDBOXING MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND APIs
  • 4.
    KNOWN ISSUES MALWARE BOUNDSBECOMEUNCLEAR…  BLACKBERRY HANDLES SEVERAL TECHNOLOGIES  NATIVE  BLACKBERRY 10, BLACKBERY PLAYBOOK  OLD BLACKBERRY DEVICES  THIRD PARTY  ADOBE AIR FOR NEW BB DEVICES  ANDROID APPLICATIONS & DEVICES  IOS DEVICES  EVERY CONTROLLED LIMITED BY    SANDBOX PERMISSIONS SECURITY FEATURES ON DEVICEs & MDMs COMPLIANCE BRINGS USELESS RECOMMENDATIONS  USER-MODE MALWARE    SPYWARE ROOTKITS EXPLOTS & ATTACKS  REVERSING NETWORK LAYER  PARTIALLY RECOVERING DATA VS. SANBOX  MDM vs. COMPLIANCE    A FEW RECOMMENDATIONS SET IS LESSER THAN SET OF MDM FEATURES YOUNG STANDARDS  FIRST REVISIONS  DRAFT REVISIONS
  • 5.
    BLACKBERRY CAPABILITES -ANDROID CONTROLLEDFOUR GROUPSONLY by BlackBerry  CAMERA AND VIDEO  HIDE THE DEFAULT CAMERA APPLICATION  PASSWORD  DEFINE PASSWORD PROPERTIES  REQUIRE LETTERS (incl. case)  REQUIRE NUMBERS  REQUIRE SPECIAL CHARACTERS  DELETE DATA AND APPLICATIONS FROM THE DEVICE AFTER  INCORRECT PASSWORD ATTEMPTS  DEVICE PASSWORD  ENABLE AUTO-LOCK CONTROLLED 74 OUT 200 APIs ONLY by Android     LIMIT PASSWORD AGE LIMIT PASSWORD HISTORY RESTRICT PASSWORD LENGTH MINIMUM LENGTH FOR THE DEVICE PASSWORD THAT IS ALLOWED  ENCRYPTION  APPLY ENCRYPTION RULES  ENCRYPT INTERNAL DEVICE STORAGE  TOUCHDOWN SUPPORT  MICROSOFT EXCHANGE SYNCHRONIZATION  EMAIL PROFILES  ACTIVESYNC
  • 6.
    BLACKBERRY CAPABILITES -iOS CONTROLLED16 GROUPS ONLY by BlackBerry   BROWSER   that‘s QUITE SIMLIAR to APPLE MDM SOLUTIONS DEFAULT APP, AUTOFILL, COOKIES, JAVASCRIPT, POPUPS MESSAGING (DEFAULT APP)   BACKUP / DOCUMENT PICTURE / SHARING ONLINE STORE  CAMERA, VIDEO, VIDEO CONF  CERTIFICATES (UNTRUSTED CERTs)  MESSAGING (DEFAULT APP)  CLOUD SERVICES  PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)  PHONE AND MESSAGING (VOICE DIALING)  CONNECTIVITY      OUTPUT, SCREEN CAPTURE, DEFAULT APP BACKUP / DOCUMENT / PICTURE / SHARING ONLINE STORES , PURCHASES, PASSWORD DEFAULT STORE / BOOK / MUSIC APP  PROFILE & CERTs (INTERACTIVE INSTALLATION) NETWORK, WIRELESS, ROAMING DATA, VOICE WHEN ROAMING  SOCIAL (DEFAULT APP) CONTENT (incl. EXPLICIT) RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS    CONTENT      DIAGNOSTICS AND USAGE (SUBMISSION LOGS) STORAGE AND BACKUP   SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS DEVICE BACKUP AND ENCRYPTION VOICE ASSISTANT (DEFAULT APP)
  • 7.
    BLACKBERRY CAPABILITES –BLACKBERRY (QNX) CONTROLLED7 GROUPS ONLY by BlackBerry  that‘s NOT ENOUGH TO MANAGE ALL APIs     GENERAL   MOBILE HOTSPOT AND TETHERING PLANS APP, APPWORLD  PASSWORD (THE SAME WITH ANDROID, iOS)  BES MANAGEMENT (SMARTPHONES, TABLETS)  SOFTWARE      OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK SECURITY       CERTIFICATES & CIPHERS & S/MIME HASH & ENCRYPTION ALGS AND KEY PARAMS TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC WI-FI PROFILES    WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE VOICE CONTROL & DICTATION IN WORK & USER APPS BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE PC ACCESS TO WORK & PERSONAL SPACE (USB, BT) PERSONAL SPACE DATA ENCRYPTION EMAIL PROFILES     NETWORK ACCESS CONTROL FOR WORK APPS PERSONAL APPS ACCESS TO WORK CONTACTS SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS PROXY PASSWORD/PORT/SERVER/SUBNET MASK VPN PROFILES    PROXY, SCEP, AUTH PROFILE PARAMS TOKENS, IKE, IPSEC OTHER PARAMS PROXY PORTS, USERNAME, OTHER PARAMS
  • 8.
    BLACKBERRY CAPABILITES –BLACKBERRY (OLD) INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MDM AND DEVICE     THERE 55 GROUPS CONTROLLED IN ALL EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED & HIDE/UNHIDE’ EACH EVENT IS  CONTROLLED BY CERTAIN PERMISSION  ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE  DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS  EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF  ‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY  SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)  SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF THAT PLUGIN
  • 9.
    ISSUES : USELESSSOLUTIONS - I USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: MERGING PERMISSION UNITS AND GROUPS  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)  ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATEST BB)  QNX-BB: SCREEN CAPTURE  IS ALLOWED VIA HARDWARE BUTTONS ONLY  NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES  LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS  OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED  ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION  QNX-BB: OFFICIALLY ANNOUNCED SANBOX  MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECURITY  SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDERS
  • 10.
    ISSUES : USELESSSOLUTIONS - II USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE  OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME  HAS ENCRYPTED COMMUNICATION SESSIONS  STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)  INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)  UPGRADE FEATURE AFFECT EVERYTHING   UPDATE APP THAT CALLS THIS API – USE GENERAL API REMOVE APP THAT CALLS THIS APPS – USE GENERAL API  REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION  HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE  OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)   REVEAL THE DATA IN REAL TIME BY ONE API CALL NATIVE WALLETS PROTECTS BY RETURNING NJULL  WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS  EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
  • 12.
    ISSUES : USELESSSOLUTIONS – III THE GUI EXPLOITATION (OLD BB) –NATIVE APPs  INITIALLY BASED ON AUTHORIZED API COVERED   ALL PHYSICAL & NAVIGATION BUTTONS  TYPING TEXTUAL DATA, AFFECT ALL APPs SECONDARY BASED ON ADDING THE MENU ITEMS   INTO THE GLOBAL / “SEND VIA” MENU  AFFECT ALL NATIVE APPLICATIONS NATIVE APPs ARE DEVELOPED BY BLACKBERRY   WALLETS, SOCIAL, SETTINGS, IMs,… GUI EXPLOITATION      REDRAWING THE SCREENS GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD FIELD) ADDING, REMOVING THE FIELD DATA ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED ADDING GUI OBJECTS BUT NOT SHUFFLING 3RD PARTY SECURE SOLITUINS RUIN THE SECURITY  KASPERSKY MOBILE SECURITY PROVIDES    FIREWALL, WIPE, BLOCK, INFO FEATURES NO PROTECTION FROM REMOVING.CODs & UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  JUST SHOULD CHECK API “IS SIMULATOR” ONLY SMS MANAGEMENT VIA “QUITE” SECRET SMS  PASSWORD IS 4–16 DIGITS,AND MODIFIED IN REAL-TIME  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT  TABLES (VALUEHASH) ARE EASY BUILT  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY NOTIFICATION, BECAUSE KMS DELETE THE SENT MESSAGES  OUTCOMING SMS BLOCK/WIPE THE SAME/ANOTHERDEVICE
  • 16.
    CONCLUSION - I PRIVILEGEDGENERALPERMISSIONS OWN APPs, NATIVE & 3RD PARTY APPs FEATURES  DENIAL OF SERVICE  GENERAL PERMISSIONS  REPLACING/REMOVING EXEC FILES  DOS’ing EVENTs, NOISING FIELDS  GUI INTERCEPT  INFORMATION DISCLOSURE  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs  CONCRETE PERMISSIONS  CLIPBOARD, SCREEN CAPTURE  GUI INTERCEPT  DUMPING .COD FILES, SHARED FILES  MITM (INTERCEPTION / SPOOFING)    MESSAGES GUI INTERCEPT, THIRD PARTY APPs FAKE WINDOW/CLICKJACKING   BUT COMBINED INTO GENERAL PERMISSION A SCREENSHOT PERMISSION IS PART OF THE CAMERA  GENERAL PERMISSIONS    INSTEAD OF SPECIFIC SUB-PERMISSIONS A FEW NOTIFICATION/EVENT LOGs FOR USER BUILT PER APPLICATION INSTEAD OF APP SCREENs
  • 17.
    CONCLUSION - II THEVENDOR SECURITY VISION              HAS NOTHING WITH REALITY AGGRAVATEDBY SIMPLICITY SIMPLIFICATION AND REDUCING SECURITY CONTROLS MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS THE SANDBOX PROTECT ONLY APPLICATION DATA USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY THE NATIVE SPOOFING AND INTERCEPTION FEATURES BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
  • 18.