As a security researcher for the past 16 years, and a software engineer for 30+ years, BlackBerry's (NASDAQ:BBRY) claim of having produced the world's most secure Android smartphone got my attention.
The first thing I did was to reread the BlackBerry press release to make sure I understood it correctly:
BLACKBERRY ANNOUNCES THE WORLD'S MOST SECURE ANDROID SMARTPHONE - DTEK50
Waterloo, ON - July 26, 2016 - BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader in mobile communications, announced today that DTEK50, the world's most secure Android smartphone, is now available for pre-orders at ShopBlackBerry.com. DTEK50 is BlackBerry's second smartphone powered by Android, following the PRIV. (emphasis added)
I checked to make sure it wasn't qualifying this statement with something like a requirement that it be used with BlackBerry's Enterprise Server, but that was not the case.
Interestingly, many respected outlets (the verge, economictimes, etc.) are now reporting that BlackBerry is producing "the world's most secure smartphone" which is not at all what BlackBerry is claiming. BlackBerry is simply claiming "the world's most secure Android smartphone."
I guess BlackBerry claiming the world's most secure Android smartphone is just another way of acknowledging Apple's (NASDAQ:AAPL) own iPhone security. This is especially complementary as it's coming from the same company that used to own the mobile phone security space.
Features that make DTEK50 the most secure Android smartphone, include:
- Rapid Security Patching
- DTEK™ by BlackBerry App
- Hardware Root of Trust
- Secure Boot Process
- FIPS 140-2 Compliant Full Disk Encryption
- Android OS hardening
Let's break these things down and see how they compare to Apple's iPhone security.
Rapid Security Patching
I think we can all agree that rapid security patching is a good thing. No criticisms there. But a patch only improves security after it is applied. Before it is applied, all phones are equally vulnerable.
I mean it's like saying a BMW is better mechanically because the BMW mechanics work twice as fast as the Ford mechanics.
A BMW is either better mechanically before the work begins or it is not. Same with security.
DTEK by BlackBerry App
DTEK is a neat little app that alerts you if say some app is using your camera. But it's passive, which means it doesn't block the operation, but rather lets you know the behavior is happening so that you can take steps to correct it.
Apple's iPhone, however, has had app permissions for quite a while:
However, DTEK gives you a cute graphical display showing your relative security, but oddly penalizes you for not allowing DTEK access to things such as your contacts, and not having added a Google account:
Anyway, I don't see this as a big improvement. Apple gives you a notification and an ability to block the access.
Hardware Root of Trust
BlackBerry touts its hardware root of trust as one of the features that make it the world's most secure Android smartphone. And indeed, a hardware root of trust is a very good thing to have today. Maybe, this is why Apple's iPhone has had one for a very long time.
When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted. (emphasis added)
Secure Boot Process
Again, BlackBerry is not alone here. Apple's iPhone also has a secure boot process:
Secure boot chain
Each step of the startup process contains components that are cryptographically signed by Apple to ensure integrity and that proceed only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware.
FIPS 140-2 Compliant Full Disk Encryption
As you may have already guessed, much of what BlackBerry is claiming to be unique to their smartphone - whereby making them the most secure Android smartphones - is in fact the way other smartphones are already built today.
Apple, for instance, also uses FIPS 140-2 compliant encryption:
Cryptographic Validation (FIPS 140-2)
The cryptographic modules in iOS have been validated for compliance with U.S. Federal Information Processing Standards (FIPS) 140-2 Level 1 following each release since iOS 6. The cryptographic modules in iOS 9 are identical to those in iOS 8, but as with each release, Apple submits the modules for re-validation.
Android OS hardening
Here's what BlackBerry has to say:
Now we've already covered rapid security patches, and Apple's iPhone does in deed have Address space layout randomization (ASLR). Certificate pinning is something app developers can do, and Apple shows you how here; but this notion of improved random numbers is worth looking at a bit closer.
But what does THAT mean and how is it used?
Well, simply stated, entropy is the randomness used to seed a pseudo random number generator. One value from the generator is then fed into an encryption algorithm to encrypt your data.
The Android Random Number Generator (RNG) is actually a pseudo random number generator. That is, the output is not truly random numbers, but rather a very long repeating sequence of pseudo random numbers; and this sequence is determined by the seed. Enter the same seed, get the same sequence.
What BlackBerry is claiming to have done here is to provide a better seed (entropy) for Android's RNG.
But let's put this in perspective. A very bad seeding scheme would be to not initialize the seed at all, or to use a constant value like the year you were born. In this case, the RNG would always generate the same very long sequence of pseudo random numbers. This predictability would give hackers an opportunity to crack the encryption on your device by locating the seed value and generating the very long sequence. They would then have to go through each number in the sequence, trying each in turn in the decryption algorithm hoping for some sort of recognizable output.
But what most programmers do (myself included) is to use a variant of the current time as the seed. Most device clocks today have a granularity of milliseconds. So seeding the RNG with the current time provides a set of 86,400,000 unique seed values in a day or 604,800,000 unique seed values in a week, etc. That is a ton of seeds which would in turn generate that many very long sequences of random numbers.
Is that sufficient?
I have yet to hear of an Android exploit where someone was able to brute force the encryption where the seed value was properly initialized.
So how do you improve on something that wasn't broken in the first place?
What's more unsettling than a dubious 'improvement', is doing it in a secretive way and behind closed doors.
Zack Whittaker over on ZDNet wrote up a good piece on the topic in which Justin Troutman, an independent cryptographer and citing Qualcomm's secrecy around the process had this to say: "I think what we have here is bizarre: solving a solved problem, but losing trust by adding components that aren't open or documented."
To follow up on this line of thinking, I personally contacted Ronald Rivest, a world renowned cryptographer and Institute Professor at MIT to get his thoughts.
I know nothing particular about what Blackberry is doing.
Usually the PRNG is an algorithm that is coded in software (sometimes hardware), but which needs a good random number seed. True randomness is tricky. Moreover, generating true randomness is a place where an adversary can substitute a good method with something that is in fact breakable, and it may be difficult for the good guys to notice. So, perhaps Blackberry is putting in a "back door" here? Or not? How do you tell? (emphasis added)
Source: Professor Ronald Rivest via email
Now, Professor Rivest concedes he knows nothing particularly about what BlackBerry is doing, but goes on to highlight the same concerns expressed by Justin Troutman over at ZDNet.
This type of change must be open to the public for inspection/validation.
In a nutshell, this is a violation of Kerckhoffs' Principle, which holds that a system should be secure because of its design, not because the design is unknown to an adversary. The basic premise of Kerckhoffs' Principle is that secrets don't remain secret for very long.
I see no proof that BlackBerry's new DTEK50 smartphone is more secure than an Apple iPhone, and in fact BlackBerry stopped short of saying so. Which begs the question. What is your security story if you cannot even claim superiority over one of your main competitors?
What I see here are a lot of good features that are already available on other smartphones, like Apple's iPhone.
BlackBerry's DTEK50 looks to be a reasonable Android smartphone in an ocean of reasonable Android Smartphones. But with such a weak security claim, I don't see this newest smartphone changing BlackBerry's fortunes, and in fact leading to sharp criticisms within the security community.
BlackBerry is a short candidate at or around $8.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.
I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Additional disclosure: I currently believe the market is overheating and so I have moved to a far more conservative portfolio known as the Harry Browne Permanent Portfolio; it divides your holdings into four equal pieces (25% each) of stocks, long-term U.S. Treasurys, cash, and gold. I will remain here until either the market corrects itself, or I become convinced we're not topping out.