- Oct 8, 2017
- 30
Still trying to find protection. Have no root firewall blocking all apps and system apps except for gmail. does what I require it to do.
There is a security vulnerability in the Initial Setup Process and I was attacked during the PlayStore Auto Update process. PlayStore only uses HTTPS for PAID APPS. Had to do 3 factory resets till I realized that the only way out was to go AirPlane mode, stop PlayStore Auto Updates, install no root firewall APK as the very first thing, and block all non-essential processes. Similar to how you harden a PC. Then update at my leisure. When hardening a PC, you don't go online until the PC is hardened and you are good and ready. The same principle applies here.
I think BlackBerry should take the machine offline first. And let users decide when they are ready to go online. If they are serious about security.
Have read in an old wilderssecurity.com post that most andriod av's are ineffective. But I realize that cellphone attacks have risen A LOT in the last 2 years since that post.
I have tested out MalwareBytes and ZoneAlarm on my old Samsung JBOSS and they couldn't remove the Remote Control malware/software that I was infected with. So I am skeptical.
PlayStore Play Protect is a joke: there are lots of Parental Control - Remote Monitoring Tools that will pass that test. And if any was downloaded as part of the PlayStore Auto Update, you would be setup for remote monitoring from the get go. Luckily, Androids do not give root access until you root it deliberately, and the factory image is thus good. So a Factory Reset will always give you a clean start. Otherwise, you'd have to use another OS image.
In summary, the BlackBerry KEY2 is not as secure as I had wished it to be. The weakest link is the Android OS's setup procedure, and non-HTTPS auto update. And as we all know, all you need is one weak link - it doesn't matter if everything else is securely built. That's a problem all defenders face. Advantage: attacker.
There is a security vulnerability in the Initial Setup Process and I was attacked during the PlayStore Auto Update process. PlayStore only uses HTTPS for PAID APPS. Had to do 3 factory resets till I realized that the only way out was to go AirPlane mode, stop PlayStore Auto Updates, install no root firewall APK as the very first thing, and block all non-essential processes. Similar to how you harden a PC. Then update at my leisure. When hardening a PC, you don't go online until the PC is hardened and you are good and ready. The same principle applies here.
I think BlackBerry should take the machine offline first. And let users decide when they are ready to go online. If they are serious about security.
Have read in an old wilderssecurity.com post that most andriod av's are ineffective. But I realize that cellphone attacks have risen A LOT in the last 2 years since that post.
I have tested out MalwareBytes and ZoneAlarm on my old Samsung JBOSS and they couldn't remove the Remote Control malware/software that I was infected with. So I am skeptical.
PlayStore Play Protect is a joke: there are lots of Parental Control - Remote Monitoring Tools that will pass that test. And if any was downloaded as part of the PlayStore Auto Update, you would be setup for remote monitoring from the get go. Luckily, Androids do not give root access until you root it deliberately, and the factory image is thus good. So a Factory Reset will always give you a clean start. Otherwise, you'd have to use another OS image.
In summary, the BlackBerry KEY2 is not as secure as I had wished it to be. The weakest link is the Android OS's setup procedure, and non-HTTPS auto update. And as we all know, all you need is one weak link - it doesn't matter if everything else is securely built. That's a problem all defenders face. Advantage: attacker.
Last edited: