Blackberry Continuing the Quest for Cybersecurity

privThe advertisements for the latest smartphones from Samsung, LG, HTC and Apple entice consumers with features like removable batteries, water resistance, longer battery life, better cameras, and sleeker designs.  Security, however, is rarely mentioned in the ads.  Blackberry is a brand name everyone recognizes, and while used almost exclusively by the government and Blackberry loyalists, few outside that realm realize the company still makes smartphones for the average consumer.  John Chen, CEO of Blackberry, is working to turn the company into an innovative cybersecurity company.  As part of that plan, the company is dabbling in more secure smart phones and has created new cybersecurity services.

Blackberry Priv

Blackberry’s latest smart phone is known as the Blackberry Priv, a name that is short for privacy and privilege.  One goal of this smart phone is to try to popularize Blackberry in the consumer smart phone market.  This phone runs Android Lollipop (with an upcoming Marshmallow upgrade) instead of the Blackberry operating system, BB10 OS.  Blackberry is aware of the security issues that come with the original Android OS, and has modified the operating system to make it more secure and private.  The phone can encrypt files and other sensitive information.  Anything on the device that is encrypted will never leave the device.  The Android operating system comes with an Android full-disk encryption option.  Priv improves upon the Android full-disk encryption, which is turned on by default, by using Blackberry Cryptographic Kernel, encrypting data using AES-128, and protecting the user key within Blackberry Secure Compound.  More information about Android full-disk encryption can be found on the Android website at https://source.android.com/security/encryption/.  The Priv does not have the highly popular biometric unlock option; instead, it has the option of a picture password.  This feature entails a randomized number grid and the user’s choice of photograph.  A specific number and specific location on the picture is set by the user.  To unlock the device, the specified number must be dragged to the specified location on the picture.  In this type of password, the ‘drawing’ path is never the same and cannot be replicated without knowledge of the number and location.  A regular password phrase, with a minimum of four characters, is also a device password option if the user does not want the picture password.  No matter the device password option, after ten unsuccessful password attempts, the device deletes all user information and data, then it returns the device to factory settings.  Additionally, Blackberry promises monthly security patches pushed out for the Priv.  Any urgent updates will be pushed as needed.  Blackberry strives to attract Android users looking for a more secure phone and keep its hold in the smart phone business. John Chen states that, “Priv represents BlackBerry’s first Android device and supports our cross-platform strategy and our ability to provide a secure end-to-end mobile platform for Android in the enterprise,” but only the success of the Priv will keep Blackberry in the smart phone market.  On the application side, Blackberry has created a security application called DTEK.  As an added layer of security, Blackberry preloads their application DTEK on every Priv device. DTEK is also available on the Google Play Store.

 

What is DTEK?

DTEK is a BDtek-shield-bw1lackberry software application that monitors all other applications on a smart phone device.  The application will inform the user about his or her security practices.  Many smart phone applications request permission to access information on the device; DTEK takes all the permissions another application has and puts them in an easy to read format for the device user.  This provides a central location to see what information each application is using and pulling from.  DTEK also tracks when personal information is accessed and how often, then notify the device user that information is being accessed.  The DTEK application notifies users when pictures and/or videos are being taken or the device microphone is turned on.  The DTEK security rating includes many things, such as if the device has a screen lock or if Android Developer Mode is turned off/on.  The rating is displayed when the DTEK application is opened.  There is a graphic that looks like a meter and it points to a color related to the security rating, i.e. green is excellent, yellow is fair, and red is poor.  If the user receives a poor rating, DTEK will make suggestions to improve the device security; these suggestions appear under the graphic on the main application screen.  While this may not solve all the cybersecurity problems on a smart phone, it is a good stepping stone to improving security and educating users on what is really happening on their devices.

 

Cybersecurity Conquests

Aside from the smart phone and application business, Blackberry is fiddling in the cybersecurity consulting business as well.  In February Blackberry announced its new practice, Professional Cybersecurity Services.  With an ever increasingly connected society, more and more companies need cybersecurity practices in place; Blackberry is hoping to fulfill these needs and increase the security with their services, tools, and practices.  According to Blackberry’s website, the goals of their Professional Cybersecurity Services practice addresses:

  • Strategic Security
  • Technical Security
  • Automotive and Internet of Things (IoT) Security
  • Detection, Testing, and Analysis

Throughout the past few years, Blackberry has acquired WatchDox, AtHoc, Good Technology, Ecription Limited, and a few other security companies in hopes of building a powerful cybersecurity service.  Through the Professional Cybersecurity Services, Blackberry offers Penetration Testing, Threat Intelligence and Knowledge (THINK) Service, Cyber Essentials Plus, Forensic Services, and a few other miscellaneous services.  In a Blackberry press release this past February, there is a greater demand for more robust defensive tactics to combat the cyber security threats to the increasingly Internet connected industry sectors.  Blackberry’s press release states that the Professional Cybersecurity Practice is “intended to address that market demand”.  Blackberry is looking to continue its quest for cybersecurity and provide as many services for its customers as possible.

 

What will become of Blackberry?

The Priv has not been doing as well on the market as the company would have liked, selling only 600,000 phones in its fiscal fourth quarter, which is below what the company was hoping for.  An AT&T executive told CNET that the problem is that most Android users are sticking to what they know and most BlackBerry loyalists are not adjusting well to the Android operating system.  There is a real possibility that Blackberry will have to drop out of the smart phone business, although the company will not fold.  Blackberry has started the transition to becoming a cybersecurity consulting business.  With an increasingly connected world, cybersecurity will become more and more important, and getting established in the consulting business will help Blackberry tremendously.  Chen shared with Forbes.com that Blackberry “exceed[ed] our goal of $500 million in enterprise software the licensing revenue for the full year.”  While Blackberry may not be the smart phone giant it once was, the company is still doing its best to try and make the connected world a more secure place.


This post was written by: Audrey LoVan

References

BlackBerry Limited. (2016, February 24). BlackBerry Launches New Professional Cybersecurity Services Practice to Expand Portfolio.

BlackBerry Limited. (2016). Security Guide: PRIV by BlackBerry. Waterloo, Ontario, Canada. Retrieved from http://help.blackberry.com/en/security-guide-for-blackberry-powered-by-android/latest/security-guide-for-blackberry-powered-by-android-pdf/PRIV-by-BlackBerry-latest-Security-Guide-en.pdf

Cheng, R. (2016, June 6). BlackBerry Priv is faring worse than expected. Retrieved from CNET: www.cnet.com/news/blackberry-priv-may-have-done-worse-than-we-thought/

Morgan, S. (2016, April 28). BlackBerry’s Turnaround CEO Dials Up Cybersecurity, And It Answers. Retrieved from Forbes: http://www.forbes.com/sites/stevemorgan/2016/04/28/blackberrys-turnaround-ceo-dials-up-cybersecurity-and-it-answers/#50dace136921