BlackBerry’s DTEK Android Security is an important step forward
High profile ‘hacks’ and ‘leaks’ now appear with startling regularity on our news feeds. While these types of incidents have never been particularly rare occurrences, they have been made more noteworthy as large corporations, banks and even national security agencies find their data dumped online.
The security world often looks down on Android. This isn’t because the system itself is inherently insecure – far from it. Instead it’s because the manufacturers or carriers who are responsible for updating the phones often don’t. Even when they do, updates can be very late or outdated.
Monthly Security Updates
Google themselves take security very seriously. Security updates are provided every month to the Android system. These address new issues that naturally emerge in the world of technology, or bugs that users discover. Unfortunately, until now, it is only really Nexus devices that have benefited from this. Even big names like Samsung struggle to deliver these updates to all their phones in a timely fashion.
It’s here that BlackBerry have pledged to match Google’s efforts. Since the Priv was released last year, BlackBerry have not missed a monthly security update. In fact, there have even been occasions where they rolled it out before Google’s official release!
So that’s a higher level approach and one that BlackBerry have so far made good on their commitment to. What about deeper in the system though? BlackBerry claim that DTEK makes their Androids more secure than any other.
The following are a list of features included in BlackBerry’s implementation of Android. You might not understand all of the terminology here (I had to look up a few items). The important thing to remember is that these are additions to Android. This means that regardless of the phone being on Android 5, 6 or newer, BlackBerry can integrate these features.
- Device Integrity. BlackBerry ensure that all their hardware is ‘signed’ with digital keys at the manufacturing level
- Improvements to the Address Space Layout Randomisation (ASLR) technique
- Improvements to the SELinux mandatory access control poicy. Not included in Android L or M
- Pathtrust. This ensures untrusted code cannot be introduced to the system dynamically via malware
- Hundreds of hardening improvements to the Linux kernel and Android service framework
- Tamper proofing of critical security parameters
- Cryptographic improvements. BlackBerry Certicom certified FIPS 140-2 compliant
Some of these changes and additions are not possible for Google to produce. They sit between the system hardware and the Android OS which means the manufacturer has control.
Extras that Google can’t provide
BlackBerry CSO David Kleidermacher had this to say in an interview with Tom’s Hardware last year:
Google has some stuff that they’ve built into Android [that] is essentially self-validating the system image. … That’s really important for protecting against rooting and malware.
But one of the things it does not do is runtime integrity protection, so [what it does now] is kind of a boot time check. Which is great, … but if malware gets into the system, and it’s able to get a hook into the system at runtime, you’ve not modified the flash firmware, but you’ve changed the runtime image. That’s also bad — arguably worse — because you can’t detect that.
We have something we call the BlackBerry Integrity Detection Engine — we call it internally “BIDE.” And it is a runtime validation of the system, so we’re essentially underneath Android, something Google really can’t do, because it’s done in the firmware of the device. We’re looking up at Android; while it’s running, we’re watching it and measuring it, and observing it, and saying, “Does everything look okay?” That’s a really good example of something we do that your standard platform doesn’t do.
This is one example of how BlackBerry take security seriously. After all before the smartphones era, BlackBerry were the undisputed kings of mobile security. Along with BES systems for corporate servers, BlackBerry have a high pedigree in security and information assurance.
As the full interview goes on to state, BlackBerry have a department focused on improving assurance and security across technology as a whole. The goal is to produce standards and applications usable wherever computing technology operates. In the 21st century that’s everywhere. Healthcare, Transport, Water, Energy, Sanitation. All the key nation state infrastructure.
DTEK keeps you safe without getting in the way
As BlackBerry develop this service-led security aspect of their business, the consumer devices they release will continue to benefit. The DTEK50 is the first device to truly focus on this in advertising.
The DTEK application shows the user the basics of what’s going on. With it you have a simple visual representation of top level concerns. This includes simple things such as enabling data encryption & screen lock. There’s also a deeper level of app and permission handling than Android 6 provides by default.
These features give you some level of customisation. What’s important to take in as that the surface level is only that. BlackBerry have included so many enhancements under the surface that many will never see. These allow the DTEK50 (and the Priv) to be called the most secure Android smartphones.
The DTEK50 by BlackBerry is available now SIM Free from Clove for £275 (£229.17 ex-VAT)