Monday, September 23, 2013

Touch ID and Blackberry

Apart from the never ending transit debate in Toronto, the news dominating my twitter feed today are related to the Apple’s Touch ID hack and the Fairfax bid for Blackberry. My quick comments on those two:

-          Touch ID hack: of course it was only a matter of time, but let’s face the facts. There are far more expensive and complex fingerprint sensors that are also vulnerable to similar attacks (Gummy bear fingers, anyone?); just keep in mind that the threats Apple is considering for this technology (very good Threat Modeling blog post from Daniel Miessler – just keep in mind he is an Apple fanboy :-)) are opportunistic attackers, not determined ones (such as NSA…). Not only that, the main business goal for the technology might be more on making the life of the user easier than to make things more secure. And to introduce shiny “futuristic” gimmicks too, of course :-)

-          Blackberry: and here it finally goes private…it’s a sad thing to see a company with that lead blowing things up so miserably. The interesting perspective of this situation is that it increases the speed organizations will have to move towards (or at least consider) the BYOD model. But don’t completely write off Blackberry yet; it can very well rebrand itself as the go to options for the technology required for a good BYOD strategy – BES10 has a huge potential to be the killer MDM tool.

-          Blackberry (2): Until now BES and the Blackberry network were like those undersea cables: a very nice point to massive eavesdropping. Now it’s gone. I believe we can expect a heavy shift of research resources moving to find more effective ways for massive monitoring of mobile devices, now that those convenient choke points will no longer be used.

No comments:

Post a Comment