More than ever before, mobile devices are playing a greater role in customers’ busy lives. Customers rely on their smartphones to help navigate through their day, and they trust their devices to safeguard personal information such as credit card numbers, geolocations, passwords and enterprise information. As mobile device capabilities increase, so does the industry’s responsibility to keep customers and the mobile ecosystem secure from both current and emerging threats.
Security is a key component that BlackBerry customers have come to know and depend on. BlackBerry’s unique approach to security helps to separate our mobile devices from the rest of the industry, and we remain committed to protecting customers and their information. To that end, BlackBerry builds layers of security into our devices — from the foundations of the mobile platform to the final product. In addition, BlackBerry provides unique offerings to help ensure customers are protected after the sale, including routine security updates and a 24/7 security response team. The BlackBerry Security Incident Response Team (BBSIRT) is solely dedicated to investigating and researching hundreds of new emerging security vulnerabilities in the mobile ecosystem that could potentially affect BlackBerry customers. These types of potential threats include vulnerabilities, malware and privacy-infringing third-party apps.
BlackBerry also works with other security vendors to enhance customer security. For example, BlackBerry and Trend Micro are collaborating on third-party application security. BlackBerry uses the Trend Micro™ Mobile Application Reputation Service in conjunction with its current internal, proprietary system to analyze both current and new third-party apps in BlackBerry World. This collaboration helps provide customers another layer of protection against potential malware and privacy-infringing issues. Additionally, we also work with Computer Emergency Readiness Teams (CERT), including the US-CERT, ICS-CERT and CERT-FI, and we are active members of the Industry Consortium for Advancement of Security on the Internet (ICASI).
As the capabilities of both attackers and mobile threats are constantly evolving, vendors like BlackBerry must continually invest in security development to stay ahead of the threat curve. As the director of the BBSIRT, my team and I work diligently to ensure customers are protected by continuously monitoring the landscape and taking the appropriate steps to stay ahead of emerging threats. In addition to these internal efforts, BlackBerry also works closely with security researchers to help identify vulnerabilities and address malicious threats affecting the mobile industry. Given that BlackBerry and security researchers are working towards the same goals, protecting customers and improving the mobile ecosystem, this collaboration is crucial for both sides to make genuine progress.
To further develop these important relationships, BlackBerry Security is hosting some of the industry’s elite security researchers at our Waterloo campus for the second annual BlackBerry Security Summit on June 12-13, 2013. This internal event provides BlackBerry employees a unique opportunity to hear about cutting edge security research and participate in candid discussions with external security researchers who specialize in mobile hacking, software vulnerabilities, malware and privacy issues.
Discussions at this year’s BlackBerry Security Summit will focus on a variety of important topics including:
- Mobile Threat Landscape – (Adam Meyers / Crowdstrike)
A real world view of mobile exploit ecosystem and the threats that could impact customers
- Social Networking, Mobile Phones, The Cloud and Privacy – The New Reality of Digital, Physical and Social Persona– (Jason Shirk / Microsoft)
The new reality of digital, physical and social personas technology and privacy are at an inflections point
- An Introduction to Reverse Engineering QNX on Embedded Systems – (Justin Clarke / Cylance)
An understanding of the thematic issues that may impact all embedded devices, and mitigation measures that could be implemented in products
- I Like Webkit Vulnerabilities – (miaubiz)
A closer look at Webkit including how to evolve case generators as issues are fixed, manage repro cases and finding memory corruption bugs of modern browsers
- The Mobile Malware Festival 2013 – (Kurt Baumgartner / Kaspersky)
How mobile malware continues to develop as a part of more intricate cybercrime operations
- The Mobile Exploit Intelligence Project – (Dan Guido / Trail of Bits)
An intelligence-driven approach to mobile defense, focused on attacker capabilities and methods, with data collected from past remote attacks against Android and iOS
By hosting events like the BlackBerry Security Summit and sponsoring dozens of security conferences every year, BlackBerry and the security research community are working together to better understand, and stay ahead of the ever evolving threat landscape.
We are looking forward to this year’s event as well as sharing the highlights from the summit with the broader community.