How BlackBerry Security Begins At The Endpoints


Modern IT systems are extremely complex and securing them can be very difficult. BlackBerry works with a wide variety of systems and services, from BlackBerry 10 to Android to the Internet of Things. So how does BlackBerry secure them all? It all starts at the endpoints.

Mobile devices serve as the main endpoints for enterprise mobility. These smartphones and tablets have evolved immensely over the past few years, with power and functionality quickly approaching that of a desktop computer. Consider that the new BlackBerry Passport features a Quad-Core 2.2 GHz CPU, 3GB of RAM, a 13 MP camera that can record full 1080p video, and hundreds of thousands of apps through BlackBerry World and the Amazon Appstore for Android.

The power and complexity of mobile devices highlights the need for integrated security. But while most people focus on the OS, the security of BlackBerry is actually embedded in the hardware. Let’s take a closer look.

Securing BlackBerry

Every building needs a solid foundation and the tallest buildings need the strongest foundations. In security, we call this the “Root of Trust”. The deeper down the Root of Trust is embedded into the system, the more difficult it is to compromise.

BlackBerry signs all of its hardware to ensure device integrity. The keys are injected at manufacturing and verified whenever the devices connect to the BlackBerry network. The keys are also used to verify the software of the device.

Hardware Root of Trust is the foundation of BlackBerry security. Every single time any BlackBerry device in the world boots up, it goes through a complex and unique series of checks to confirm the integrity of each component:

  1. The CPU Embedded Boot ROM verifies the digital signature of the Boot ROM.
  2. The Boot ROM verifies the signing key of the Operating System.
  3. The Operating System verifies the hash of the Base File System.
  4. The Base File System verifies the hashes of all loaded Applications.



Securing Android

Nearly two years ago, BlackBerry 10 introduced the ability to securely run Android apps using the Android Player. BlackBerry 10.2.1 added the ability to install any APK file, and starting with BlackBerry 10.3, the OS comes pre-loaded with the Amazon Appstore for Android. Using BlackBerry’s Hardware Root of Trust and Trend Micro’s expertise on mobile malware, we’re able to run Android apps without compromising user privacy or device security (see this blog post for all of the details).

In addition to managing Android and iOS with BES 12 and Secure Work Space, BlackBerry recently announced a new partnership with Samsung to provide end-to-end security for Android devices. By combining the trusted EMM of BES 12 with the security of Samsung KNOX, we’re able to provide a tightly integrated, highly secure solution for the Android platform.

Securing The Future

In the past two months alone, we’ve seen Sony Pictures turn to BlackBerry for security and President Obama (a proud BlackBerry user) propose new legislation to protect user privacy. As technology moves towards embedded devices and the Internet of Things, privacy and security will only become more critical to governments, enterprises and consumers. By providing a trusted hardware platform with secure endpoints, BlackBerry will continue to lead the market in mobile privacy and security.

As always, feel free to comment below or Tweet using #BBSecurity.

About Alex Manea

Alex Manea is BlackBerry’s Chief Security Officer. As a founding member of BlackBerry Security, Alex has protected mobile, desktop and IoT devices, networks and infrastructure for over a decade. He is a Certified Software Security Lifecycle Professional and has an Honors degree in Systems Design Engineering from the University of Waterloo. In 2015, Alex starred on the hit TV show Canada’s Smartest Person, winning his episode with the highest score of the season.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus