backtop


Print 28 comment(s) - last by Zingam.. on Jul 30 at 12:22 AM

Analysts are concerned FBI may be making a mistake; Android may not be secure enough

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Navy are two massive federal agencies.  The FBI has over 35,000 active employees [source]; the Navy has 54,000+ officers [source].  What do all of those government employees have in common?  Most of them carry government-purchased smartphones from Canada's BlackBerry Ltd. (TSE:BB).

I. Samsung Nears Deal to Supply Navy, FBI With SE Android Smartphones

But Reuters and The Wall Street Journal are reporting that Samsung Electronics Comp., Ltd. (KSC:005930) is on the verge of signing new contracts that would break BlackBerry's exclusivity as smartphone supplier to these agencies.  

The deal would be a massive victory for the world's largest smartphone maker, which has been lobbying the U.S. government hard to adopt its Galaxy S IV smartphones.  And it would be opportune timing given Samsung's growth had started to slow on a market-wide stagnation of smartphone sales.

At the same time, the deal would be a big blow financially to BlackBerry – a company whose future already looks uncertain given the slow sales of its tardy BlackBerry 10 platform.

BlackBerry 10 (BB10) -- originally scheduled for a H1 2012 launch -- was delayed a year, finally seeing a soft launch in January.  The first BB10 devices hit the U.S. in March, but the most popular variety of Blackberries -- keyboard equipped models -- were delayed even further, only starting to sell in May in the U.S.

BB10 phones
The slow rollout of the BB10 devices may have cost RIM part of its gov't contracts.

That sluggish rollout may have been the last straw for more than one government agency that is losing faith that keeping BlackBerry exclusive is a wise logistics choice.  In May the Pentagon approved for the first time the use of Samsung and Apple, Inc. (AAPL) smartphones by the branches of the U.S. Department of Defense (DoD).

II. Getting Serious About Security

In recent months a number of government agencies:

... have dumped BB, either partially or entirely, mostly for iOS.

BlackBerry Adieu
Gov't agencies are fleeing the sinking BlackBerry ship. [Image Source: Forrester.com]

Meanwhile, BB10 has struggled, flunking the UK's strictest security requirements earlier this year.

The looming Navy/FBI contracts could make it a three-man race between BlackBerry, Apple, and Samsung for agency contract dominance.  That competitive state of affairs come thanks to hard work on Samsung and Google's parts.  While BlackBerry has long offered the most secure business solution, Samsung has been working hard to change that picture.  

Samsung started by last year airing an enterprise ready Android distribution, which adds on technologies from other top software players.  That initial effort -- available for the Galaxy S III and Galaxy Note II -- was dubbed SAFE.  

It offered 256-bit encryption, Microsoft Corp.'s (MSFT) ActiveSync email/calendar suite, VPN (jointly implemented by Juniper Networks, Inc. (JNPR) and Cisco Systems, Inc. (CSCO)), and a plethora of mobile device management (MDM) APIs to support MobileIron, SAP AG's (ETR:SAPSybase Afaria, Citrix Systems, Inc.'s (CTXSZenpriseSOTI, Motorola Solutions, Inc.'s (MSI) AirWatch, and other top management platforms.  In total over 340 IT policies are supported by the platform.

III. KNOX Impresses

But where interest is really heating up is SAFE's successor, "KNOX".  Just released for the Galaxy S IV, KNOX leverages Google Inc.'s (GOOG) new "Security Enhanced" (SE) Android platform, which was co-designed by the U.S. National Security Agency (NSA).

Samsung Knox
Samsung KNOX is arguably the first truly enterprise-ready secured Android platform.

SE Linux to offer sandboxed work and business containers (comparable to BB's "Balance" environments), which coexist alongside the general recreational workspace.  Each container is encrypted and apps in one container are unable to access other containers' data.  Messages can be routed to accounts on individual containers.  Digital rights management (DRM) of containers is, in part, handled using ARM Holdings plc's (LON:ARM) licensed "TrustZone" hardware DRM technology.

If the name doesn't say enough, KNOX's features clearly show Samsung is targeting defense and intelligence agency clients.  Samsung put the device through a variety of certification hurdles, including SRG compliance (Defense Information Systems Agency's Security Requirements Guide), CAC capability (common access card, the DOD's secure thin-client standard for smartphones), FIPS 140-2 compliance (both over the air and on device) and root of trust (special secured boots for government devices).

KNOX expands support to 474+ IT policies, and offers 1,034+ MDM APIs.

Market research firm Gartner Inc. (IT) points out that the MDM APIs and the third-party management tools they enable are one key advantage KNOX has over the closed BB10 platform.  Comments Gartner, "BlackBerry has not opened management API support to popular MDM tools. This will limit the appeal of BB10 devices for those enterprises that manage smartphones through cross-platform MDM tools."

Thorsten Heins
Analysts are critical of BB's decision to block out third party MDM to try to lock its users into its service fees. [Image Source: Getty Images]

In other words, with KNOX an organization could (theoretically) shift to another mobile OS -- say Apple's iOS or Microsoft's Windows Phone -- without having to replace your MDM apps.  By contrast, BB's model inherently tries to lock you in to their high-priced solutions.

BB does have a slight edge in that it uses direct encrypted links (via BB Enterprise Server (BES)) between devices, versus VPN.  But with modern network speeds and multi-core smartphone chips the performance penalty for using VPNs is much smaller than it used to be.

IV. Some Analysts, Politicians Not Sold on Android's Security

Still not all analysts are convinced that jumping from BB to KNOX is a sound decision.

The Enderle Group's principle analyst Rob Enderle tells Reuters, "The Android operating system hasn't been secured properly.  If you are going to tackle security, you kind of have to do it throughout the entire platform. It's not that Samsung doesn't want to - it is that they don't own the operating system so they cannot.  If you're going to sell into government, you have to be able to provide a secure solution and Android isn't it yet."
 
U.S. Representative Kenny Marchant (R, Tex.) wrote a letter to the FBI commenting, ""I understand that the FBI may be considering a new solution that is a patchwork of technologies stitched together.  I am concerned that this approach may prove to be more costly than other alternatives."

Last, but not least, BlackBerry's chief legal officer, Steve Zipperstein -- an understandably biased source -- complained to Reuters, "The security of mobile devices is more important now than it has ever been before.  It is fair to ask why in this context anyone would consider moving from the gold standard in security, which is the BlackBerry platform."

V. How BB's Decision to be Closed Has Come Back to Haunt It

All these criticisms do have some footing.  BB does offer the most proven secured smartphone solutions.  But from a technical standpoint it's hard to see what exactly KNOX is lacking, other than perhaps field testing.

Perhaps that's why the Navy and FBI are eyeing big contracts to test Samsung's wares.  They may not be impervious to attack, but they seeming check all the necessary boxes and more importantly free these organizations' IT staff from being shackled to a proprietary MDM platform.

BlackBerry Locked
BlackBerry's locked environment is no longer the only game in town. [Image Source: Reuters]

BlackBerry has long enjoyed exclusivity from the majority of government agencies and security-oriented enterprise clients, largely on the simple basis that it was the only one that managed to adequately equip its mobile platform with the requisite technologies for secure operation.  That achievement allowed BB to command steep fees in part by locking users into its services by crippling third party management.  IT folks didn't like it, but they had no choice.

Now that they have a choice, BB is starting to see those policies come back to haunt it.  With a nonexistent consumer brand it could be the final nail in the coffin if BlackBerry's margin-driving government contracts are scaled back.

Sources: WSJ, Reuters, DOD



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Fork in the road
By Salisme on 7/22/2013 8:10:35 PM , Rating: 3
Android is open source. Why can't the govt code their own "secure" android version, or employ the likes of the CM mod team to build them a secure version instead of having to deal with a closed system of iOS? One would think they would want to know the complete ins and outs of the OS before rolling it our to their key personal. Android sounds like the perfect possibility.




RE: Fork in the road
By Ammohunt on 7/22/2013 8:23:25 PM , Rating: 3
Because they have people like Edward Snowden working for them?


RE: Fork in the road
By Mitch101 on 7/22/2013 8:33:20 PM , Rating: 2
I read the headline and I was waiting to read they were getting devices from Huawai
http://www.dailytech.com/Huawei+in+a+Huff+Over+For...


RE: Fork in the road
By a5cent on 7/22/2013 9:38:50 PM , Rating: 2
Not unlike the undertone in this article, many people think of security in terms of boxes that security features must check. While that isn't wrong, it is but half of the issue.

In truth, many aspects of security are better defined by what an operating system can not do , rather than by what it can. An example:

3rd party apps used by a CIA operative probably shouldn't be able to access the smartphones contacts or text messages, even if a user were to grant an app the rights to do so upon installation. Such information is far to sensitive to put responsibility for its protection into the hands of a fallible human being. Instead the protection of such information should be guaranteed by the operating system itself. How? Preferably by completely removing the API which enables access to that data, which is the only way to guarantee that data isn't programmatically accessible.

The above is but one very simple example, but such issues must be considered at thousands of design junctions and at all levels during operating system development. As most would suspect, this is not how Android was developed. Being a consumer OS, it is focused less on security and more on flexibility and the ability to easily implement any feature that consumers may find attractive.

Re-enginnering Android to the necessary extent is possible, but it would break compatibility with anything otherwise Android related, which would defeat the whole purpose of using Android in the first place.

Whether any of this is relevant is a different question however, as money and political considerations will outweigh technical arguments.


RE: Fork in the road
By half_duplex on 7/23/13, Rating: 0
RE: Fork in the road
By Argon18 on 7/23/2013 11:54:45 AM , Rating: 1
Flexible and Secure are not mutually exclusive. The fact that Android is Open Source is its greatest asset; the gov't is not tied to using the vanilla consumer Android release - they can modify the source and build their own custom secure release if they choose. Or ask Samsung to do it for them, or award contracts to get the job done. Remember, the most secure operating system in the world - OpenBSD - is Open Source.


RE: Fork in the road
By Samus on 7/23/2013 1:02:52 AM , Rating: 3
They could...

but tat's what KNOX is, a closed-source security layer for Android. It's securely remotely managed and its cryptography layer uses SSL and a Kerberos ticket-style update engine that changes keys so frequently that even the fastest computer (let alone hacker) can't decode the packets as fast as the keys change.

For Samsung's first security implementation, it's very good and will only get better. I don't see Android running this style of security layer being any less secure than Blackberry (or any other closed system) so moving on...the reason to go with Blackberry is clearly lower costs, wider variety or devices and the ability to have a customized, closed system.


RE: Fork in the road
By jimbojimbo on 7/23/2013 10:52:52 AM , Rating: 3
Well put. Every other comment here seems to talk about the old Android days of GB and neglect to do any actual research about how things have progressed. They're just stating what they've read hundreds of times before years ago instead of looking at the S4 and the Knox system themselves. It's 2013. It's a new Android OS. It's a new phone.
Before you go on, the DoD approved the S4 with Knox for government use long BEFORE iOS.


RE: Fork in the road
By b_glasser on 7/23/2013 12:08:04 PM , Rating: 2
Just wait until the days of quantum computing...they aren't that terribly far out...that will completely change cyber security


RE: Fork in the road
By drycrust3 on 7/23/2013 7:56:25 AM , Rating: 2
Android may well be open source, but it is released under the Apache licence, which means that if anyone wanted to use it they would have to comply with the terms of the Apache licence too.


Where did this information come from
By The C Man on 7/22/2013 11:20:31 PM , Rating: 2
Blackberry did not fail the UK tests and the story was discredited.

Knox is still not up and running as far as I can find out. Even with it the Samsungs may not be safe.

The non Blackberry phones may be made safe but they will probably be using Blackberry Security which has been approved.




RE: Where did this information come from
By Vardant on 7/23/2013 3:07:35 AM , Rating: 2
This confirms what we knew all along. Jason isn't very good.


By OoklaTheMok on 7/23/2013 12:58:39 PM , Rating: 2
He always has a horse in the race, and he does his best to promote it.


By bizdudePB on 7/23/2013 12:43:25 AM , Rating: 5
Jason, you need to correct your article. It really sucks when people don't do a little verification.

BB10 has not flunked the UK test. The source was the Guardian and they corrected their mistake months ago. Now you need to correct yours.

http://rapidberry.net/the-guardian-prints-correcti...




otherwise known as...
By retrospooty on 7/22/2013 6:48:28 PM , Rating: 3
Move over pokey, we want bloaty :P




LOL
By flyingpants1 on 7/23/13, Rating: 0
RE: LOL
By half_duplex on 7/23/2013 10:08:55 AM , Rating: 1
LOL

I'm going to adjust my narcotics trafficking hours from night time to high noon when most of the feds are at the corner hot dog stand.


RE: LOL
By 4rensycs on 7/29/2013 6:40:22 PM , Rating: 2
LOL. Texting no less.


The pic of the Q10 is wrong
By flyingpants1 on 7/23/2013 6:45:36 AM , Rating: 2
Why do you keep using that incorrect pic of the Q10 next to the Z10? The Q10 is nowhere near that tiny.

Here's a better pic. http://i.imgur.com/cP03swr.jpg




RE: The pic of the Q10 is wrong
By Zingam on 7/30/2013 12:22:52 AM , Rating: 1
Because they don't care and because maybe somebody pays the to write bullshit about BlackBerry. I don't know. I am not such a big fan of it myself. Never used one before but the way they write the articles speaks for itself.


Deathblow
By Ammohunt on 7/22/2013 6:53:11 PM , Rating: 2
This seals their fate as a company government is/was one of their last bulwarks.




Word association:
By Motoman on 7/22/2013 7:27:45 PM , Rating: 2
Knox:

Foxy!




Keep the BB bashing coming, DT!
By iamkyle on 7/22/13, Rating: 0
By Azethoth on 7/24/2013 9:44:41 PM , Rating: 2
It's not bashing when Blackberry is actually busy dying. I have tons of friends who claimed to miss their BB with keyboard and would "totally" buy a BB smartphone if one was ever made. They totally did not buy any of them.

Defending your Blackberry makes as little sense as me defending my Motorola Razr from like 10 years ago or something. Their time came and went.


BB CEO is Gay dude !
By poi2 on 7/22/13, Rating: 0
RE: BB CEO is Gay dude !
By Samus on 7/23/2013 1:06:01 AM , Rating: 2
You realize Tim Cook is gay, right?

I don't see the relevance of your post. You could just put yourself out of the miserable life you have and shoot yourself behind a shed where you won't be found.


Why
By A11 on 7/23/2013 3:15:29 AM , Rating: 2
do government employees need the latest, greatest and not the least, most expensive smartphone?




Dying on their own
By 4rensycs on 7/29/2013 6:38:59 PM , Rating: 2
The bottom line issue is "CHANGE" of which they did not do. They played the cards and stayed the course with the BES even with Z10, to no avail. As for iOS is is no better off. In the healthcare arena iOS is a HIPPA violation. So why go to another proprietary closed system only to really have the ability in leaking information from CA. Android is opensource as we know and the security offered will work. Again, I tend to agree, if the FBI and Navy don't like it they can code their own, outsource it to Samsung or contractors.

RIM saw the change in wind but never released the jib.




“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki