Only a Miracle Can Save Blackberry

Blackberry has painted itself into a corner. The company is betting all of its money on being saved by their new Android smartphone, the DTEK50. True, the company is rumored to be releasing two other phones later this year, but, really, what’s the point if the DTEK50 doesn’t sell?

dtek50

Blackberry CEO, John Chen, seems obsessed with the idea that only a smartphone can keep the company from plunging into a financial quagmire. Such a plan might have had some merit ten years ago, but to maintain such a view in today’s smartphone market is truly swimming upstream against a very strong current. First of all, the market is saturated with Android smartphones. Though Samsung leads the market, others like Huawei, LG, and Sony are right behind, not to mention a large number of top-selling, Chinese-made clones which easily beat the DTEK50’s $300 price tag. In addition, the smartphone market itself seems to have topped-out. Sales across the board are on the decline, even for such long-term darlings like Apple.

So with all of these obstacles against it, what makes Blackberry think that they even have a puncher’s chance of success? The answer is security. The DTEK50 is billed as “the world’s most secure Android phone”. That would be a good sales point if the average user cared a lot about security, but that’s usually not the case. The average user just wants to get that popular app downloaded no matter what the security risk. They are quite happy to take whatever security features that happen to come with the phone. In other words, few smartphone buyers will base their purchase on security considerations alone.

However, there is one market niche which does have security as a top priority. This is the niche composed of companies, government agencies, and large institutions. These enterprises are desperate to get their hands on mobile devices which can prevent irresponsible employees on their network from becoming gateways for cyber attacks. If the DTEK50 can live up to its most-secure-phone billing, it may be able to make a profit by targeting these enterprises. Unfortunately, there’s a problem – the Qualcomm Snapdragon chip that powers the phone. A researcher recently reported “a chain of vulnerabilities that I’ve discovered which will enable us to escalate our privileges from any user up to the highest privilege of all – executing our code within TrustZone itself.” This vulnerability would enable an attacker to bypass full disk encryption, virtually taking control of the phone… good for hackers, bad for Blackberry.

This news couldn’t have come at a worse time. Last year, Blackberry released a “high-end communication service designed for sophisticated and exclusive executives.” This was an “ultra-encrypted” phone that sold for the ultra-high price of $2,000. At such a price, the phone would have had no choice but to deliver astonishingly good security. Sadly, it did not. The Netherlands Forensic Institute was able to break into the phone and decrypt 279 emails that it found there. So much for ultra-encryption.

In July, the U.S. Senate finally removed pre-Android Blackberries from its list of approved government devices. Getting government contracts was one of Blackberry’s last hopes. It had been one area that was still making money for the company. Thus, the security deficiencies found in their newer Android phones won’t help with their getting approval for any future government contracts. However, this hasn’t stopped Chen from currying favor with the government. When the Apple vs. the F.B.I controversy was making headlines, Chen, unlike other tech executives, supported the government over Apple. In an interview he said, “We are indeed in a dark place when companies put their reputations above the greater good.” So does this mean he would not protect the privacy and, by extension, the security of his customers? Yes, his statement may have given him some points with the government, but such an attitude may have given second thoughts to companies who may have been considering using any new Blackberry devices.

So does Blackberry still have a chance to get some of those lucrative government contracts? Probably not in the near future. With the recent problems with the Qualcomm chip, it’s unlikely any Blackberry devices will meet with approval. In addition, there’s the problem with the DTEK50 being manufactured in China with all the security questions that would entail. Chen has said that he expects the DTEK50 to be making a profit by September, but if it isn’t, then what? Continue throwing money down the smartphone rat hole? In February, Blackberry cut 36% of its workforce as its market share fell to 0.2%. There seems to be little fat left to trim.

Is there, then, no hope for Blackberry? Is there any miracle that could save it? Perhaps.

The key to saving Blackberry may require drastic measures, such as ditching the Qualcomm chip, although contractual obligations may make this difficult. Qualcomm manufactures its chips in China which is likely why Blackberry is producing the DTEK50 there. They are also there to keep the price of the phone low. In other words, to escape from their current dilemma, Blackberry would need to find the perfect combination of security technology and low production costs. These are the two qualities that would attract major enterprises to their phones.

For the moment, the security problems surrounding the Qualcomm chip are the most daunting.  It seems that, according to the researcher who found the vulnerabilities in the chip, patches will not work in this situation. Only a hardware-based solution to the problem is possible. As he observed, “I believe this issue underscores the need for a solution that entangles the full disk encryption key with the device’s hardware in a way which cannot be bypassed using software. Perhaps that means redesigning the FDE’s KDF. Perhaps this can be addressed using additional hardware. I think this is something Google and OEMs should definitely get together and think about.”

The Blackberry brand has always been associated with security. This is its last refuge and main marketing strong point. If you claim you have the world’s most secure phone, you have to live up to that standard. There can be no compromises here. Although a truly secure and affordable smartphone would be welcomed by numerous enterprises, it will take Blackberry a long time to rebuild its reputation to the point where it achieves the trust levels that it used to have. By that time, there may be nothing left of the company. What is really needed here is a quick but effective fix – a type of architecture that can be implemented almost immediately and, ideally, take advantage of Blackberry’s current line of phones, which do have some good points.

Because, whether Blackberry wants to admit it or not, the company is facing either the end of the road, the selling off of some of its technology, or a complete change in its business model to keep itself afloat. The smartphone market may have topped out, but there is always room in the cyber landscape for good, security architecture. The internet of things (IoT), for example, is a rapidly growing area in which Blackberry has started gaining a foothold. However, they face the same challenge in this market as they would in the smartphone market – finding a chip with hardware security that truly protects any internet-connected device from an attack.

In the final analysis, it may not be a miracle, but sound business decisions that save Blackberry. The strategy outlined above will enable Blackberry to maintain its smartphone focus while extending its technology into developing areas. However, the clock is ticking. If the DTEK50 does not meet expectations in one month, someone needs to make some big decisions. If not, the Blackberry era will come to a quiet end.

_________________________________________________________________

__________________________________________________________________

For any Blackberry readers out there. This may be your way out.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s