As I mentioned before, Verizon's lack of transparency, along with their ambiguous responses to direct questions has put me in a precarious position. They've left my phone insecure so my company wanted to wipe my phone clean and disconnect it from the corporate VPN. We value our customer's personal information as a top priority.
I talked with my partner and CFO of my company about this and he worked out a solution. Once my contract ends (within a couple of months), I will be moving to a new corporate contract with AT&T that costs less than half of Verizon's. Verizon just lost a significant chunk of change each year as more employees move away from Verizon (and why wouldn't they with this sweet a deal?). Maybe this will wake them up and they will finally understand why not providing security patches is bad.
I am still deeply entrenched with the FCC and their current investigation into this practice and intend to see it though. The goal is regulation that prevent any carrier from withholding available patches from their customers. My case is a prime example of why they shouldn't be allowed to expose our phones to a successful attack when it's easy to prevent it.
I have a relatively obscure server on the network and even it is constantly being seriously (but sometimes humorously) attacked thousands of times each day. I learned a big lesson back in 1990 when a server was successfully breached and a rootkit installed. Once that happened, a complete wipe and reload of the system was required. Unfortunately, there are few tools to detect and prevent these kinds of attacks on our phones. We must rely that the phone is supported by diligence and rapid patching of any vulnerability. In the case of Blackberry, this is what they have promised and done admirably. In addition, they've locked the bootloader and provided tools (DTEK) to validate that the kernel hasn't been compromised. This is why I choose to purchase a new Blackberry and switch carriers rather than Verizon's proposal that I switch phones. The Blackberry Priv gives me security plus a physical keyboard that supports launch shortcuts and quick device searching (Not quite WebOS's "Just Type" but close enough).
I pity the consumer that ends up violated with their personal information stolen (possible identity theft), data usage goes off the chart, or their phone stops functioning because Verizon's actions.
Chief Software Architect
Personal Information removed as required by the Verizon Wireless Terms of Service
Message edited by Verizon Moderator
I think that the only issue I have with this forum is, in all the time this thread has been running, only one verizon support person, Jennifer, contributed with a single post. This was greatly appreciated by me even if it didn't add anything we didn't know to the discussion. I wish there were more support persons that took an active role to either dissuade us, comfort us, or help us in our goals.
Where did you read that BB isn't going to update Verizon? As far as I know they will send the October Security Updates to Verizon along with all their other carriers. I haven't seen the list of vulnerabilities yet. If it's like all the other updates, it will probably fix 40 vulnerabilities. Add that to the list of 260 that's sitting somewhere in Verizon instead of pushing them to our phones.
Blackberry's October patch release is now official. It fixes 57 security vulnerabilities. The new total is 317 available patches for the Priv.
Thank you for the information. I also would like Verizon to quit stalling and give customers the security updates. It is appalling to pay full price for a phone and have this company ignore me and other customers. Can you hear me now, Verizon? Very Truly Yours. KS
Thanks for the info, I've been keeping track by reading other forums, etc.
There is no reason whatsoever for Verizon to sit on the updates.
Leaving Priv on Lollipop 5.1.1 puts all users at a great security risk.
Not acceptable at all.
I fear that Verizon has just declared the Priv dead as they dropped the price from $408 to $100. Sounds like a fire-sale to me. I hope that those that pick one up get as unhappy as we are. I'm advising Pixel buyers to pick it up from Google instead of Verizon so they don't get into the situation.
If it's any consolation, the number of FCC complaints has gone up almost 300% over the last year and that was only for billing mistakes.
How is it a security risk? You only consider it a security risk
because it doesnt have Marshmallow. You could activate an old bold and the device would still be as secure as anything else's.
That may be what you think, but if there has been 317 or more security updates, besides new features since June 2016 (Lollipop 5.1.1), no matter how you look at it, we are being screwed because Verizon is not upgrading the Priv to Marshmallow. My phone is secure because I am diligent, but that doesn't mean we aren't getting ticked off by Verizon's lack of support. I am still waiting for a reply from Verizon after filing a complaint with FCC. You are honest, you don't get an answer. PHHHBBBTTT.
rpherson suggests we all pick up a device no longer manufactured. He has the audacity to suggest that this is as secure as anything on the market. Let's all pick up a Palm 680 since the company no longer exists. That must be even more secure. You don't have a clue what a secure phone is. To people that make a living in security it means rapid patching of known vulnerabilities. Yes, Lollipop is inherently less secure than Marshmallow which is less secure than Nougat. Google has documented as much. However, Blackberry has hardened the bootloader and kernels. They also have utilities to identify corruptions to the security of the kernel which makes Marshmallow roughly as secure as Nougat. Lollipop cripples DTEK analysis and functionality, hence Dick's statement is valid.