The Advantages of BlackBerry UEM for Mobile Device Management

Myntex Data Center

BlackBerry® Unified Endpoint Manager unlocks the Android For Work security component built into Android devices. This allows Myntex to deploy our encrypted mobile solutions on authorized off the shelf devices around the world. BlackBerry UEM is an important component of our organization as it works with a wide variety of models for use with ChatMail™.

We can attest to the fact, “With its single management console and trusted end-to-end security, BlackBerry UEM provides flexibility and security to keep your employees connected and protected so they can work from practically any device, anywhere.”  

Our History With BlackBerry

We were inspired by the security and privacy afforded by BlackBerry Messenger and all the capabilities of the BlackBerry phones. As a company, Myntex began offering PGP encryption on BlackBerry phones as a white label solution in 2011.

BlackBerry phones introduced Secure Wipe and Remote data wipe, two of the features that businesses appreciate to secure their data in situations such as when an employee loses their phone or is terminated.

The Many Ways of Using UEM

As stated on their website, “You can install BlackBerry UEM in an on-premises environment for the utmost control over your servers, data, and devices. This prevents any third party from having access to the secure configuration. An alternate method is to use BlackBerry UEM Cloud, which offers an easy-to-use, low-cost, and secure solution. BlackBerry hosts BlackBerry UEM Cloud over the Internet. You only need a supported web browser to access the service.”

Rather than using BlackBerry UEMs virtual machine on their cloud, Myntex runs a self-hosted instance in our own private data center. This allows us to maintain granular control over our infrastructure, eliminating the risk of unauthorized access and intrusion.

How Myntex Adopted BlackBerry UEM

In 2005, Blackberry released BBM Enterprise through the Google Play Store and then on the Apple Store. The BlackBerry Wikipedia page refers to BBMe as “An IP-based enterprise instant messaging platform that provides end-to-end encryption for voice, video, and text-based communication.” Afterwards, a Software Development Kit was issued for BBMe, which gave Myntex the impetus to create ChatMail.

BlackBerry Enterprise Server was introduced in 1999 and by 2008, as technology changed, BES became vulnerable to several issues that eroded its’ security. The company acquired a solid MDM solution from Good Technology and merged it with BES, rebranding the combined service as BlackBerry UEM.

BBMe let developers add the brand’s trustworthy capabilities into their own applications, including secure messaging, voice, video, and file sharing. BBMe was developed, first and foremost, as a business tool, and (was) a lot more streamlined by design . . . Because it was built for use in high-security industries, BBMe (offered) stronger encryption than BBM. BlackBerry retired BBM in 2019.

UEM has many different configuration options, you can choose to integrate with Microsoft based products like active directory and Microsoft Exchange, but you can also use it as a standalone secure AFW management tool. Without having to introduce additional third-party software. We do not use Microsoft Exchange or active directory because they introduce further vulnerabilities. We only use UEM for securing and locking down the phone. BlackBerry UEM provisions the phone and secures the device using the built-in security policies provided by Android For Work.

What Does Blackberry Have Access To?

The ingenious design of UEM, in conjunction with AFW, allows us to privately manage our own secure, private version of the Google Play Store. This organizational play store is only available on our custom devices and can only be managed by our company. This is very different from what is available on standard smartphones. Our organizational play store is controlled exclusively by Myntex. All applications are signed internally with our cryptographic keys, further guarding against malicious code attacks. This allows secure distribution of our custom applications to UEM secured devices.

BlackBerry UEM has no access to our ecosystem at all. This means UEM doesn’t have access to any of our infrastructure, nor do they have access to the application data on our secure devices. Furthermore, UEM doesn’t track your location. If the GPS was ever accessed maliciously, mock location data is sent – further ensuring your privacy.

A Global Industry Leader

Today, BlackBerry UEM ranks alongside the market front-runners including Microsoft Endpoint Manager, VMware Workspace One, Citrix Endpoint Management, IBM MaaS360, and Ivanti UEM.

The Best UEM software will be a matter of choice for each enterprise depending on the needs within the Internet of Things they want to securely enable. “Using BlackBerry UEM, enterprise workers can work from almost any device, anywhere, using a single management dashboard and end-to-end security.”

Key Blackberry UEM Differentiators:

  • provides behavioral risk scores to users based on applications usage, with users who use applications consistently being deemed low risk
  • offers multi-factor authentication for a secure and easy connection to a VPN on a device
  • manage mobile devices from a single management interface, reducing risks and ensuring regulatory compliance
  • ownership model includes bring your own device company owned, personally enabled, and company owned business only
  • supports wearables such as smart glasses

For our purposes, Myntex trusts UEM to seamlessly provide Mobile Device Management to support our need to control mobile device functionality, including device enrollment, and device lockdown.

Ransomware-like Attack in Ukraine – HermeticWiper

We’ve become accustomed to hearing news about cyber warfare. From hacks to ransomware and misinformation—bad actors have made worldwide headlines with their malicious attacks.

There are measures you can take to protect yourself, like using industry-leading cell phone encryption to stay a step ahead of threats. By the time you realize you have been targeted by hackers it is too late.

Just days before Russia’s invasion of Ukraine a malware menace, known as HermeticWiper, struck Ukrainian entities as well as related targets in Latvia and Lithuania. Examining this data wiping malware reinforces the need for ensuring every exposed vector has the best digital security. Let’s take a closer look at HermeticWiper to see how destructive it is.

HermeticWiper and HermeticRansom

On February 24, 2022, after a series of distributed denial of service attacks against Ukraine, designed to knock websites offline—overwhelming them with requests until they crash—a Slovakian security firm was first to report it found the wiper on hundreds of machines in Ukraine. Another 50 banking systems with government contracts were reported by Symantec to have been hit in Ukraine.

The malware was given the name “HermeticWiper” because of a digital certificate stolen from a company called Hermetica Digital Ltd. The first variant of this malware surfaced in November 2021.

Lawrence Adams of Bleeping Computer says, “A data wiper is malware that intentionally destroys data on a device to make the data unrecoverable and for the operating system to no longer work correctly.”

HermeticRansom, also known as PartyTicket, was created with Go open-source programing language. It struck on the same day as the highly effective HermeticWiper. HermeticRansom had a decidedly unsophisticated style and poor implementation. There was no obfuscation or intent to misdirect, and the functioning was straightforward, suggesting it was created quickly, leading experts to suspect it was a distraction to help the HermeticWiper do more damage.

Mobile solutions like ChatMail™ have military-grade strength encryption, proprietary server storage, and secondary security features preventing malware like these type of wiper attacks. ChatMail’s technology doesn’t allow third-party apps which perpetrate this type of attack. Additionally, it is worth mentioning these targeted attacks were directed at the Ukraine government and not the public.

Who Was Responsible?

Like ransomware, a wiper requires the compromise of identities and the abuse of privileged credentials. 

Given the nature of the ongoing war in Ukraine and the cyber conflict, future attacks could easily expand in scope. Russian oligarchs are frantically moving their money in the wake of international sanctions, while government officials and journalists operate in a climate of intense eavesdropping and information control.

Other similar cyberattacks, notably WhisperGate (which sent a fake ransomware note before rendering the Master Boot Record useless once the computer is shutdown) prompted warnings from several US government agencies. Regardless of who is to blame, these wiper attacks are designed to prevent targets from using their devices to access data and further enforce the need for heightened vigilance.

Given the nature of the ongoing war in Ukraine and the cyber conflict, future attacks could easily expand in scope. Russian oligarchs are frantically moving their money in the wake of international sanctions, while government officials and journalists operate in a climate of intense eavesdropping and information control.

Whoever was responsible, there’s nothing to suggest that the next cyber-victim will be confined to a military opponent in the war itself. The code’s simplicity, along with the spelling and grammar errors, suggests it was slapped together.

Plausible Deniability

The nature of cyberattacks makes it difficult to peg down precisely who was responsible, as attackers can always invoke plausible deniability. For example, hackers can partially take over your home computer and use it, without your knowledge or approval, to launch cyberattacks.

One researcher told BBC News, “Ukraine’s military and banking websites have seen a more rapid recovery, likely due to preparedness and increased capacity to implement mitigations.”

Governments and enterprises need to protect every aspect of their business with digital security designed from the ground up. Myntex provides you with complete mobile device security.

We designed and built ChatMail from the ground up, including our custom encryption protocol. For your protection, anything unencrypted isn’t displayed. Our parsing algorithm takes emails sent with external PGP encryption and displays them in an easy-to-read bubble that looks like a chat message. Confidential communications remain private as no threads remain on our servers. We do not have roster, group, or message storage. You can access and delete your confidential information while being offline.