Given the news last week about the RCMP having access to BBM messages since 2010 and BlackBerry pretty much admitting that they let them have access to said messages, it made me wonder how secure BBM really is. It appears at first glance that it isn’t as secure as BlackBerry would want you to believe.
The weaknesses of BBM are best explained in this article from Encrypted Mobile where they say this:
The Achilles’ heel of BBM is that while PIN-to-PIN messages are encrypted using Triple DES, RIM adds a global cryptographic “key”, which is shared between every BlackBerry device manufactured. This automatically allows a situation (in theory, at least) where, if the messages can be intercepted at the cellular service provider’s network and the hacker party manages to spoof the intended recipient’s PIN, any BlackBerry device can be used to decrypt all PIN-to-PIN messages sent by any other BlackBerry device.While this has never happened as yet, or at least has not been brought to our attention, the scenario lies entirely within the realm of possibility.
The same key, used by all BlackBerry devices to be able to decrypt PIN-to-PIN messages, can be used by RIM at their relay station to decrypt any user’s messages. Again, this is not to suggest that RIM is in the business of reading their users’ content. However, if legally put to the task, RIM can provide decrypted PIN-to-PIN messages in clear-text to law enforcement authorities.
In short, this explains how the RCMP was able (and is likely still able) to access BBM Messages if they are going over the BlackBerry Internet Service. The article also confirms that if you use BlackBerry Enterprise Server, this is a non-issue. Though yours truly is a bit skeptical at that given the times we live in. In any case, this weakness is not trivial and should give those who use BBM a reason to wonder how private those private messages are.
Like this:
Like Loading...
Related
This entry was posted on April 20, 2016 at 9:39 am and is filed under Commentary with tags BlackBerry. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
BBM: It’s Not As Secure As You Think It Is
Given the news last week about the RCMP having access to BBM messages since 2010 and BlackBerry pretty much admitting that they let them have access to said messages, it made me wonder how secure BBM really is. It appears at first glance that it isn’t as secure as BlackBerry would want you to believe.
The weaknesses of BBM are best explained in this article from Encrypted Mobile where they say this:
The Achilles’ heel of BBM is that while PIN-to-PIN messages are encrypted using Triple DES, RIM adds a global cryptographic “key”, which is shared between every BlackBerry device manufactured. This automatically allows a situation (in theory, at least) where, if the messages can be intercepted at the cellular service provider’s network and the hacker party manages to spoof the intended recipient’s PIN, any BlackBerry device can be used to decrypt all PIN-to-PIN messages sent by any other BlackBerry device.While this has never happened as yet, or at least has not been brought to our attention, the scenario lies entirely within the realm of possibility.
The same key, used by all BlackBerry devices to be able to decrypt PIN-to-PIN messages, can be used by RIM at their relay station to decrypt any user’s messages. Again, this is not to suggest that RIM is in the business of reading their users’ content. However, if legally put to the task, RIM can provide decrypted PIN-to-PIN messages in clear-text to law enforcement authorities.
In short, this explains how the RCMP was able (and is likely still able) to access BBM Messages if they are going over the BlackBerry Internet Service. The article also confirms that if you use BlackBerry Enterprise Server, this is a non-issue. Though yours truly is a bit skeptical at that given the times we live in. In any case, this weakness is not trivial and should give those who use BBM a reason to wonder how private those private messages are.
Share this:
Like this:
Related
This entry was posted on April 20, 2016 at 9:39 am and is filed under Commentary with tags BlackBerry. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.