Archive for the ‘Security’ Category »
Saudi Arabia have asked RIM if they can read your BBIM messages, already possible
I saw Kyle post this over at BlackBerryCool.com. It’s interesting to see this pop up because in most circumstances, with a reasonably large budget it is both possible and feasible for a government with control of a telco to do it themselves.
Every single BlackBerry device that leaves the factory is automatically loaded with what’s called a Peer-To-Peer encryption key. This key is exactly the same across every single BlackBerry device. This is used to "encrypt" PIN messages between devices. If the keys were different, a recepient device would not be able to decrypt the sender’s PIN message. However, since the keys are exactly the same across all devices, this offers only a limited amount of protection. While the PIN messages are not travelling over the wire in plain text, the packets could still technically be intercepted by the carrier. With some smarts on the backend the messages could automatically be decrypted as they pass through the telco layer. See extract from KB10498 below.
During the manufacturing process, Research In MotionĀ® (RIMĀ®) loads a common peer-to-peer encryption key onto BlackBerry smartphones. Although the BlackBerry smartphone uses the peer-to-peer encryption key with Triple Data Encryption Standard (Triple DES) to encrypt personal identification number (PIN) messages, every BlackBerry smartphone can decrypt every PIN message that it receives because each BlackBerry smartphone stores the same peer-to-peer encryption key. PIN message encryption does not prevent a BlackBerry smartphone other than the intended recipient from decrypting the PIN message. Therefore, consider PIN messages as scrambled, but not encrypted.
So please don’t automatically assume that your PIN messaging (including BBIM) is completely encrypted and secure by default. The only mitigation is to have a BlackBerry Administrator set a private Peer-to-Peer encryption key which enables secure PIN/BBIM messaging between all users on a particular BlackBerry Domain (BES). Please see the following KB’s for more information.
How to turn on/off Peer to Peer encryption – 4.0, 4.1, 5.0 (KB13016).