Although the BlackBerry® smartphone uses the peer-to-peer encryption key with Triple Data Encryption Standard (Triple DES) to encrypt personal identification number (PIN) messages, every BlackBerry smartphone can decrypt every PIN message that it receives because each BlackBerry smartphone stores the same peer-to-peer encryption key. PIN message encryption does not prevent a BlackBerry smartphone other than the intended recipient from decrypting the PIN message.
That’s not a very good design for a secure messaging service. Maybe they had company support, but even without it, all they need to read every message is to capture it and replay it on any device.
Amazing contrast with Apple/Whatsapp/Signal where we can argue about whether the company can force you to accept a bogus keypair, but at least the company has to do something to target you.
A couple follow up questions now that I think about it. I’m not familiar with BB so I expected better encryption. But the true nature of the “scrambling” was documented and apparently known by people who cared.
Are the mobsters in this story among the people who cared? Did they decide to use BB as opposed to SMS because they believed it was secure or more difficult to tap? Or did they happen to use it because it was convenient without regard to security?
Personally, I would have done a lot more investigation before trusting my criminal enterprise to a messaging system, but I can also imagine somebody skipping that step and relying on popular perception. I’m curious what happened in this case.
I’m amazed BB still has a reputation for security amongst governments and enterprise. I know iPhones are very popular in enterprise deployments now, with Samsung behind them.
I actually have a BB, but only because it was cheap and I has a soft spot for a hardware keyboard.
Wow. From BlackBerry supprt:
That’s not a very good design for a secure messaging service. Maybe they had company support, but even without it, all they need to read every message is to capture it and replay it on any device.
Amazing contrast with Apple/Whatsapp/Signal where we can argue about whether the company can force you to accept a bogus keypair, but at least the company has to do something to target you.
I wonder if theo still uses a BB, I remember him saying back in 2013 or so that he did.
A couple follow up questions now that I think about it. I’m not familiar with BB so I expected better encryption. But the true nature of the “scrambling” was documented and apparently known by people who cared.
Are the mobsters in this story among the people who cared? Did they decide to use BB as opposed to SMS because they believed it was secure or more difficult to tap? Or did they happen to use it because it was convenient without regard to security?
Personally, I would have done a lot more investigation before trusting my criminal enterprise to a messaging system, but I can also imagine somebody skipping that step and relying on popular perception. I’m curious what happened in this case.
I’m amazed BB still has a reputation for security amongst governments and enterprise. I know iPhones are very popular in enterprise deployments now, with Samsung behind them.
I actually have a BB, but only because it was cheap and I has a soft spot for a hardware keyboard.
BB offers enterprises more than security. It offers them control. In many cases, they want the ability to intercept all messages from a device.