- 05-14-16 07:15 PMLike 0
- Have you read the bbm protected security note? Bbm protected uses End to End crypto. The security note goes into detail about the threat model. Basically the only thing bbm protected doesn't do is use ephemeral keys(Signal uses ephemeral keys). With ephemeral keys each message you send is encrypted with a random key, so if you deleted a conversation (and the app is programmed correctly to delete traces of these keys) there will be no way to retrieve that conversation even if your device is recovered, say by the government. With bbm protected there is a single signing and encryption key pair per contact. This key doesn't change and is used in conjunction with keying material to generate each message key. As long as no one gets access to your keys your communication is safe.
http://help.blackberry.com/detectLan...-security-pdf/
Posted via CB1005-14-16 07:19 PMLike 0 - Have you read the bbm protected security note? Bbm protected uses End to End crypto. The security note goes into detail about the threat model. Basically the only thing bbm protected doesn't do is use ephemeral keys(Signal uses ephemeral keys). With ephemeral keys each message you send is encrypted with a random key, so if you deleted a conversation (and the app is programmed correctly to delete traces of these keys) there will be no way to retrieve that conversation even if your device is recovered, say by the government. With bbm protected there is a single signing and encryption key pair per contact. This key doesn't change and is used in conjunction with keying material to generate each message key. As long as no one gets access to your keys your communication is safe.
http://help.blackberry.com/detectLan...-security-pdf/
Posted via CB1005-14-16 07:19 PMLike 0 -
-
Even if you implemented a system that required both Alice and Bob to be on the network simultaneously, a third party with enough visibility on the network could intercept and save the message. If this threat model is important to you, then you want to have end-to-end encryption such that no third parties have access to the keys.
LeapSTR100-2/10.3.2.2876jope28 likes this.05-15-16 08:19 AMLike 1 - Any chat system that has the property where Alice can transmit a message to Bob, when Bob is off the network, and Bob can later receive the message when Alice is off the network must have the property that the messages are stored on some intermediate system that is always on the network. Otherwise the only way Alice can send a message to Bob is when both are on the network at the time the message is sent.
Even if you implemented a system that required both Alice and Bob to be on the network simultaneously, a third party with enough visibility on the network could intercept and save the message. If this threat model is important to you, then you want to have end-to-end encryption such that no third parties have access to the keys.
LeapSTR100-2/10.3.2.2876
Hope they come up with an innovative way for Alice and Bob's communications not needing to go through that 3rd party (in the case of BBM Protected it's BlackBerry servers) and still get messages through even when one is out of network range temporarily.
I'm guessing it would take a company like BlackBerry to come up with a creative design of making the devices themselves serve as servers or some great computer engineering technique/idea (just hoping it can one day be possible lol).
Alice and Bob remain hopeful that someday they can have end-to-end encryption without that going through a 3rd party server.
I just wish they made purchasing BBM Protected as easy as it is to buy stickers on BBM!
Passport/SQW100-3 .2876 CB10 05-15-16 09:46 AMLike 0 - Thanks for the clarification regarding BBM Protected going through BlackBerry servers.
Hope they come up with an innovative way for Alice and Bob's communications not needing to go through that 3rd party (in the case of BBM Protected it's BlackBerry servers) and still get messages through even when one is out of network range temporarily.
I'm guessing it would take a company like BlackBerry to come up with a creative design of making the devices themselves serve as servers or some great computer engineering technique/idea (just hoping it can one day be possible lol).
Alice and Bob remain hopeful that someday they can have end-to-end encryption without that going through a 3rd party server.
I just wish they made purchasing BBM Protected as easy as it is to buy stickers on BBM!
Passport/SQW100-3 .2876 CB10
The only way to avoid a third party or third system is to require that Bob and Alice be on the network simultaneously for the traffic to be passed, otherwise it fails. You could make it stay on Alice's phone until they are both on, but that may take a long time. Who has a mobile phone but not call answer these days? I think such a limitation would be a non-starter for most users except is very specific use cases which aren't going to be commercially successful.
LeapSTR100-2/10.3.2.2876jope28 likes this.05-15-16 12:48 PMLike 1 - Understood but my question is do both versions have data that passes through BlackBerry servers which can be decrypted by BlackBerry and handed over to the authorities if warranted?
This is the reason my friends asked me to get one of the said apps above
Posted via CB10
Passport SE: All the snooty prestige of a device with a precious metal in the name at less than half the price!05-15-16 08:41 PMLike 0 -
Now usually in order to prevent a Man in the middle, you will usually do some kind of key verification. In bbm protected keys can be manually verified. So when you start a chat with someone, you can text,email or manually give them what is called a passphrase(e.g. Call them or do it in person). If the passphrase match, then bbm will know the key exchange is valid(ssee attached image). BlackBerry also has something called autopassphrase, where blackberry does the passphrase for you. In this scenario if they wanted to they could potentially do a bad thing and intercept you. If however you worried about about blackberry doing something like that you should probably worry about them just sending an os update that logs every key you type, basically you goto trust something.
Now as far as BlackBerry saving your communications there are some kinds of information they have access to, but with an end to end encryption that is no different than the information your phone company has when using phone Internet, or that you Internet company has on you when using wifi.they can see who you are messaging, and how big the message is or good old NSA. There are some protocols to hide this information, but bbm isn't one.(bbm encrypts tragic to its service, so the Internet providers will only know that it's bbm traffic)
Posted via CB10anon(8719892) likes this.05-16-16 10:01 AMLike 1 -
-
-
-
There are some protocols (OTR, Signal), that use ephemeral keys. They are done in such a way that once the message is sent the keys are forgotten and there is no way to get them back, so even if someone stole your device they probably would only get what is visible in the chat window. What blackberry has is good enough (good enough for nation states even). I still need to read the security note for secusmart, but I believe secusmart uses ephemeral keys, but it costs a whole lot more than bbm protected and doesn't support protected plus.
Posted via CB1005-16-16 09:02 PMLike 0 -
Also if blackberry didn't store the messages, how would they be able to deliver the message if someone's phone died and they just recharged it? It would be nice if people weren't just saving everything, but such is the world we live in
Posted via CB1005-16-16 09:08 PMLike 0 -
Posted via CB1005-17-16 12:20 AMLike 0 - Message that stored in the cloud only be there for a while and mostly a few hours after that it's gone an you have send it again. I believe the cloud storage of bbm is limited also with space. So if it gets full old message are lost and the sender get a message of not delivery.
Posted via CB1005-17-16 01:06 AMLike 0 - Did anyone get the mail shot selling BBM protected and video? I cant put my hands on it, but the way it was word its obvious BBM is not secure. It included a 'peace of mind' type quote for Law Enforcement BBRY would comply. Even BBMP is stored on servers forever & it looks like they CAN access them. If anyone has the mailshot uploaded it please.07-02-16 03:23 PMLike 0
- Did anyone get the mail shot selling BBM protected and video? I cant put my hands on it, but the way it was word its obvious BBM is not secure. It included a 'peace of mind' type quote for Law Enforcement BBRY would comply. Even BBMP is stored on servers forever & it looks like they CAN access them. If anyone has the mailshot uploaded it please.
https://help.blackberry.com/detectLa...-security-pdf/
LeapSTR100-2/10.3.2.287607-02-16 05:47 PMLike 0 - 07-03-16 09:10 AMLike 0
-
LeapSTR100-2/10.3.2.287607-03-16 09:57 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Is BBM protected still secure?
Similar Threads
-
Blackberry Protect Not Being Updated By BB?
By markmall in forum BlackBerry 10 OSReplies: 32Last Post: 04-23-16, 02:53 PM -
My BlackBerry PlayBook is possessed by a ghost.
By Tezcatlipoca91 in forum BlackBerry PlayBookReplies: 2Last Post: 04-22-16, 06:40 PM -
Found this trailer on youtube. Is this official?
By michaelgo101 in forum BlackBerry PrivReplies: 10Last Post: 04-22-16, 12:34 PM -
BB Protect Mobile site?
By GX624 in forum BlackBerry 10 OSReplies: 2Last Post: 04-22-16, 12:26 AM -
How hard it is to integrate an app into the Hub?
By Polt in forum BlackBerry 10 OSReplies: 1Last Post: 04-21-16, 05:17 AM
LINK TO POST COPIED TO CLIPBOARD