[Bla1ze]

You either explained that in an unfortunate way, or you do not know what PGP is. PGP, when used correctly, is not feasible for anyone to crack. If you have other info please source it. This might seem like smart-assery, but I feel it's important to not circulate false information, especially when talking about encryption technology. If you mean that BlackBerry can circumvent their own PGP encryption, you should state that specifically, because PGP in general is secure to use (if used correctly) and people reading in this forum should not be misinformed about that.



Posted via CB10

Call it whatever you want. Canadian and Dutch police claim they they've reasonably gained access on PGP Encrypted BlackBerry devices for a while now via Cellebrite tools.

https://motherboard.vice.com/en_us/a...lackberrys-too

In my case, I was referring to it in more general terms as there are several folks out there selling PGP Encrypted BlackBerry OS devices.

Using PGP itself should be fine. Placing your security faith in third-party purchased PGP Encrypted BlackBerry devices however, has proven to be less than bright.

[sinkingphoenix]

[...]
In my case, I was referring to it in more general terms as there are several folks out there selling PGP Encrypted BlackBerry OS devices.

Using PGP itself should be fine. Placing your security faith in third-party purchased PGP Encrypted BlackBerry devices however, has proven to be less than bright.

Okay, this makes more sense, the information from those devices is probably gained by having access to them when they are turned on and the PGP key is lying in memory somewhere to decrypt data on demand.



Posted via CB10

[stlabrat]

BB will assist to crack the case with police... but they will not tell you how.
https://www.thestar.com/news/canada/...in-quebec.html

[bb10adopter111]

No, Apple has told the US Department of Justice that it won't expend resources to create software that compromises the security of all of its products in order to unlock one specific phone.

Right, so other companies did it for them, and now the FBI has a universal key, which they wouldn't have bothered with if Apple has cooperated.

Posted with my trusty Z10

[stlabrat]

Right, so other companies did it for them, and now the FBI has a universal key, which they wouldn't have bothered with if Apple has cooperated.

Posted with my trusty Z10

it was not for "universal key". apple case is the prof. hardwired memory and crack the pw. Apple refuse to create a "universal key" for access based on my knowledge. Professor proves NAND mirroring attack thwarts iPhone 5c security protocols

[bb10adopter111]

Complying with law enforcement, good or bad, in this case?

https://www.engadget.com/2017/03/21/...tter-attacker/

Obviously lawful and appropriate. Suspects in a crime are subject to lawful searches. The investigating agency has to so jump a number of legal hurdles, but if they do that, they may conduct a lawful search for evidence.

In this case the suspect seems to have intentionally committed a potentially fatal assault with both forethought and malice. There are absolutely no constitutional (or ethical) issues in this investigation.

Posted with my trusty Z10

[Dunt Dunt Dunt]

Okay, this makes more sense, the information from those devices is probably gained by having access to them when they are turned on and the PGP key is lying in memory somewhere to decrypt data on demand.



Posted via CB10

That big case from last year... sounded more like the information was gotten off the company's (not BlackBerry's) servers.

Let's face it.... it's "pretty good protection" not "ultimate" or "very best".

Those companies chose BlackBerries as they are secure devices.... for a long time, it didn't take to much to plug and Android or iOS phone into a machine and all data was exposed. They then chose to use PGP as the secured communications.

Should have used SecuSUITE for BlackBerry 10.

[thurask]

Okay, this makes more sense, the information from those devices is probably gained by having access to them when they are turned on and the PGP key is lying in memory somewhere to decrypt data on demand.



Posted via CB10

https://nakedsecurity.sophos.com/201...crypted-email/

Nevertheless, NFI and the RCMP said they have been able to decrypt messages from PGP BlackBerrys, although they won’t say exactly how.

Motherboard reported that NFI may have used a method known as “chip-off,” by extracting memory chips from the device and pulling the data off them to attack it off-line, without any limits on how many password guesses are allowed, or how quickly those guesses can be tried.

Whatever technique the Dutch police used, it required physical access to the device, according to Motherboard.

[Elephant_Canyon]

Right, so other companies did it for them, and now the FBI has a universal key, which they wouldn't have bothered with if Apple has cooperated.

And which may not work at all in newer devices or operating system versions, if there are security feature added to hardware or it gets patched out. Which it probably will, sooner rather than later. And Apple was not unConstitutionally compelled to do something against its will.

[iUser]

BlackBerry has failed to provide any documentation about the security of devices including technical documentation on security features. All they provide is marketing words which are meaningless.

John Chen came out against encryption and stated he believes companies have a basic civil duty to assist law enforcement and governments.

The fact he came out against Apple when BlackBerry built their company around the claims of security is atrocious. It does not make me trust BlackBerry to not be collaborating with law enforcement and governments.

The Encryption Debate: A Way Forward | Inside BlackBerry

This whole blog entry by John Chen is repulsive and actually blows my mind.

Until BlackBerry can backup their security claims, there's no proof that BlackBerry devices are secure with no backdoors.

Basically he said nothing against Apple in this case. Apple has done the same thing BlackBerry has done. Just the same as Microsoft, Samsung, Google, you name them.

They are willing to comply with rules in the countries in which they want to sell their devices. But with no injected backdoors in their software. They are willing though, with an official judicial order, to give anything asked as long as they are having it in their servers.

However, that was not what FBI asked Apple to do. FBI wanted a version of iOS with backdoors to be installed as an update to the iPhone of a killed terrorist. This is dangerous, because at least an insider/hacker would steal this (Murphy's Law) and this would endanger Apple business.

What Chen said was - from its content - blabla without giving any clear and definite opinion to Apple's case. That is what most businessmen do, they simply want to give a speech and stay neutral.

[cbvinh]

That isn't a backdoor, though. Cops ask Twitter for account details, Twitter gives them a number. Cops ask AT&T for details on that number, they get evidence of an iPhone. Cops ask Apple about iCloud on that iPhone, they get the guy.

At no point did they have to pick any locks, not like the San Bernardino case that prompted the initial blog post.

From the OP:

"John Chen came out against encryption and stated he believes companies have a basic civil duty to assist law enforcement and governments.

The fact he came out against Apple when BlackBerry built their company around the claims of security is atrocious. It does not make me trust BlackBerry to not be collaborating with law enforcement and governments."

It seems the OP believes that any aid given to law enforcement is bad, thus I posit the case for discussion.

Would providing BBM's served via non-BES be any different than providing iCloud data? How is Apple different than BlackBerry on this? Both companies seem to say that they won't provide backdoors nor build them. BlackBerry says it's their civic duty to provide aid to law enforcement. Both Apple and BlackBerry have aided law enforcement. The only difference seems to be what is said openly while compliance is still with the law, like BlackBerry is stating the obvious, in a way.

[Drenegade]

The security is mostly marketing. They already admitted that they routinely hand over data to the cops.

Posted via CB10

[ZeBB45]

I do believe that BlackBerry have means to gain access to your BB10 device. However, I don't believe that BB10 will, by default, upload your personal information to their servers (like Google).

Posted via CB10

[Thud Hardsmack]

I do believe that BlackBerry have means to gain access to your BB10 device. However, I don't believe that BB10 will, by default, upload your personal information to their servers (like Google).

Posted via CB10

Feel free to explain how they sync data on BB10 devices if they don't.