- 01-24-2013, 01:48 AM #126
- 01-24-2013, 02:01 AM #127
Just a though about whatsapp !!
- 01-24-2013, 02:15 AM #128
PS if one really wants to they can encrypt pin to pin messages as explained here by I can't remember who, I just saved the how to do it:
1) Select contact from contact list that has a BlackBerry pin saved.
2) Hit the menu button and select option to send a pin message to that contact.
3) Go up to where it says encoding and select s/mime (encrypt)
4) Once S/mime (encrypt) has been selected hit the BlackBerry button and select options. Scroll down to select use password based encryption, hit the BB button and save.
5)Type message keeping in mind the subject line will not be encrypted.
6) Hit the BB button and send
7) Enter the password the recipient will need to enter upon receiving the message in order to decrypt an read it.
8) Once password has been entered twice, select ok to send your encrypted message to your contact. Once they enter the password on their phone they will be able to read the body of the message.
- 01-24-2013, 02:31 AM #129
Nothing in what they are describing looks to be particularly difficult for anyone to attack or at least one doesn't seem to be any more difficult than another. Short of taking a sabbatical and making it a grad school project it's going to have to be an assumption I'm making in both cases, but again, from what is described it does not look difficult to attack.
Government agencies may well use BBM over BES with supplemental security, I'm sure they don't use BBM over BIS for anything remotely sensitive.
Thanks for the description of how to encrypt the message but some of the same fundamental problems exist - it's a symmetric cypher and there needs to be a secure way of exchanging the key between the sender and recipient (PGP does something like this - or used to - the message is encrypted with a symmetric cypher but then that key is encrypted with the target public key, in the old days the encryption was too CPU intensive to do this for the entire message but I imagine now it's within reason). This is effectively the same security whatsapp has again - the message is encrypted but the key is communicated in the clear. If the key is intercepted during transmission, the message is vulnerable. Basically exactly the same thing those 1-8 steps above provide for, except there is at least the option in that situation of meeting and exchanging the shared secret or of communicating it in some other known secure way.
Last edited by valeuche; 01-24-2013 at 02:45 AM.
- 01-24-2013, 02:45 AM #130
What you maybe missed about Whatsapp is they base encryption on device mac number or imei etc
And what's more important a BBM identity cannot be stolen, you can't clone a pin and spoof it on the network, period. Phone numbers, well you know how easy that is.
- 01-24-2013, 03:01 AM #131
Communications security establishment canada specifically calls some of this out:
Security of BlackBerry PIN-to-PIN Messaging
PIN-to-PIN transmission security: PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic "key" that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the "BlackBerry Solution Security Technical Overview"  document published by RIM specifically advises users to "consider PIN messages as scrambled, not encrypted".
Note the recommendations include using BES with a privately generated key, but that this negates the ability to communicate PIN to PIN to outside-of-enterprise devices. I have no idea if that is accurate, but that's what CSEC states there.
I'm not sure how much further to go with the discussion. A Crackberry editorial says that BBM over BIS is not secure ( Is PIN to PIN messaging secure? | CrackBerry.com ), a number of blogs indicate that it is not secure and as per the link I already provided the CSEC indicates it is not secure. Additionally it certainly doesn't seem secure in how it is described. I suspect further discussion will just go back and forth with you saying "it is secure, no one has ever broken it" and me saying "it is repeatedly stated that it is not secure by RIM itself, various agencies and various publications". Yes, I can't find a youtube video with someone decrypting a message taken out of a GSM frame and decrypted, but I also don't think the kinds of agencies that do this sort of thing put their findings on youtube.
- 01-24-2013, 03:13 AM #132
Re: Just a though about whatsapp !!
Awwww look. One of the fake accounts finally got the courage to do more than like spam.
I had to get the red SGS3...garnet is my birthstone! Excuses sent via Tapatalk 2
- 01-24-2013, 03:16 AM #133
- 01-24-2013, 05:33 AM #134
You know, seriously Varun Sain, no more kidding around here, OK? Seriously now...
Do you really think that engaging in this kind of behaviour is worth having your IP trapped and blocked? It's not just CB....there are laws in India that deal with internet/communications abuse. You have established a well seen pattern here and I don't think that this kind of childish behaviour is worth an impact to your being able to conduct your business. You are defacing an internet site, stalking three women, bullying.....all for the sake of a piece of plastic and wires.
Now....this is the last time that I will address you in a sensible, logical manner. I really don't want to act against you, so don't push my hand. You have shown a clear pattern and if you think just creating a new account is the end of it, you are incorrect. Seriously, stop and think. Research regulations and laws in India against this kind of stalking, defacing, bullying, and misogyny.
This is the last time.
From this point there will be action against you.
http://cybercellmumbai.gov.in/Do not meddle in the affairs of dragons; for thou art crunchy, and good with ketchup
"When debate is lost, slander becomes the tool of the loser" ~Socrates
- 01-24-2013, 05:58 AM #135
Re: Just a though about whatsapp !!
Ok things are a biiit off topic. Getting back to BBM encryption and PIN-TO-PIN encryption let us go straight to the source.
There is a global 168bit TDES key. Keep in mind that every BlackBerry shares this key, but it is still encrypted. It should not been considered secure, but it is better than text etc.
Whatsapp says they are encrypted but I don't see the method. They also have some history of privacy issues so I would be cautious there.
Last edited by Sith_Apprentice; 01-24-2013 at 01:48 PM.~S_A
- 01-24-2013, 10:04 AM #137
Valeuche, any threat to BIS BBM security will come from law enforcement via a lawful request to intercept communications or your locked device ending up in the hands of a skilled forensic analyst with access to specialized equipment and restricted software costing several thousand dollars. If you need/desire to thwart these types of attacks, use PGP, protect your keys with a long, randomly generated password, and pray that the recipient shares your commitment to security/privacy.
- 01-24-2013, 11:01 AM #138<a href="http://www.galatis.de/starboard.php?d=5518"><!-- Something special for the spammers --></a>
CrackBerry... where only Stupid People fight about Smart Phones
- 01-24-2013, 11:28 AM #139
- 01-24-2013, 01:04 PM #141
- 01-24-2013, 01:42 PM #142
Also a wipe, with content protection set to "Stronger" or higher, will erase ALL data on the device, compliant with US Govt standards. On devices 4.5 and newer, this can be used to sanitize devices that have had classified data leak onto them.~S_A
- 01-24-2013, 02:15 PM #143
- 01-24-2013, 02:51 PM #144
To answer your question I think that you will have no luck getting anything back if the device has had the passcode entered incorrectly X times and caused a wipe to commence.
I had this same issue with a customer who gave me 12 variations of a password to try, obviously I was going to only be able to try 10 of those, so, after prioritising the list of 12, 10 passwords were entered, each of which was unsuccessful. The device commenced the wiping operation. I attempted to remove the battery and replace, but the wiping continued once the battery was replaced.
After this I took a physical acquisition using UFED and got absolutely nothing back. It is my understanding that the wipe operation doesn't just replace the file system but actually zeros out the memory space first.
If my memory serves me correctly it was an 8520 which I did this on.
- 01-24-2013, 05:15 PM #145
- 01-24-2013, 06:36 PM #147
- 01-25-2013, 01:27 AM #150
- By gtpx02 in forum Storm OS DiscussionReplies: 30Last Post: 04-03-2009, 06:57 AM
- By onlyonepost in forum Storm OS DiscussionReplies: 149Last Post: 03-08-2009, 06:46 AM
- By zoi in forum T-MobileReplies: 7Last Post: 01-15-2009, 05:09 PM
- By zaydaboss in forum BlackBerry 8830 WEReplies: 9Last Post: 06-25-2008, 02:41 PM
- By btownsoccerstud in forum BlackBerry Curve 83xxReplies: 3Last Post: 03-17-2008, 10:32 AM