[LoRes]

I have a Pearl 8130 and want to make it untraceable or other cool stuff especially with texts (meaning they can't be intercepted). How do I go about doing this? I read cool stories about it like this once in a while:
foxnews .com /story/0,2933,337595,00.html?sPage=fnc/scitech/cybersecurity

I know there are third party people that can give you military level encryption protection, but I don't need that much because I am not Prezz Obama. I was wondering if Blackberries out of the box are like this to some degree, if you have to enable content protection which is under security ops to get this, or if you HAVE to give it to a third party guy to get this type of security.

[LoRes]

anyone know? Otherwise I'm guessing this is completely out of the civilian league.

[greydarrah]

I searched on google and found a couple of articles like this (The Mobile Technology Weblog: Encrypted SMS), but nothing relating to BB. We may be out of luck for now.

I recommend you email RIM and ask them about it.

[LoRes]

Thanks grey. That gave me some more ideas on what to search for.
My best bet on what I'm looking at is S/MIME it seems... It sounds to me like it encrypts email on the phone, sends it, then another phone with S/MIME decrypts it. I couldn't find any other way to do this without buying fancy software, and it looked like it was extraordinarily hard to encrypt anything other than email.

S/MIME seems very complicated to setup. Happen to know any good guides?


P.S. What is RIM's appropriate email? I am having trouble finding their tech support. It looks like you have to buy tech support coverage to even be able to email them.

[mrbones]

Your best bet is call your carrier and explain the problem to a CSR and ask them to transfer you to a BB tech specialist. They're not always the most knowledgeable, but chances are if they don't know the answer they can find out for you.

Posted from my CrackBerry at wapforums.crackberry.com

[Sith_Apprentice]

SMS is encrypted on a very basic level, 6 or 7 bit if i recall correctly. All e-mail on BIS is encrypted between the NOC and the BB and vice-versa. PIN messages are encrypted (and with BBM 2 there is an additional layer of security). On a corporate network, you have the option to have everything AES encrypted between the BB and the BES (and vice-versa).

Please see BlackBerry - BlackBerry Security Approvals and Certifications

Please keep in mind this is out of the box

[SevereDeceit]

Glad to see you on the forums lately Sith, I find your posts very informative...

[abnorml1]

This is a very interesting subject. I too am interested in encrypting my BB. Thanks for the info all!

[LoRes]

SMS is encrypted on a very basic level, 6 or 7 bit if i recall correctly. All e-mail on BIS is encrypted between the NOC and the BB and vice-versa. PIN messages are encrypted (and with BBM 2 there is an additional layer of security). On a corporate network, you have the option to have everything AES encrypted between the BB and the BES (and vice-versa).


Please keep in mind this is out of the box

Thanks for the good information. I am not on a corporate network. I would like that much encryption, but I assume it is far beyond what I am looking to do.

I looked at a few of the ways to communicate, and it seems everywhere else I checked says pin to pin and BBM are not secure ways to talk, as they are sent as plain text... But I didn't plan on using those two anyway.

Anyway, that leaves me with just a couple questions now: Do phone companies (I'm on US Cellular) keep copies of Blackberry texts? If so, are they encrypted or plain text there?

Is e-mail thus more secure than texting? I could always replace my texting by sending an email to somebody's phone number...

[Sith_Apprentice]

SMS archiving is up to the carrier. BBM/PIN ARE encrypted and travel through the RIM NOC and are not traceable (unless on a BES). E-Mail to a phone number is transcribed to text, and thus just as secure as text messaging. E-Mail to E-mail is secure only from BB to NOC, not from NOC to other mail server. Those security validations are present on ALL devices, the crypto kernel is there in the core OS.


I have been posting 10-20 posts a day for a while, though i normally am doing troubleshooting. Thank you for the welcome

[oasissux]

SMS archiving is up to the carrier. BBM/PIN ARE encrypted and travel through the RIM NOC and are not traceable (unless on a BES). E-Mail to a phone number is transcribed to text, and thus just as secure as text messaging. E-Mail to E-mail is secure only from BB to NOC, not from NOC to other mail server. Those security validations are present on ALL devices, the crypto kernel is there in the core OS.

With regards to PIN/BBM, I find it hard to believe that a BIS Blackberry is more secure than one on a BES. When I think security, I think about anyone, law enforcement included, snooping around.

[Sith_Apprentice]

BIS is not more secure than a BES...
BES traffic is encrypted 3DES/AES from device to BES on all traffic that passes through the BES (with a private master key), and can layer on PGP or S/MIME for e-mail traffic that passes outside of the network. BIS is encrypted with a master key present to RIM to the NOC. Law enforcement has been unable to get the rights to intercept/read PIN messages in the past. Which is why the BB is so attractive to certain criminal elements.

[oasissux]

Law enforcement can easily get the 'right' to intercept/read messages, all they need is a warrant. So, if BES admin can view BBM/PIN messages, they would have to hand that info over to law enforcement. What you suggested was that BIS users' BBM/PIN messages were 'untraceable'. Thus, BIS users' BBM/PIN messages are more secure than BES users. And I find that hard to believe. What am I missing?

In the past, I've been told that carrier provided email is a joke, as far as security is concerned and that PIN/BBM is not secure either. The solution was to layer PGP on BES, for maximum security and to avoid SMS, PIN/BBM altogether.

[Sith_Apprentice]

PIN/BBM must be logged on the BES to have it traceable. By default this is not done. BIS passes through RIM servers, and has not been given out to government agencies. (there have been several stories out of Miami with drug enforcement agencies requesting PIN/BBM conversation logs and not being provided them by RIM, or the encryption keys used to decrypt them) RIM has the ability to decrypt this, as they do any data that passes through that is not encrypted at a seperate point (S/MIME, PGP, and BES)


To Compare -
BIS uses SSL, BES 3DES/AES encryption. (e-mail)
For BBM/PIN its Peer to Peer. BB to NOC to BB with no staging/decryption at the NOC level. For BES its BB - BES - NOC - BB

[ScienceRules]

All e-mail on BIS is encrypted between the NOC and the BB and vice-versa.

I don't think so.

The service records for BIS email show NO ENCRYPTION.

As you probably know there are three crypto options in the service record:

No Encryption
RIM Encription
RIM (BIS) Encryption

BES users will have RIM Encryption selected and mostly everyone else will have NO Encryption.

To view your service record details import it to a simulator and type in alt-SBEO in the Service book screen.

sR

[RealRadRIMExpert]

I don't know how you can suggest BIS encryption is happening at the NOC. BIS security is dependent upon the email provider or service you are using; hence, there is a lesser level of security/encryption. Even with BES, there is no encryption happening at the NOC - it is initiated at either the device level or at the BES level. Please show me any proof whatsoever that there is encryption happening at the NOC by telling me which function within the NOC is doing the encryption. There is a BIS server within NOC, but it is not encrypting. So then where? If you can prove it, then you can prove the RealRadRIMExpert wrong....

[crazy canuck]

I don't know how you can suggest BIS encryption is happening at the NOC. BIS security is dependent upon the email provider or service you are using; hence, there is a lesser level of security/encryption. Even with BES, there is no encryption happening at the NOC - it is initiated at either the device level or at the BES level. Please show me any proof whatsoever that there is encryption happening at the NOC by telling me which function within the NOC is doing the encryption. There is a BIS server within NOC, but it is not encrypting. So then where? If you can prove it, then you can prove the RealRadRIMExpert wrong....

RealRadRIMExpert here is the deal.
RIM has racks of servers that are POP'ing BIS email accounts. The email payload is pulled to the BIS server, then encrypted by Triple DES(it never used to be Triple DES but I am pretty sure it is now) and then routed to the NOC for delivery to the BB. (note this Triple DES key is common to every single BIS BB). Do not confuse the NOC which is the delivery centre with the BIS infrastructure which is used to poll for email and transcode browser pages for delivery to the BB BIS folks.

[RealRadRIMExpert]

RealRadRIMExpert here is the deal.
RIM has racks of servers that are POP'ing BIS email accounts. The email payload is pulled to the BIS server, then encrypted by Triple DES(it never used to be Triple DES but I am pretty sure it is now) and then routed to the NOC for delivery to the BB. (note this Triple DES key is common to every single BIS BB). Do not confuse the NOC which is the delivery centre with the BIS infrastructure which is used to poll for email and transcode browser pages for delivery to the BB BIS folks.

Thanks for your quick response Crazy Canuck~ So, to make it clear, the BIS infrastructure is not happening at the NOC - the encryption happens before entering the NOC and then is relayed to the device for decryption (triple-DES or whatnot)? The reason I ask is because I had an ex-RIM guy tell me that the BIS server was inside the NOC, yet according to the technical overview it looks like its outside (and also, if so, then where is it really located?). Thanks in advance, Crazy Canuck...you seem to be a worthy expert.

[crazy canuck]

Thanks for your quick response Crazy Canuck~ So, to make it clear, the BIS infrastructure is not happening at the NOC - the encryption happens before entering the NOC and then is relayed to the device for decryption (triple-DES or whatnot)? The reason I ask is because I had an ex-RIM guy tell me that the BIS server was inside the NOC, yet according to the technical overview it looks like its outside (and also, if so, then where is it really located?). Thanks in advance, Crazy Canuck...you seem to be a worthy expert.

You are correct. Think of the NOC as one giant router and the BIS infrastructure as the servers. They are separate from an architecture perspective but they could actually be co-located in the same physical building(s).

Each BB has an IP address on the carriers internal network. RIM has hardware at each of the carriers that does a mapping from PIN/email to IP address. So if I am sending you an email, in the header of the email contains either your PIN/email. The NOC parses the header then compares it to the lookup table and says ahh this person is located on the t-mobile or verizon or vodafone network etc. The NOC then routes the message to its hardware inside the carrier for internal delivery to the appropriate IP address. Because the hardware is inside the carrier network (with a pipe to the NOC) it can 'push' the email to the IP address.

LOL...sorry for the long answer. I actually explained push email also because it is important in this context.

Lastly if you are a trekkie, think of your BB as a Borg and the physical NOC as the Borg Cube and the NOC routers as the collective. Now fast forward 10-20 years and someday we will all have a wireless connection from our spinal cord to the RIM NOC and then we won't need to type, we will be able to communicate to each other via thought. and the RIM NOC will route our thoughts just as today it routes our email...Yes this should scare you.

[Radius]

As for the SMS thing, it's not encryption, it's encoding. This just means how it's represented in the octet stream as it's being transmitted. Also, our format isn't the rule. Different countries have different encoding as their character sets will be different from ours.

Anyone with some basic knowledge can get their hands on SMS data providing they have access to it in the first place.

[dgburns]

SMS is encrypted on a very basic level, 6 or 7 bit if i recall correctly. All e-mail on BIS is encrypted between the NOC and the BB and vice-versa. PIN messages are encrypted (and with BBM 2 there is an additional layer of security). On a corporate network, you have the option to have everything AES encrypted between the BB and the BES (and vice-versa).

Please see BlackBerry - BlackBerry Security Approvals and Certifications

Please keep in mind this is out of the box

Thank You for the link Sith. It got me to the BIS Security Feature Overview doc, which quite clearly disputes your statements.

http://docs.blackberry.com/en/smartp...001-3.0-US.pdf

On Page 2 it is clearly stated that email between device and RIM is NOT encrypted, and on Page 3 it is clearly stated that PIN messages are not encrypted.

[Sainthak]

BIS is not more secure than a BES...
BES traffic is encrypted 3DES/AES from device to BES on all traffic that passes through the BES (with a private master key), and can layer on PGP or S/MIME for e-mail traffic that passes outside of the network. BIS is encrypted with a master key present to RIM to the NOC. Law enforcement has been unable to get the rights to intercept/read PIN messages in the past. Which is why the BB is so attractive to certain criminal elements.

This has been an interesting thread. I am a believer that the Law/Government has access to and can get any information they want to, but the key is to make it as difficult and strenuous and as expensive as possible. If the process requires alot of paper pushing chances are it will take a long time, better yet it may be forgotten about. I believe encrypting your bb will help do just that. AT&T has been notorious for handing over log files and privacy information of customers due to being subpoenaed. 1) I wonder what makes RIM different in the fact that they haven't handed over any log files of customers transactions? 2) Does encrypting your bb use more battery power, take longer rebooting your bb, or take any longer in sending/receiving emails and texts?

[Sainthak]

Hmmm I also wonder what devices other presidents have used in the past. President Obama uses a bb, I wonder what Bush JR and SR used or even Clinton. Hmmm I also wondering what the white house officials/staff use to. If they mostly use blackberries, is it because of the security features? I will have to do some research on this.

[Reed McLay]

President Obama addressed that question on The View.

He said, his BlackBerry in not as much fun anymore becasue nobody will send him the "juicy" stuff anymore, it is part of the Presidential archive.

He admits to 10 BlackBerry contacts, primarly is close advisors and support staff.

His typical messages is: "Mr. President, you have a meeting in 10 min."