[Whyareallthegoodnamestaken]

Are BBM conversations no longer encrypted now that there's no BIS?

Posted via CB10

[MobileMadness002]

There is the BIS as far as BBM goes. And the encryption was always with a plain public key which each and every BB had. The only true BBM encryption there was when the BES admin enforced BES traffic encryption. Basicall the BBM was encrypted and only the devices on that particular BES had the key making them so they could only BBM with other devices on that BES. Not sure what the actual feature was called, just saying there is no real encryption on BBM as it was anyways.

[Xopher]

The same level of encryption is in BBM no matter the communication platform. It's just a single encryption key for all users not on BES.

Posted via CB10

[remmo]

So, if for regular non-BES users there's no encryption, even on BBM, what's the point of the much-talked Blackberry's security?? I mean, as a non-corporate user, what are the real and unique security features I can get from BB10??

Posted via CB10

[Whyareallthegoodnamestaken]

Then why are authoritarian regimes so afraid of it? *confused*

[Richard Buckley]

As a non corporate user the security is platform security. BlackBerry software has always been more robust against viruses and malware. To get true communication security you use a BES.

That said, BIS is provisioned differently from other smartphones. That made it a challenge for some law enforcement organisations. It was never truly secure in the way a cryptographer would mean.

Posted via CB10

[belfastdispatcher]

I can't speak for BBM on BB10 but on legacy yes, BBM is encrypted with a universal public key which might tell you it's not that secure but the problem was there was no way of intercepting them as you can't clone a BlackBerry on the network, only one can exist. Sim cards can be cloned and both N exist on the same gsm network and both get the same sms, but with BBM that wasn't possible.

So in theory it wasn't that secure, in practice it was impenetrable.

Posted via CB10

[MobileMadness002]

This is the reason that various govs required that RIM(BB) install a server on their Network to read the traffic as it was being transmitted in real time.

[Xopher]

So, if for regular non-BES users there's no encryption, even on BBM, what's the point of the much-talked Blackberry's security?? I mean, as a non-corporate user, what are the real and unique security features I can get from BB10??

Posted via CB10

Yes, there is encryption. It's just the same encryption key for all BlackBerry devices.

BES admins create their own key for devices connected to their servers, which adds an extra layer of encryption (which some countries were mad about because RIM didn't have the keys to give them). If users on BES send a BBM to someone outside of their corporation, it gets sent to the NOC using the common key.

No matter what level of security is there, any communication through the NOC is available with a warrant or court order. The only thing it stops is people snooping on your radio signal.

Even on BIS, emails sent to the NOC might be encrypted, but plain text will be sent on to the next email server.

That being said, what BlackBerry security gives you is a device that can have encryption between it and the microSD card, device passwords that are more secure than others, ability to wipe the device remotely. If you don't put a password on your BlackBerry, it's about as secure as carrying around an address book with all your other passwords in it.

Posted via CB10

[Foreverup]

So, if for regular non-BES users there's no encryption, even on BBM, what's the point of the much-talked Blackberry's security?? I mean, as a non-corporate user, what are the real and unique security features I can get from BB10??

Posted via CB10

There is encryption with BBM. All BBM traffic is in encrypted when it leaves a BlackBerry, the goes through a BlackBerry server. Depending where you are in the world and where the BlackBerry servers are deployed usually depends on what government has access to. North America any law enforcement agencies will need to obtain a warrent before BlackBerry will give them access to your BBM messages, but in the case of India a server has been set up so they can have access to BBM without a warrent. But only if proprietary so has been installed can you have access to BBM, so not just anyone can access to BBM.

I know that was a long answer just to say yes BlackBerry is secure and rock solid

Posted via CB10

[Mcwong]

There is encryption with BBM. All BBM traffic is in encrypted when it leaves a BlackBerry, the goes through a BlackBerry server. Depending where you are in the world and where the BlackBerry servers are deployed usually depends on what government has access to. North America any law enforcement agencies will need to obtain a warrent before BlackBerry will give them access to your BBM messages, but in the case of India a server has been set up so they can have access to BBM without a warrent. But only if proprietary so has been installed can you have access to BBM, so not just anyone can access to BBM.

I know that was a long answer just to say yes BlackBerry is secure and rock solid

Posted via CB10

Hi,
Just out of curiosity, is BBM on android and IOS encrypted same as BB devices.

[Mcwong]

Yes I would like to know how secured is bbm on android and iOS.

[Mcwong]

I can't speak for BBM on BB10 but on legacy yes, BBM is encrypted with a universal public key which might tell you it's not that secure but the problem was there was no way of intercepting them as you can't clone a BlackBerry on the network, only one can exist. Sim cards can be cloned and both N exist on the same gsm network and both get the same sms, but with BBM that wasn't possible.

So in theory it wasn't that secure, in practice it was impenetrable.

Posted via CB10

Bbm on android and iOS assigns a virtual BB pin as these phones are not manufactured with hard pins. I'm sure these can be copied or faked. Also data goes thru the Internet and not BIS. In theory and in practice, am I correct to assume there's actually no real security on non BB phones?

[ital1]

For BBM on Android and iOS: "The BBM for Android and iPhone application connects to the BBM Infrastructure using a SIP connection over a TLS transport to global.uci.blackberry.com on port 443." Here is the BB knowledge base article as reference: KB35414-BBM for Android and iPhone is unable to send or receive messages over a cellular network

It is interesting to note that banks use TLS for online banking as well.