1. Blue Hef's Avatar
    Hi guys.

    If im using a blackberry device and i message someone with BBM on their android device is it also "Scrambled"? im just talking about regular bbm, i dont have BES..

    and also just wondering if two people on android download bbm is it also scrambled?
    01-12-15 05:08 PM
  2. ChrisAmbrose's Avatar
    Communications go through the BlackBerry servers, it is end-to-end encryption as far as I'm aware

    PassportSQW100-1/10.3.1.1016
    01-12-15 05:11 PM
  3. Blue Hef's Avatar
    oh wow! nice!!
    01-12-15 05:32 PM
  4. D3C0D3R's Avatar
    Communications go through the BlackBerry servers, it is end-to-end encryption as far as I'm aware

    PassportSQW100-1/10.3.1.1016
    Agreeing there.

    BBM is encrypted and safe, the only reason it got a bad rating with that one stupid site is because BlackBerry wouldn't show them their encryption methods end-to-end (obviously you're not going to show the process for something that hasn't been cracked *at least publicly* to the public..)

    Really the only different in terms of encryption for BBM Protected is 256-bit AES encryption and a couple other extra little things (if I'm remembering all that info right)

    Praise be unto our Lord Squircle | Passport SQW100-1/10.3.1.1154
    01-12-15 05:38 PM
  5. Blue Hef's Avatar
    awesome! thanks! bye whatsapp.
    01-12-15 06:23 PM
  6. 1khalid's Avatar
    BBM messages can be viewed by your carrier, where as BBM-Protected messages which uses BES cannot be viewed by your carrier.
    Whatsapp messages on Android only (so far) cannot not be viewed by your carrier if I'm not mistaken.

    9780>Z10> Z30STA100-5/10.3.1.1949
    01-12-15 06:29 PM
  7. D3C0D3R's Avatar
    BBM messages can be viewed by your carrier, where as BBM-Protected messages which uses BES cannot be viewed by your carrier.
    Whatsapp messages on Android only (so far) cannot not be viewed by your carrier if I'm not mistaken.

    9780>Z10> Z30STA100-5/10.3.1.1949
    To my knowledge your carrier doesn't get any of it at all, that that was the only part of the BIS services that still work for BB10?

    I remember because a while ago the carriers wanted to take BlackBerry to court to get them to show them the messages, and BlackBerry said that even they couldn't show them, they're purely encrypted end-to-end :\

    Praise be unto our Lord Squircle | Passport SQW100-1/10.3.1.1154
    BB fan forever likes this.
    01-12-15 07:19 PM
  8. Joshu42's Avatar
    To my knowledge, BBM message are encrypted with an unique key shared by all users. It's not secure enough... and enables government to spy if needed (and, I'm sure the key is shared ).

    It's only "ok" if you use BES. That's another story.
    01-12-15 09:15 PM
  9. D3C0D3R's Avatar
    To my knowledge, BBM message are encrypted with an unique key shared by all users. It's not secure enough... and enables government to spy if needed.

    It's only ok if you use BES. That's another story.
    I honestly can't quote my sources since it's been a long time since I've read up, but I do believe it's still an uncracked code, whatever the hell type of encryption it really is :/

    Praise be unto our Lord Squircle | Passport SQW100-1/10.3.1.1154
    01-12-15 09:17 PM
  10. Smitty13's Avatar
    All out of the box versions of BBM use a triple DES encryption algorithm, so technically, yes, it is encrypted. However, regular BBM uses one universal key for all messages. This key has been in the wild for quite some time, and therefore, you should not consider regular BBM as to be overly secure.

    That being said, if you are able to use BBM Protected, you will turn BBM into a very secure powerhouse. When used BBM protected employs PFS, or perfect forward secrecy, where encryption keys are user dependent and can be destroyed/created for each unique user/conversation.

    Posted via CB10
    01-12-15 09:36 PM
  11. Smitty13's Avatar
    Agreeing there.

    BBM is encrypted and safe, the only reason it got a bad rating with that one stupid site is because BlackBerry wouldn't show them their encryption methods end-to-end (obviously you're not going to show the process for something that hasn't been cracked *at least publicly* to the public..)

    Really the only different in terms of encryption for BBM Protected is 256-bit AES encryption and a couple other extra little things (if I'm remembering all that info right)

    Praise be unto our Lord Squircle | Passport SQW100-1/10.3.1.1154
    Sorry, but you guys aren't really correct here. Under the old BIS system, yes, you would have seen communications routed through BlackBerry servers, but that is no longer the case.

    Current iterations of BBM on BB10 utilize a triple DES encryption algorithm that is not unique to each user/conversation and is universal. This universal key can decrypt essentially every conversation in BBM that does not use BBM protected.

    As I stated just moments ago, BBM protected allows for proper key exchange via peer-to-peer only and removes external servers from the equation (unless of course your BES is hosted by a 3rd party, which then of course you would have to trust that provider to keep your keys secure). BBM Protected does not employ a universal key and can have keys created for each unique conversation.

    I am a firm believer in BBM, but out of the box it should not be trusted with sensitive conversations as it is only mildly better than a regular text message.
    01-12-15 09:42 PM
  12. D3C0D3R's Avatar
    Sorry, but you guys aren't really correct here. Under the old BIS system, yes, you would have seen communications routed through BlackBerry servers, but that is no longer the case.

    Current iterations of BBM on BB10 utilize a triple DES encryption algorithm that is not unique to each user/conversation and is universal. This universal key can decrypt essentially every conversation in BBM that does not use BBM protected.

    As I stated just moments ago, BBM protected allows for proper key exchange via peer-to-peer only and removes external servers from the equation (unless of course your BES is hosted by a 3rd party, which then of course you would have to trust that provider to keep your keys secure). BBM Protected does not employ a universal key and can have keys created for each unique conversation.

    I am a firm believer in BBM, but out of the box it should not be trusted with sensitive conversations as it is only mildly better than a regular text message.
    Interesting info, thanks for that!

    Still beats the heck out of other im platforms imo, I'd still say it's a large bit better than regular text due to the nature of BBM message themselves and trying to intercept them, etc. Right?

    Praise be unto our Lord Squircle | Passport SQW100-1/10.3.1.1154
    01-12-15 11:08 PM
  13. Denny_Crane's Avatar
    Sorry, but you guys aren't really correct here. Under the old BIS system, yes, you would have seen communications routed through BlackBerry servers, but that is no longer the case.

    Current iterations of BBM on BB10 utilize a triple DES encryption algorithm that is not unique to each user/conversation and is universal. This universal key can decrypt essentially every conversation in BBM that does not use BBM protected.

    As I stated just moments ago, BBM protected allows for proper key exchange via peer-to-peer only and removes external servers from the equation (unless of course your BES is hosted by a 3rd party, which then of course you would have to trust that provider to keep your keys secure). BBM Protected does not employ a universal key and can have keys created for each unique conversation.

    I am a firm believer in BBM, but out of the box it should not be trusted with sensitive conversations as it is only mildly better than a regular text message.
    Thanks for that info. What's your take on WhatsApp?
    01-12-15 11:27 PM
  14. Maxxxpower's Avatar
    Communications go through the BlackBerry servers, it is end-to-end encryption as far as I'm aware
    Nope.
    BBM is encrypted and safe
    Nope.

    Really the only different in terms of encryption for BBM Protected is 256-bit AES encryption and a couple other extra little things
    Nope

    To my knowledge your carrier doesn't get any of it at all, that that was the only part of the BIS services that still work for BB10?
    Nope, your carrier still can read your BBMs

    It's not secure enough... and enables government to spy if needed (and, I'm sure the key is shared ).
    Exactly
    01-12-15 11:35 PM
  15. Smitty13's Avatar
    Thanks for that info. What's your take on WhatsApp?
    Hey, no problem. Glad I could be of some service.

    As far as WhatsApp goes, I am conflicted because of a few things. While WhatsApp has notoriously been associated with rather lax security practices, they are implementing encryption based on TextSecure's protocol, which is one of the strongest open-sourced chat apps around. Keys are client based, and while not PFS, perfect forward secrecy, it is forward secure as each message is encrypted with a new key.

    Now where my doubts come in are two fold: 1) the obvious reason being that WhatsApp is owned by Facebook who has a less than stellar privacy record to put it mildly. 2) building upon that, WhatsApp is closed source so we will not be able to actually inspect the implementation of TextSecure's encryption scheme. This could possibly lead to Facebook weakening it somehow to allow for decryption at will on their end. 3) I am fairly certain that all messages through WhatsApp are routed through their own servers, so it suffers the similar pitfall to iMessage in that it is not exactly a true peer-to-peer communication platform. Adding this middle man can allow for security abuses and a wide range of exploits.

    Take from this what you will. I personally will be investing in BBM protected once I am able to do so. I am not entirely discounting WhatsApp as I have not done much investigation into it. I am however very leery of anything Facebook related in keeping my conversations truly private.

    Posted via CB10
    01-12-15 11:51 PM
  16. nah.uhh's Avatar
    Sorry, but you guys aren't really correct here. Under the old BIS system, yes, you would have seen communications routed through BlackBerry servers, but that is no longer the case.

    Current iterations of BBM on BB10 utilize a triple DES encryption algorithm that is not unique to each user/conversation and is universal. This universal key can decrypt essentially every conversation in BBM that does not use BBM protected.

    As I stated just moments ago, BBM protected allows for proper key exchange via peer-to-peer only and removes external servers from the equation (unless of course your BES is hosted by a 3rd party, which then of course you would have to trust that provider to keep your keys secure). BBM Protected does not employ a universal key and can have keys created for each unique conversation.

    I am a firm believer in BBM, but out of the box it should not be trusted with sensitive conversations as it is only mildly better than a regular text message.
    Not all true..
    1) Bbm is still passes through BlackBerry infrastructure/servers
    2) Triple DES is only for BB-BB, which includes BBOS 7.1 etc
    2.1) when the connection to the BlackBerry infrastructure: BBOS always uses 3DES and adds TLS.. but only over WIFI.
    BB10 always uses both.
    BBMx doesn't use 3DES but always uses TLS. So *no, android bbm isn't scrambled.* The connection is encrypted.. to an extent. Messages from bbos via mobile network to BBMx are 3des encrypted on their way to the server, but drop the encryption at the server and add TLS before sending to bbmx:
    IS BBM scrambled with android?-img_20150113_011534_edit.png

    3) BBM voice/video transmission is a weird one..
    - the call handshake is performed over TLS only, no 3des
    - the actual call is done over UDP / TCP, without TLS
    - if both callers are on the same WIFI network, the call will only access the Internet for the handshake, the actual call is done locally:

    IS BBM scrambled with android?-img_20150113_010900_edit.png

    PassportSQW100-1/10.3.1.1154
    Richard Buckley likes this.
    01-13-15 12:17 AM
  17. Smitty13's Avatar
    Not all true..
    1) Bbm is still passes through BlackBerry infrastructure/servers
    2) Triple DES is only for BB-BB, which includes BBOS 7.1 etc
    2.1) when the connection to the BlackBerry infrastructure: BBOS always uses 3DES and adds TLS.. but only over WIFI.
    BB10 always uses both.
    BBMx doesn't use 3DES but always uses TLS. So *no, android bbm isn't scrambled.* The connection is encrypted.. to an extent. Messages from bbos via mobile network to BBMx are 3des encrypted on their way to the server, but drop the encryption at the server and add TLS before sending to bbmx:
    Click image for larger version. 

Name:	IMG_20150113_011534_edit.png 
Views:	641 
Size:	50.6 KB 
ID:	326997

    3) BBM voice/video transmission is a weird one..
    - the call handshake is performed over TLS only, no 3des
    - the actual call is done over UDP / TCP, without TLS
    - if both callers are on the same WIFI network, the call will only access the Internet for the handshake, the actual call is done locally:

    Click image for larger version. 

Name:	IMG_20150113_010900_edit.png 
Views:	638 
Size:	61.6 KB 
ID:	326998

    PassportSQW100-1/10.3.1.1154
    1.) I was under the impression it was being asked more akin to a BIS type scenario,if not, you are completely correct yes. I was making that assumption.

    2.) Yup, I knew of that but was under the assumption other platforms employed this too. I think the take home message for the 3DES encryption key for BBM on any BlackBerry device is that this key has been the same for years and means BlackBerry could retrieve messages at will if requested.

    2.1) I was unaware of all of the above scenarios, actually. I dug a little bit and found the following for BBMx:

    "The BBM for Android, iPhone, and Windows Phone application connects to the BBM Infrastructure using a SIP connection over a TLS transport to global.uci.blackberry.com on port 443 as well as an SSL connection to https://blackberryid.blackberry.com" (Source: KB35414-BBM for Android, iPhone, and Windows Phone is unable to send or receive messages over a cellular network)

    Just to add something further to the conversation in regards to BB10 using BBM to communicate with Android/iOS:

    IS BBM scrambled with android?-bbmcommunication.png

    (Source: How secure is BBM? - DHabkirk)

    3.) Very weird especially on point 3. Are you aware if the BB development team has looked into ZRTP protocols for voice messaging?

    Nonetheless, thanks for the great input. Mind if I reference some of your information in the future when asked this question?
    01-13-15 01:04 PM
  18. Blue Hef's Avatar
    "So *no, android bbm isn't scrambled.* The connection is encrypted to an extent"

    ok so does that mean you guys don't use regular BBM to communicate important data or you do?

    and if so what on earth do you use to instant message?

    Because if it is some what encrypted surely its safer than whatsapp for example? and as i said now im asking if both devices are android..
    01-13-15 03:00 PM
  19. Yatezy's Avatar
    "So *no, android bbm isn't scrambled.* The connection is encrypted to an extent"

    ok so does that mean you guys don't use regular BBM to communicate important data or you do?

    and if so what on earth do you use to instant message?

    Because if it is some what encrypted surely its safer than whatsapp for example? and as i said now im asking if both devices are android..
    If both devices are android, whatsapp is more secure than BBM. There are other apps that use encryption as well. Although Smitty seems the guy to ask, well informed posts.
    01-13-15 03:28 PM
  20. Blue Hef's Avatar
    Not all true..
    1) Bbm is still passes through BlackBerry infrastructure/servers
    2) Triple DES is only for BB-BB, which includes BBOS 7.1 etc
    2.1) when the connection to the BlackBerry infrastructure: BBOS always uses 3DES and adds TLS.. but only over WIFI.
    BB10 always uses both.
    BBMx doesn't use 3DES but always uses TLS. So *no, android bbm isn't scrambled.* The connection is encrypted.. to an extent. Messages from bbos via mobile network to BBMx are 3des encrypted on their way to the server, but drop the encryption at the server and add TLS before sending to bbmx:
    Click image for larger version. 

Name:	IMG_20150113_011534_edit.png 
Views:	641 
Size:	50.6 KB 
ID:	326997

    3) BBM voice/video transmission is a weird one..
    - the call handshake is performed over TLS only, no 3des
    - the actual call is done over UDP / TCP, without TLS
    - if both callers are on the same WIFI network, the call will only access the Internet for the handshake, the actual call is done locally:

    Click image for larger version. 

Name:	IMG_20150113_010900_edit.png 
Views:	638 
Size:	61.6 KB 
ID:	326998

    PassportSQW100-1/10.3.1.1154
    hey, late i know but,

    how about one android to another using regular BBM App?
    11-02-15 06:41 PM

Similar Threads

  1. Sprechen Sie Deutsch? BBM penpalls who speak German
    By RRM21 in forum Discover BBM Friends
    Replies: 31
    Last Post: 04-24-16, 11:12 AM
  2. Is facebook currently down?
    By paul44 in forum BlackBerry Z30
    Replies: 6
    Last Post: 01-12-15, 09:42 PM
  3. A Lil nuisance with Clasisc Lock Screen
    By azum4u in forum BlackBerry Classic
    Replies: 6
    Last Post: 01-12-15, 06:26 PM
  4. BBM malfunctioned on wifi
    By Blue Hef in forum BlackBerry Q10
    Replies: 1
    Last Post: 01-12-15, 05:52 PM
  5. Replies: 1
    Last Post: 01-12-15, 05:03 PM
LINK TO POST COPIED TO CLIPBOARD