BBM one of the least secure messaging platforms, based on this EFF report
- Originally Posted by Superdupont 2_0Hmm, hmm, no word from you about Forward Secrecy?
According to page 10 of the whitepaper "The pairwise key is derived from the BBM chat initiator’s private encryption key and the recipient’s public encryption key, using One-Pass ECDH." and the marketing phrase on their website says "Each message uses a new random symmetric key for message encryption."11-11-14 02:41 AMLike 0 -
However, I would expect that BBM Protected will simply not accept a connection, when the public certificate of the contact was changed. That is security by a protocol and accordig to the EFF criterion a protocol is basically an acceptable alternative solution.
If for each message a new session key is generated *randomly*, the compromise of one session key cannot compromise all chat conversations (and the same is true for keys derived from a session key). Plain simple.Last edited by Superdupont 2_0; 11-11-14 at 03:04 AM. Reason: added: randomly
11-11-14 02:41 AMLike 0 - Answering this one first as it will make the other answer clearer.
Originally Posted by Superdupont 2_0About the session key: "If for each message a new session key is generated *randomly*, the compromise of one session key cannot compromise all chat conversations (and the same is true for keys derived from a session key). Plain simple..
Each message is sent with a random symmetric key, therefore the compromise of a single message encryption key does not allow the attacker to determine the session key. Understand however that the message encryption key is generated by a deterministic algorithm(KDF) that uses as input the keying material(which is sent unecrypted as part of the message envelope) and the session key. This means that anyone with the session key and keying material can determine what the message encryption key for a given message was. This is exactly how the recipient decrypts a given message.
What this tells us is that anyone who is able to determine the session key will be able to decrypt the messages for a given chat session. Looking at the white paper we are told that the session key is generated using ECDH with the chat initiators private key and the recipients public key. Forward secrecy is about ensuring that if the chat initiators private key is compromised it does not lead to compromises of previous session keys.
In order for chat sessions to be forward secret we should have multiple session keys that are securely randomly generated e.g. ecdhe. The current design does not have this and so BBM Protected is not forward secret.
Originally Posted by Superdupont 2_0What's your point? Do you think the messages are stored on a server, when you have chat history enabled?Last edited by agentfat2004; 11-11-14 at 03:49 AM. Reason: added securely and ecdhe
11-11-14 03:38 AMLike 0 - Forward secrecy is about ensuring that if the chat initiators private key is compromised it does not lead to compromises of previous session keys.
In order for chat sessions to be forward secret we should have multiple session keys that are securely randomly generated e.g. ecdhe. The current design does not have this and so BBM Protected is not forward secret.
"The session key is used to encrypt all messages in a BBM chat."
But still, we do not know if other messengers are really generating a new key for each single message in a chat.
Furthermore, I still consider this as Forward Secrecy for a multiple chats.
If we look at the criterion (below), it is not clear about FS for each single message or each single chat.
However, it does require for any reason "ephemeral keys" and actually I can't tell you what is behind the "One-Pass ECDH" of BBM Protected (I assumed it as something comparable to ECDHE ?), but if they let iMessage go away with "end-to-end"-encryption (criterion 2), they shouldn't be too picky with BBM.
Here is the criterion in all its beauty:
Are past communications secure if your keys are stolen?
This criterion requires that the app provide forward-secrecy, that is, all communications must be encrypted with ephemeral keys which are routinely deleted (along with the random values used to derive them). It is imperative that these keys cannot be reconstructed after the fact by anybody even given access to both parties' long-term private keys, ensuring that if users choose to delete their local copies of correspondence, they are permanently deleted. Note that this criterion requires criterion 2, end-to-end encryption.
11-11-14 04:18 AMLike 0 -
I have checked the warning from the Canadian government here:
BlackBerry not as secure as believed, memo warns federal workers | canada.com
It says about BBM on legacy BBOS that "Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device."
In other words: They have no idea how applicable this could be in real life, but in theory the design of BBM would allow this attack.
And later they say "When a user turns in the device, the PIN stays with the device and doesn’t follow the user to a new BlackBerry. "
In other words: If you sell your BB on eBay, make sure your friends stop sending messages to your old pin number.
The fact that BBM is using a global 3DES key is known for many years.
The fact that BlackBerry says "scrambling" is known for many years, probably a business decision to motivate the customers to use a BES, which allows your organization to create individual 3DES keys for the legacy BBOS devices.
So, this warning with exactly the same wording could have been published already in 2008 or 2009.
But no security researcher ever demonstrated how to upload intercepted BBM traffic into another BlackBerry device, probably because even BBOS is still a black box.
3DES is still not crackable, when you don't have the key.
And if anybody could crack any BlackBerry OS to obtain the 3DES key or upload an intercepted message, BBM's security wouldn't be my first concern.
Aside from BBOS stories:
Note the Z30 wasn't hacked at this years pwn2own in Tokyo
See
iPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own | Ars Technica11-14-14 04:29 AMLike 0 - For all you crypto nerds out there I found this.
New Comparative Study Between DES, 3DES and AES within Nine Factors
http://www.google.com/url?q=http://a...ggzJA9XooVRqYA
I haven't had time to digest it yet as it is quite scholarly.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF11-14-14 06:10 AMLike 0 - Note the Z30 wasn't hacked at this years pwn2own in Tokyo
See
iPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own | Ars Technica
Posted via CB10jefbeard911 likes this.11-14-14 08:27 AMLike 1 -
Quote from my link:
"The following targets are available for selection:
Amazon Fire Phone
Apple iPhone 5s
Apple iPad Mini with Retina Display
BlackBerry Z30
Google Nexus 5
Google Nexus 7
Nokia Lumia 1520
Samsung Galaxy S5"
BB was on the table, but indeed there is no info if somebody tried to prepare a hack.
You will never hear the stories about failure, because the audience wants to see only the winners.
But, okay, my personal view on this is that they try to hack the weakest systems first.
I can't remember that BB 10 was hacked on an event, maybe the last hack of a Berry in such a show was back in 2011 I think (webkit engine)?raino likes this.11-14-14 10:38 AMLike 1 -
But this is off topic so I'll stop.
Posted via CB1011-14-14 11:06 AMLike 0 - I read this reply by someone named frank to a notorious BlackBerry bear named KIA.
If anyone is interested in why the test was flawed read on
BBM Protected uses 3 layers of encryption:
?Standard TLS encryption
?BBM normal Triple DES encryption
?521 bit ECC generated for each message which based on the out-of-band shared passphrase.
The messages are encrypted multiple times, and ensured that all the keys are matching. You can read detailed information here http://docs.blackberry.com/en/404error.jsp, you should read it.
The most important part shows how the private keys are only stored on the device and cannot be retrieved from it. Also, the unique keys for each message ensures, that even if the encryption keys are compromised, only one message can be read, not the entire conversation. Adding to the mix BBM Protect is using FIPS140-2.
iMessage is also using a pretty good system ? which is detailed in this document https://www.apple.com/privacy/docs/i...te_en.pdf#mn_p (Page 30). It offers a quite reliable security model, which include device-based encryption keys. Also, similarly to BBM, it transports the messages through TLS. The reason why iMessage and Facetime is not as secure as BBM protect is because Apple allows multiple devices connected to the same account. Each device will have one private key locally, and a public key sent to Apple servers. When somebody sends a message, it?ll encrypt individually for each device, as the sender already has the public keys. This is still okay, though there?s a flaw in the concept: Apple handles most of the encryption and also the key exchange, they can easily add one more public key to ?device? list, which would allow sniffing.
This can?t be done with BBM, as it requires a BlackBerry ID to function and can only be used on one PIN at a time.
But why ruin a good story with the truth!
Posted via CB1011-14-14 11:54 AMLike 0 - It looks like BBM only lost points for not being opensource.
Code being open to review, having documented security and a recent code audit (that we know about) are pretty much entirely related to whether it is opensource. Of course it doesn't need any of those to be secure. It's very likely they have had a security audit on the software and you just wouldn't know about it.
Well, there was only one genuine check they lost on and that was being able to retrieve past messages when you have a valid key. I'm not even sure if that's a good or bad thing.11-15-14 05:46 AMLike 0 - You forget the perfect forward secrecy part that iMessage has that BBM lacks. Basically with iMesssage if the government ask apple to tap a user they can. In Blackberry's case likely they can't, but what they can do is record all of your conversation(which we know for a fact the NSA is doing), then one day when they are able to get your keys(and trust me its not a matter of it, its just if they want to), then they can decrypt all your previous conversation. So in the case of iMessage, if the gov was never tapping your line your previous chat history is safe, but they can easily tap your line. In the case of BBM they can't eassily hack your chat, but once they do everything is up for grabs. BBM could add PFS, then all will be well11-17-14 10:05 AMLike 0
- Prem WatsAppCrackBerry Jester of JestersYeah, agreed.
Carrier and manufacture initiated surveillance is a whole nother issue. I'm not sure BlackBerry has the balls to deny a NSA request for user information.
This is why I prefer other messenger services that offer ephemeral, self destructing messages and are client to client, not client to server, server to client.
Anyway, I hoping BlackBerry will shore up BBM and/or offer BlackBerry Protect to consumers, but I don't see that happening.
Sent from my awesome BlackBerry Z3 running BlackBerry 10 - 2BBEAACF
No one has. Snowden fled, Ladar Levison simply shut down, Google cooperated, etc. ...
CEOs all get routinely scared , and the Chinese threat certainly helps. All of them got pwned. Even security companies. If only half is true of what's written here, there won't be any security...
This is a tough piece and a bit of a longer read. Have fun. Definitely worth it:
http://www.salon.com/2014/11/16/goog...ecurity_state/
Grain of salt, please. :-)
The EFF's efforts are laudable, and there is a reason why they (and Stallman) insist on open standards, but we know this idea failed as soon as we look at Heartbleed...
? ? ? Zzzzmoqin'.... ? ? ?Last edited by Prem WatsApp; 11-20-14 at 02:15 PM.
jefbeard911 likes this.11-20-14 02:16 AMLike 1 - Guts to deny NSA request?
No one has. Snowden fled, Ladar Levison simply shut down, Google cooperated, etc. ...
CEOs all get routinely scared , and the Chinese threat certainly helps. All of them got pwned. Even security companies. If only half is true of what's written here, there won't be any security...
This is a tough piece and a bit of a longer read. Have fun. Definitely worth it:
http://www.salon.com/2014/11/16/goog...ecurity_state/
Grain of salt, please. :-)
The EFF's efforts are laudable, and there is a reason why they (and Stallman) insist on open standards, but we know this idea failed as soon as we look at Heartbleed...
? ? ? Zzzzmoqin'.... ? ? ?
BlackBerry should give us S/MIME and PGP capabilities!11-20-14 04:44 PMLike 0 - The last part isn't true. Open Standards are a MUST for security. Yes, there will still be bugs that are absolutely crushing, but at least there's a chance that someone detects and publishes it. You can bet there's a whole lot like those bugs in closed source too, but it's harder to find, at least for the 'good guys'.
BlackBerry should give us S/MIME and PGP capabilities!
Get BES12 for S/MIME and PGP.11-21-14 07:35 AMLike 0 - Do you mean Open Source or Open Standards? You can have open standards like SMTP, FTP, etc, but the code for them can be closed source. If you mean open source for everything, then Heartbleed has shown that it doesn't work. The failure is when someone who finds the bug, doesn't announce it to the world. The other weak point is you are assuming that by putting your source code into open source, that people are actively looking for bugs in the code released. That means debugging the entire code looking for problems. If all source code for all applications were put into open source, there are not enough programmers in the world who could monitor, debug and test every change that is made to the source code. So to say that Open Source is a benefit and all bugs will be found by good people who report it to the software company and the world in a timely manner is foolish. Open Source is an idea that fails in the real world.
Get BES12 for S/MIME and PGP.11-22-14 10:01 AMLike 0 - Actually both Open Source and Open Standards are important. Open Standards are important because they allow the ideas to be vetted. Its about the whole measure twice cut once, we at least know the protocol is secure theoretically. Anyone who writes software knows that there will always be bugs, but bugs are different from flaws in protocol design. People look on open source negatively from heartbleed, but i wonder if the bug would have been found had it been closed source.11-22-14 11:13 AMLike 0
-
BlackBerry should give us S/MIME and PGP capabilities!anon62607 likes this.11-24-14 07:21 AMLike 1 - The simple fact that whatsapp scored higher than bbm means I don't have to read that article because that's garbage. I was put in a whatsapp group without my consent now I get random calls and messages from all over the world because they got my number out of the group yea that's very secure I guess
Posted via CB1011-30-14 06:34 AMLike 0 -
- I meant both actually, open standards and open source. There is an important and known principle in cryptography that states you should always assume that your enemy knows everything but the secret key about your scheme and it should still be secure. If you assume that, closed source becomes a disadvantage, because you still have to assume that a powerful adversary will steal and know your sourcecode. By publishing the code you give the 'good guys' at least a chance to find bugs. Heartbleed is not a testament to open source failing, such things will happen, at least now we know about it. Critical software like openssl should maybe be more audited by professionals though.
BlackBerry should give us S/MIME and PGP capabilities!11-30-14 11:19 AMLike 0 - I meant both actually, open standards and open source. There is an important and known principle in cryptography that states you should always assume that your enemy knows everything but the secret key about your scheme and it should still be secure. If you assume that, closed source becomes a disadvantage, because you still have to assume that a powerful adversary will steal and know your sourcecode. By publishing the code you give the 'good guys' at least a chance to find bugs.
Heartbleed is not a testament to open source failing, such things will happen, at least now we know about it. Critical software like openssl should maybe be more audited by professionals though.11-30-14 11:23 AMLike 0 -
- It also gives the 'bad guys' an opportunity to find and exploit the flaws before and if 'good guys' find it.
At lease you know it now, but the rumor is that the NSA knew about the flaw TWO years ago and exploited it. Who says that hackers didn't find it also and exploited it for those TWO years.
BlackBerry should give us S/MIME and PGP capabilities!12-01-14 10:41 AMLike 0
- Forum
- BBM Central
- General BBM Chat
BBM one of the least secure messaging platforms, based on this EFF report
Similar Threads
-
Why won't my BB Bold 9900 turn on?
By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 12-05-14, 03:15 PM -
Financial Post Article on Chen's one year at BlackBerry
By Grafic111 in forum General BlackBerry News, Discussion & RumorsReplies: 13Last Post: 11-08-14, 12:35 AM -
New bbm force close
By Hendri kusliawan in forum General BBM ChatReplies: 3Last Post: 11-04-14, 09:02 PM -
My blackberry internet service is not connected how to connect on bold 9700?
By CrackBerry Question in forum Ask a QuestionReplies: 2Last Post: 11-04-14, 12:04 PM
LINK TO POST COPIED TO CLIPBOARD