06-17-14 07:14 AM
39 12
tools
  1. Omnitech's Avatar
    This made me smile, and recall the lectures in which we learned about the pitfalls of "security through obscurity".
    Yep, and BlackBerry really missed a huge window of opportunity to capitalize on new privacy and security fears by failing to capitalize on their ability and reputation to produce secure devices and tout that as a mass market feature.

    Instead, they are apparently either so clueless about marketplace demand and/or so subservient to and afraid of offending their government/military clients by securing the citizenry's messaging system, that they completely blew that.

    The stupid thing is that BBM actually still has a reputation for security despite the fact that its encryption was never very good by modern standards, it was just better than the complete insecurity that the other messaging platforms had 5-8 years ago.

    But now all you have to do is take the relatively simple step of building SSL into a messaging platform and it is instantly much better than BBM in terms of encrypting/protecting on-the-wire transmissions.

    Therefore BBM is now actually worse than most of the competition in that regard (and many others), while eBBM doesn't do anything for the vast majority of BBM users that are not using it connected through some corporate network.

    One of the stream of braindead idiots that gets in line to do an interview with John Chen needs to ask him this question directly: "Is the reason you completely missed the boat on protecting end-user communications from unwanted surveillance either from rogue individuals or rogue governments and touting that as problem BlackBerry is uniquely qualified to solve, because you are utterly subservient to all your gov/mil customers and afraid to tick them off by making it harder for them to snoop on citizens at large?"

    .
    clickitykeys likes this.
    03-30-14 08:21 AM
  2. clickitykeys's Avatar
    But now all you have to do is take the relatively simple step of building SSL into a messaging platform and it is instantly much better than BBM in terms of encrypting/protecting on-the-wire transmissions.
    I agree, and have a couple of questions.

    From an engineering standpoint, what are the impediments to having SSL/TLS protocols baked into the default BBM app? I'm guessing that standardized software exists for these protocols (essentially they perform key agreement between sender and receiver), so the cost of integrating this within BBM should be manageable, or am I missing something?
    03-30-14 11:45 AM
  3. Omnitech's Avatar
    I agree, and have a couple of questions.

    From an engineering standpoint, what are the impediments to having SSL/TLS protocols baked into the default BBM app? I'm guessing that standardized software exists for these protocols (essentially they perform key agreement between sender and receiver), so the cost of integrating this within BBM should be manageable, or am I missing something?

    The problem is that your BBM client and their NOC has to communicate with all the other BBM clients out there, including your granny with her 5-year-old Pearl that has never had its BBM updated.

    And since most (probably all) of those old BBM clients are just "scrambling" data using a technique that uses a single, globally identical encryption key for ALL devices, all you need to have is that key and access to the over-the-wire data (which used to be difficult, but which is now trivial due to the prevalence of people using unencrypted public WiFi hotspots that are easily sniffed or spoofed), and hello snooper.

    RIM/BlackBerry has also gotten into a bunch of clashes with national law-enforcement agencies over their desire to snoop on BBM traffic. If they increased its security, they would start that nonsense up all over again.

    The weird thing is that BlackBerry seems to get singled out by law-enforcement for this. The only thing I can figure is this is because they are not only an IM system provider, but also a device manufacturer with direct carrier relationships and their IM system routes all traffic through their NOC, making them uniquely targetable when the spooks want to snoop on something. IE they can threaten to kill their carrier relationship(s) which doesn't just cut their IM subscription numbers, but all their device sales too.

    And while the rest of the competition like WhatsApp, Viber, WeChat, Line, Skype, etc. would presumably also attract similiar attention, the fact that those companies are not device makers and do not have direct relationships with various national carriers (And Microsoft's acquisition of Nokia is not yet fully consummated) means that law enforcement doesn't have the same leverage over those IM networks as they would have over BlackBerry.

    The only other company I can think of that could be in a similiar boat is Apple with iMessage, and possibly Samsung's ChatOn.

    http://www.talkandroid.com/177208-sa...istered-users/
    CNX66 and clickitykeys like this.
    03-31-14 03:53 AM
  4. Sith_Apprentice's Avatar
    Tons of info coming on BBM Protected. Just went to the DC experience forum Met with a bunch of execs.
    05-21-14 04:42 PM
  5. anon62607's Avatar
    and where should we be looking for all of this info?
    05-23-14 12:57 PM
  6. Sith_Apprentice's Avatar
    and where should we be looking for all of this info?
    BBM Protected demo caught on video | CrackBerry.com

    Video in action, so what a user will see, the IT policy set up and deployment, and a few listing of facts about BBM Protected.
    05-23-14 01:05 PM
  7. Sith_Apprentice's Avatar
    BBM Protected IT policy for BES5

    Description
    Specify whether BlackBerry Messenger can use BBM Protected for message encryption. If you set this rule to Yes, BlackBerry Messenger uses BBM Protected to encrypt and decrypt messages exchanged with contacts that have the Use BBM Protected rule enabled, and it uses default BBM encryption for messages exchanged with other contacts. If you set this rule to No, BlackBerry Messenger always uses default BBM encryption. This rule applies only to BlackBerry Messenger 8.5 or later.||BBM Protected is part of the eBBM Suite of products and may only be used if your organization has purchased the required BBM Protected user licenses from BlackBerry or an authorized reseller. Before you enable the Use BBM Protected rule, you must verify that your organization has purchased the required BBM Protected user licenses. For more information, visit(site) If you do not set this rule, a default value of "No (default)" will be used.

    0|No (default)|1|Yes


    This will be an IT policy pack (XML file) to be added to the BES. Just a simple import. It already exists in BES 10.2.2+
    Superfly_FR and flyingsolid like this.
    06-12-14 09:28 PM
  8. timcold's Avatar
    Is this an app. Do we have to pay for it


    Sent from my iPhone using CB Forums
    06-13-14 05:04 AM
  9. Superfly_FR's Avatar
    you must verify that your organization has purchased the required BBM Protected user licenses
    @timcold: more likely a service with attached CAL, so yes, you'll have to pay for it.
    06-13-14 05:27 AM
  10. timcold's Avatar
    It's available on bbw???


    Sent from my iPhone using CB Forums
    06-13-14 05:40 AM
  11. Sith_Apprentice's Avatar
    No CAL exists at this time for use, and don't think they have the ability to add that to legacy BES. 10.2.2 already has it built in as well. The CAL likely will be for BES12 going forward. You also need a special version of BBM right now, though it will be globally releases later as an update.
    Superfly_FR likes this.
    06-13-14 07:16 AM
  12. flyingsolid's Avatar
    Here are some links for more information if anyone needs it. One of the documents says pricing starts at $30/user/year for BBM Protected.

    BBM Protected | eBBM Secure Messaging & Encrypted Chat | BlackBerry - US

    bbm-protected - US
    KB35648-Overview of BBM Protected
    06-16-14 10:27 AM
  13. Sith_Apprentice's Avatar
    Here are some links for more information if anyone needs it. One of the documents says pricing starts at $30/user/year for BBM Protected.

    BBM Protected | eBBM Secure Messaging & Encrypted Chat | BlackBerry - US

    bbm-protected - US
    KB35648-Overview of BBM Protected

    Yeah they just released this information today. Glad to see they are hitting their target release (June 2014)
    06-16-14 02:25 PM
  14. TrenTons's Avatar
    Here are some links for more information if anyone needs it. One of the documents says pricing starts at $30/user/year for BBM Protected.

    BBM Protected | eBBM Secure Messaging & Encrypted Chat | BlackBerry - US

    bbm-protected - US
    KB35648-Overview of BBM Protected
    http://docs.blackberry.com/en/admin/...ty_Note_en.pdf ne1 know security and looked at it
    06-17-14 07:14 AM
39 12

Similar Threads

  1. Question about Verizon service BBM and internet speed comparisson with At&T
    By Miketrader in forum General BlackBerry News, Discussion & Rumors
    Replies: 5
    Last Post: 02-27-14, 09:53 AM
  2. Alright to screen protect or not
    By drfever in forum BlackBerry Z30
    Replies: 20
    Last Post: 02-27-14, 09:48 AM
  3. BBM Voice not working properly.
    By tchimbuya in forum General BBM Chat
    Replies: 2
    Last Post: 02-27-14, 04:45 AM
  4. Could anybody tell me what's wrong with my camera?
    By jsille in forum BlackBerry 10 OS
    Replies: 5
    Last Post: 02-25-14, 08:35 PM
  5. Bbm Battery Usage ?
    By sickyute in forum General BBM Chat
    Replies: 8
    Last Post: 02-25-14, 08:25 PM
LINK TO POST COPIED TO CLIPBOARD