Montreal mafia ring cracked by Quebec police reportedly thanks to BlackBerry messages
- There's no BIS under BB10.
With BES it is single issued private (even BlackBerry can't have it) key.
I don't want to extrapolate or affirm things before I double check the "unique key" point (is it / how often it is renewed). I'm quite sure about the general principles, yet I do have to dig further for the whole story.
Posted via CB10
Posted via CB10Superfly_FR likes this.06-26-14 08:24 PMLike 1 - Superfly_FRRetired ModeratorBBM on BB10 is different to how BBM worked on BBOS (as far as my understanding goes). With BB10, blackberry - blackberry (10) communications are encrypted with TLS end-end, and employs certificate pinning. This is also true of the android / ios app. When blackberries are used, the global DES key is also applied on top of this encryption between blackberry - server - blackberry. Or, for whichever part of the journey a blackberry is used for.
This information is supplied by blackberry on their website. I believe that there is a lot of misinformation about how BBM encryption works due to the old days of BBOS where it was scrambled alone with the global BES key. Without blackberry's help I don't see how communications could be decrypted except by the best intelligence services? Maybe I'm underestimating the encryption strength of properly implemented SSL/TLS.
I might be wrong. I'm a medical student not an IT guy, I've just done some reading
Posted via CB10There's no BIS under BB10.
With BES it is single issued private (even BlackBerry can't have it) key.
I don't want to extrapolate or affirm things before I double check the "unique key" point (is it / how often it is renewed). I'm quite sure about the general principles, yet I do have to dig further for the whole story.
Posted via CB10
Many points have been evoked before, so I believe we could consider this as a "sum-up".
- PIN-to-PIN is not the same as BBM, and therefore does not offer the same native level of security as BBM.
- BlackBerry has been very clear -- publicly -- about the security levels provided by pin-to-pin messaging. PIN encryption keys - Security Technical Overview - BlackBerry Enterprise Server - 5.0.2
- PIN-to-PIN: "By default, each device uses the same global PIN encryption key, which BlackBerry adds to the device during the manufacturing process. The global PIN encryption key permits every device to authenticate and decrypt every PIN message that the device receives. Because all devices share the same global PIN encryption key, there is a limit to how effectively PIN messages are encrypted. PIN messages are not considered as confidential as email messages sent from the BlackBerry Enterprise Server, which use BlackBerry transport layer encryption. Encryption using the global PIN encryption key is sometimes referred to as "scrambling".
- BBM: The default level of security offered by BBM today is already very secure, offering two layers of encryption for messages sent between BBM contacts. First, BBM uses a TLS to establish a secure connection between the smartphone and the server. TLS is a common web standard that is used for online shopping and internet banking. Additionally, BBM messages are encrypted using a triple DES 168-bit BBM scrambling key which encrypts messages leaving the sender�s phone, and authenticates and decrypts messages on the recipient�s phone. These two layers working together mean that you have secure messages flowing through a secure pipe.
[additionally]
- It�s important to note that last week we announced BBM Protected � the first value-added solution in the eBBM Suite, which brings regulated industries the most secure and reliable real-time mobile messaging experience in the industry. BBM Protected offers an enhanced security model for BBM messages sent between BlackBerry smartphones that protects corporate data end to end with additional encryption.
- BlackBerry cannot read BBM Protected messages. The encryption keys used to secure messages sent between BBM protected users are generated by the phones and controlled by the BES server. BlackBerry is not the broker in this public key exchange.
P.S: Thanks, Cindy !cjcampbell and web99 like this.06-27-14 02:59 AMLike 2 - PIN-to-PIN is not the same as BBM, and therefore does not offer the same native level of security as BBM.
- Yes that's what I said pretty much, thanks for the further clarification sorry I misunderstood your reply initially!
Posted via CB10Superfly_FR likes this.06-27-14 01:20 PMLike 1 -
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Montreal mafia ring cracked by Quebec police reportedly thanks to BlackBerry messages
Similar Threads
-
Limit to Number of SMS recipients
By Appalbarry in forum BlackBerry Z10Replies: 10Last Post: 07-10-14, 07:00 PM -
Shopping for a new Blackberry
By TheQuietRioter in forum General BlackBerry News, Discussion & RumorsReplies: 7Last Post: 06-13-14, 09:05 AM
LINK TO POST COPIED TO CLIPBOARD