-
BBM on BB10 is different to how BBM worked on BBOS (as far as my understanding goes). With BB10, blackberry - blackberry (10) communications are encrypted with TLS end-end, and employs certificate pinning. This is also true of the android / ios app. When blackberries are used, the global DES key is also applied on top of this encryption between blackberry - server - blackberry. Or, for whichever part of the journey a blackberry is used for.
This information is supplied by blackberry on their website. I believe that there is a lot of misinformation about how BBM encryption works due to the old days of BBOS where it was scrambled alone with the global BES key. Without blackberry's help I don't see how communications could be decrypted except by the best intelligence services? Maybe I'm underestimating the encryption strength of properly implemented SSL/TLS.
I might be wrong. I'm a medical student not an IT guy, I've just done some reading
Posted via CB10Ok, since we have to use precise statements here (and my English may be confusing), I've requested some materials to the Elite team leaders.
Many points have been evoked before, so I believe we could consider this as a "sum-up".
Hope it makes things clearer for everyone.- PIN-to-PIN is not the same as BBM, and therefore does not offer the same native level of security as BBM.
- BlackBerry has been very clear -- publicly -- about the security levels provided by pin-to-pin messaging. PIN encryption keys - Security Technical Overview - BlackBerry Enterprise Server - 5.0.2
- PIN-to-PIN: "By default, each device uses the same global PIN encryption key, which BlackBerry adds to the device during the manufacturing process. The global PIN encryption key permits every device to authenticate and decrypt every PIN message that the device receives. Because all devices share the same global PIN encryption key, there is a limit to how effectively PIN messages are encrypted. PIN messages are not considered as confidential as email messages sent from the BlackBerry Enterprise Server, which use BlackBerry transport layer encryption. Encryption using the global PIN encryption key is sometimes referred to as "scrambling".
- BBM: The default level of security offered by BBM today is already very secure, offering two layers of encryption for messages sent between BBM contacts. First, BBM uses a TLS to establish a secure connection between the smartphone and the server. TLS is a common web standard that is used for online shopping and internet banking. Additionally, BBM messages are encrypted using a triple DES 168-bit BBM scrambling key which encrypts messages leaving the sender�s phone, and authenticates and decrypts messages on the recipient�s phone. These two layers working together mean that you have secure messages flowing through a secure pipe.
[additionally]
- It�s important to note that last week we announced BBM Protected � the first value-added solution in the eBBM Suite, which brings regulated industries the most secure and reliable real-time mobile messaging experience in the industry. BBM Protected offers an enhanced security model for BBM messages sent between BlackBerry smartphones that protects corporate data end to end with additional encryption.
- BlackBerry cannot read BBM Protected messages. The encryption keys used to secure messages sent between BBM protected users are generated by the phones and controlled by the BES server. BlackBerry is not the broker in this public key exchange.
P.S: Thanks, Cindy !06-27-14 02:59 AM - PIN-to-PIN is not the same as BBM, and therefore does not offer the same native level of security as BBM.
Montreal mafia ring cracked by Quebec police reportedly thanks to BlackBerry messages
Similar Threads
-
Limit to Number of SMS recipients
By Appalbarry in forum BlackBerry Z10Replies: 10Last Post: 07-10-14, 07:00 PM -
Shopping for a new Blackberry
By TheQuietRioter in forum General BlackBerry News, Discussion & RumorsReplies: 7Last Post: 06-13-14, 09:05 AM