[Blue Hef]

I missed the bolded part earlier, which you are ALSO wrong on.

Not only could this have been deduced from various company statements on security, various official documents exist which make it plain that BBM cross-platform is TLS-encrypted, ie this one, quoting:

---

BBM Security note

TLS in BBM
TLS in BBMBlackBerry 10, iOS, and Android devices send all data to each other through the BlackBerry Infrastructure over a TLS connection. In certain scenarios, BlackBerry 7.1 and earlier devices also send data this way. TLS is a common web standard used across all major desktop and mobile web browsers for secure online banking and shopping. A TLS connection between a device and the BlackBerry Infrastructure is designed to protect BBM messages from eavesdropping or manipulation by an attacker.

---

Re: "scrambling", the only instance where data security in BBM relies only on the old "scrambling" technique is for legacy BBOS devices when one of the links is not traversing the public internet. Otherwise, BBM on BB10 devices is MORE secure than it was on BBOS devices because all communications AT MINIMUM travel via TLS encrypted tunnels, and typically use TLS COMBINED with traditional BBM "scrambling".

So how is the competition doing? A few data points:


WhatsApp

- Sent all traffic unencrypted until 2012-08 [1]
- When they added encryption in 2012-08, they did it poorly, leaving mobile numbers vulnerable and worse, using easily-guessed encryption keys [1]
- Serious flaws in WhatsApp encryption persisted up until at least 2013-10 [2]
- WhatsApp chat logs are readable by any other app on the device [3]
- In fact, Dutch and Canadian authorities concluded in 2013 that WhatsApp violated their countries privacy laws by insecurely storing non-user contact details [4]
- Crypto weaknesses in WhatsApp “the kind of stuff the NSA would love” [5]


Apple iMessage

Among other things, does not implement (as BBM does) "certificate pinning" - allowing attackers to spoof legitimate iMessage servers. (source)


Viber

Sends shared files and location data unencrypted, stores data on Amazon cloud servers unencrypted and accessible to anyone (source 1, source 2)


LINE Messenger

Messages and data are sent completely unencrypted over carrier networks (source)


WeChat

Plagued by a variety of technical security vulnerabilities, in addition to being subject to widespread surveillance by Chinese authorities (source)


.

Hey

very very late reply i know but i was discussing this with someone and remembered your post.

So to clarify,

Using the normal BBM android application is secure? I don't have BES or any special subscription, i simply have it installed on my note 4 and my partner has it on their s6, so our communications are secure on BBM, correct?

[Blue Hef]

I'm glad that somebody else has pointed out that BB10 BBM is TLS end-end encrypted with the global DES key used over the top of this encryption. BBM is very secure due to it's strict implementation of SSL and certificate pinning; more secure than BBOS BBM ever was.

There is an interesting and in-depth security report on the Android BBM implementation of SSL, which would use only TLS end-end encryption. It was found to have no weaknesses and the encryption remained high. I'll try to find it.

To answer more of the OPs question. Not on BES email is as secure as Android/iOs/anything else which can use SSL. SMS/phone call are as secure as other phones (ie technology to make/receive/send is globally the same in phones). The cryptographic kernal in BlackBerry 10 seems very strong (without BES), ie your data on the physical phone is secure. This cannot be contested otherwise.

Ah i see, so is this the same case when using BBM between two android devices?

[Omnitech]

Using the normal BBM android application is secure? I don't have BES or any special subscription, i simply have it installed on my note 4 and my partner has it on their s6, so our communications are secure on BBM, correct?

"Secure" is not a simple yes/no matter, there are levels of security.

However if what you are asking is if data is encrypted in transit using 'real' encryption and not open for anyone with network access to trivially snoop on, the answer is yes. (There may be one exception: realtime video streams on older builds of BB10/BBM.)

Ah i see, so is this the same case when using BBM between two android devices?

Yes.

If you want to go beyond those questions into a very detailed examination of messaging security features which may be useful if you might be specifically targeted by a well-funded adversary (eg you are a political activist in a politically-repressive state, or a high-security-clearance employee of a company with valuable intellectual property), then I suggest you look at the comparison that the EFF created which compares a variety of more esoteric aspects of security of messaging products. Bear in mind that some of these measures entail significant usability compromises.

https://www.eff.org/secure-messaging-scorecard

[crackbrry fan]

Could you explain this? Not exactly sure what you're referring to and if it's native or needs to be activated somehow. Thanks.

Posted via my Nexus 10.

Try a BlackBerry 10 device you would understand what they are referring to.

Posted via CB10