[BlackBerry Guy]

A refresher for everyone, this is from BlackBerry Knowledge Base KB03652 with respect to BIS vs BES security:

BIS
Email messages sent between the BlackBerry Internet Service and the BlackBerry Internet Service subscriber's BlackBerry smartphone are not encrypted. When transmitted over the wireless network, the email messages are subject to the existing or available network security model(s).

When you log in to the BlackBerry Internet Service, the data is transmitted over a Secure Sockets Layer (SSL) connection.

BES
Email messages sent between the BlackBerry smartphone and the BlackBerry Enterprise Server are encrypted using Triple Data Encryption Standard (Triple DES), Advanced Encryption Standard (AES).

Important: BlackBerry Enterprise Server for Novell GroupWise supports AES encryption only.

KB03652-Comparing BlackBerry Internet Service and BlackBerry Enterprise Server features

And from CrackBerry itself:

BES and BIS: What's the Difference? | CrackBerry.com

So when people talk about security, it is mostly referring to the data transfers?

For me my major concern is, if I lose my phone and has password locked it, how easy is it to access my personal stuff like password keeper and photos.

There's been a lot of chatter about the NSA and the security and privacy of info on peoples' smartphones. Judging by comments, most of that concern is over the interception and decryption of data, as opposed to the physical possession and breach of a device.

[canuckvoip]

Sorry, unless you're on a BES10 server, your BB10 device (with the exception of BBM) is no more or less secure than any iPhone or Android device. BIS is gone, kiddies, if you're not on a legacy device. You connect to email just like everyone else now. Be grateful -- if BBRY tanks and the NOC is history, at least your email will still work. Isn't this common knowledge?

Sent from my Nexus 10 using Tapatalk 4

Really? Kiddies? OP asked a legitimate question. Chill out and maybe turn down the pomposity dial a tad?
You're right of course, but now who cares?
:>)

[belfastdispatcher]

http://www.theguardian.com/uk-news/2...-new-mi5-chief

http://www.theguardian.com/uk/2013/j...t-surveillance

http://www.wired.co.uk/news/archive/...hq-tempora-101

"They're taking data straight from the tubes?
That's right. Interceptors have been placed on around 200 fibre optic cables where they come ashore. This appears to have been done with the secret co-operation, voluntary or forced, of the companies that operate the cables, potentially giving GCHQ access to 10 gigabits of data a second, or 21 petabytes a day

That's a lot of bytes?
GCHQ wasn't exaggerating when it used the phrase "Mastering the Internet" in the documents."

http://www.spiegel.de/international/...-a-909852.html

Posted via CB10

And "taking (encrypted) data straight from the tubes" equals real time monitoring to you?

[MarsupilamiX]

And "taking (encrypted) data straight from the tubes" equals real time monitoring to you?

Encrypted is your emphasis.
Look at the post of BlackBerry guy, and try to understand why the links right now, are relevant:

http://www.theguardian.com/world/201...codes-security

http://www.extremetech.com/computing...yone-could-use

Real-time isn't the problem.
Courtesy of India:
http://mobile.bbc.co.uk/news/technology-23265091

http://www.techweekeurope.co.uk/news...tphones-121643

http://thehackernews.com/2013/07/Ind...ption.html?m=1

Courtesy of logic:
When they have direct access to the pipes, direct access to the ISP or Email providers, when they have broken parts of the standard encryption techniques and they have direct access to a part of the NOC, in which dreamland of yours, this doesn't mean as real-time as it gets, with these immense data samples?

Posted via CB10

[belfastdispatcher]

Encrypted is your emphasis.
Look at the post of BlackBerry guy, and try to understand why the links right now, are relevant:

http://www.theguardian.com/world/201...codes-security

http://www.extremetech.com/computing...yone-could-use

Real-time isn't the problem.
Courtesy of India:
http://mobile.bbc.co.uk/news/technology-23265091

http://www.techweekeurope.co.uk/news...tphones-121643

http://thehackernews.com/2013/07/Ind...ption.html?m=1

Courtesy of logic:
When they have direct access to the pipes, direct access to the ISP or Email providers and they have direct access to a part of the NOC, in which dreamland of yours, this doesn't mean as real-time as it gets, with these immense data samples?

Posted via CB10

Courtesy of logic, when the uk police complain they can't do it it doesn't matter who can, if they can. Again, just because NSA or gchq can do it it doesn't mean it's universally available to everybody, some might say the capability is completely illegal.

So while there's evidence of the capability being available to some, it's absolutely clear at the time of the London riots at least, the uk police did not have this capability.

[MarsupilamiX]

Courtesy of logic, when the uk police complain they can't do it it doesn't matter who can, if they can. Again, just because NSA or gchq can do it it doesn't mean it's universally available to everybody, some might say the capability is completely illegal.

So while there's evidence of the capability being available to some, it's absolutely clear at the time of the London riots at least, the uk police did not have this capability.

You said:

What we learned from the London riots is BlackBerry devices on BIS cannot be monitored in real time.

Posted via CB10

Which means that it isn't possible to monitor BIS traffic in real-time, at least that's what you said back then.
You used the example of the riots to "prove" that.

And this is patently wrong, as the reality has shown us. Which you acknowledged in your post right now.
So make up your mind what you actually want to say.

In the meantime, you should also know that the GCHQ or MI5 are local authorities in the UK, opposed to the NSA, which definitely isn't one in the UK.

The Indian regime who can access BIS traffic, is also a local authority.
It's also nice of you, to ask about the legality, but this question is useless, when we are talking about the facts. If it is possible, and if it happens.

You'll get a compliment, for the sneaky change, of your goal post though.

Posted via CB10

[belfastdispatcher]

You said:


Which means that it isn't possible to monitor BIS traffic in real-time, at least that's what you said back then.
You used the example of the riots to "prove" that.

And this is patently wrong, as the reality has shown us. Which you acknowledged in your post right now.
So make up your mind what you actually want to say.

In the meantime, you should also know that the GCHQ or MI5 are local authorities in the UK, opposed to the NSA, which definitely isn't one in the UK.

The Indian regime who can access BIS traffic, is also a local authority.
It's also nice of you, to ask about the legality, but this question is useless, when we are talking about the facts. If it is possible, and if it happens.

You'll get a compliment, for the sneaky change, of your goal post though.

Posted via CB10

The difference is some of the information is fact and some some is allegations that haven't yet been proven beyond doubt. You can't for an opinion on allegations but you can on facts.

[DannyAves]

OK, so here is an idea...why doesn't CrackBerry run a BES 10 server in Canada and charge $5 a month for hosting? I would pay for the extra security and I'm sure a lot of others would too.

[unbreakablej]

OK, so here is an idea...why doesn't CrackBerry run a BES 10 server in Canada and charge $5 a month for hosting? I would pay for the extra security and I'm sure a lot of others would too.

Won't they then have access to your phone?

Posted via CB10

[BlackBerry Guy]

Won't they then have access to your phone?

Posted via CB10

Yup. In order to provide BES10 security, CB would become your "work" and would basically have access and control over your device. You could set up a personal partition via Balance, but anything on that side wouldn't have the additional security.

Posted via CB10

[StutterStep]

And still your personal emails and anything you do that doesn't require you to switch to the work space isn't encrypted so it's pointless.

[Roo Zilla]

So when people talk about security, it is mostly referring to the data transfers?

For me my major concern is, if I lose my phone and has password locked it, how easy is it to access my personal stuff like password keeper and photos.

I remembered apple had some issue with being able to access the home screen or something?

Or do we currently have security due to obscurity? Nobody bothers to try hack bb10 as compared to popular apple?

Posted via CB10

If you password locked it, unless the person who found your phone is seriously motivated to look at your data, you'll be fine. Even that iPhone issue was crazy the hoops a person had to go through in order to by pass the lockscreen and even then it wasn't complete access, only access to photos and which could be posted to twitter or facebook or emailed. They couldn't read your emails or what have you. Even before they patched it, you could close the hole by disabling control center on the lockscreen.

Anyway, you're basically worried if you lose your phone, like I said, unless whoever has physical possession of your phone has a serious jones to look at your data, you'll be fine as long as you password protect it. That goes the same for iPhone and Android.

Law enforcement though, is another matter entirely. Once they know some basic stuff about you, like your email address, it's a simple matter for them to access your email accounts. I believe they don't even need a warrant to access anything over 6 months old, all they need to do is ask. Even the highly praised BES system can be broken into if a group is motivated enough. Man in the middle attacks using brute force can't be stopped, it's all a matter of time.