[conbrio29]

Snapchat, Skype, BBM not protecting users' privacy, says Amnesty International - Technology & Science - CBC News

Posted via CB10

[alan510]

Yeah, I saw this report. I hope BlackBerry responds to this report. It undermines everything we thought of in terms of security.

If it's true, I think we've been sold a lot of BS from BlackBerry and the company has a lot of explaining to do. If this is false, BlackBerry needs to be extremely aggressive with its reply.

In either case, we need to hear from BlackBerry. And soon.

Posted via the CrackBerry App for Android

[app_Developer]

You have to pay for BBM Protected or BES to get end to end encryption.

iMessage includes this for free.

[BBrocks96]

Is imessage end to end encrypted? I don't think do

[erwinfr]

https://help.blackberry.com/en/bbm-s...0397548-en.pdf

read all about it... security note on non enterprise bbm

[app_Developer]

Is imessage end to end encrypted? I don't think do

It is, and it uses hardware keys in the secure element on iPhone 6 and above.

[anon(9721108)]

My interest in this is for phone banking, apps and or calling the automated banking system to pay bills. What are everyone's thoughts on security for this?

[Julesan]

http://blogs.blackberry.com/2016/09/...source=twitter

So the DOD and others know less? Read the article. BBM enterprise is encrypted
In regards banking you are no less secure on ios as blackberry. The dtek software is great in that it tells you your risks. IOS to my knowledge does not have an app that Is monitoring risks.

Posted via CB10

[Exoskell256]

Why the U.S. Government is One of Many to Choose BlackBerry Software | Inside BlackBerry

So the DOD and others know less? Read the article. BBM enterprise is encrypted

Right, but how many everyday users are using enterprise BBM? I think that was the point of the article.

[jope28]

Other messaging apps offer encryption as default, but BBM doesn't.

You need to pay for BBM Protected in order to get 'end-to-end' encryption, which is what all the human rights organizations say should be used by those living under oppressive regimes.

It's never that simple though.

 Passport filter-evading the NSA  Make BlackBerry Great Again!

[rizvi88]

Imessage? Secure? I don't think so......

http://mashable.com/2016/10/19/apple...k#9cPZ7RII4iqz

Posted via CB10

[Troy Tiscareno]

Imessage? Secure? I don't think so......

iMessage hack floods Apple users with Chinese texts

None of any of those users' messages were decrypted or made readable. Yes, their iMessage ACCOUNTS may have been hacked, but their messages were secure. No one else was able to read them. That's what we're talking about here.

For all we know, the person whose account was "hacked" was using a password of "password" or "1234." Users will almost always be the weakest link with any "security."

[early2bed]

My interest in this is for phone banking, apps and or calling the automated banking system to pay bills. What are everyone's thoughts on security for this?

My Discover credit card, among others, has been sending me blank checks in the mail, every month, for more than a decade. It was my banking app that alerted me that someone had written cash withdrawal checks on my account - probably from my recycling bin because they were cashed in the city that that stuff goes to be processed.

The credit card fraud investigator had the gall to ask "I wonder how they got ahold of your cash advance checks?" I don't know, Perhaps the fact that you've sent hundreds of these blank checks to my house that I never asked for has something to do with it? Now I have a shredder for all of that unopened junk mail.

The apps are not the security problem when someone can just walk up to your mailbox or go through your recycling and get cash advance checks in your name. The apps, like Mint, show you every charge that goes through any of your accounts and flags the big ones. I don't even have to read my credit card statements, now.

[app_Developer]

My interest in this is for phone banking, apps and or calling the automated banking system to pay bills. What are everyone's thoughts on security for this?

If you call us on the phone, including the automated voice system, you are on an unencrypted voice call. It doesn't matter what phone you are using to call us, the result is exactly the same.

If you use our apps, including any text or voice chat in the app itself, then that conversation is end to end encrypted from you to us and back.

If you have SMS notifications from your account (or for multifactor authentication), then the content of that message (SMS) is not encrypted.

[anon(9864623)]

I disagree with Amnesty International, think it's BS.

[Dunt Dunt Dunt]

I disagree with Amnesty International, think it's BS.

You are free to do that.... actually hope most of the criminal element keeps using BBM. But in countries where you are a criminal if you show you face in public or where you think a woman should have rights... you better be using something other than BBB to discuss that.

If BBM was secure.... what is the point of BBM Protected?

[app_Developer]

I disagree with Amnesty International, think it's BS.

Which part is BS? Do you think that permuting every single message from every single user using the same key for years is privacy preserving?

Or are you agreeing with Chen that privacy preservation is not a good goal (except for people willing to pay extra for cryptographic privacy)?

[Exoskell256]

If you call us on the phone, including the automated voice system, you are on an unencrypted voice call. It doesn't matter what phone you are using to call us, the result is exactly the same.

If you use our apps, including any text or voice chat in the app itself, then that conversation is end to end encrypted from you to us and back.

If you have SMS notifications from your account (or for multifactor authentication), then the content of that message (SMS) is not encrypted.

Strictly speaking, encryption can be done for voice calls and SMS as well, but that's up to the carrier and only covers the link between your phone and the carrier. If the interception occurs further on in the chain then you're out of luck, but you're no worse off than using any other phone (cellular or landline)

[app_Developer]

Strictly speaking, encryption can be done for voice calls and SMS as well, but that's up to the carrier and only covers the link between your phone and the carrier. If the interception occurs further on in the chain then you're out of luck, but you're no worse off than using any other phone (cellular or landline)

Yes, of course. But since the encryption isn't terminated at our call center on this end, we have to assume the whole call is not secure.

But with chat in the apps, we know that secure channel terminates here and so we can (and will be able to) do much more in the apps. The risk is much lower.

[TCB on Z10]

iMessage includes this for free.

But who cares if you can only talk to other iPhone guys in a world where the majority use android


BB, Still the One

[app_Developer]

But who cares if you can only talk to other iPhone guys in a world where the majority use android

Yeah, that's a good point and one day Apple will have to face up to that reality.

My own family, colleagues and most of my close friends use iPhones. That has to be a minority case, though.

Others would have to use whatsapp for free e2e encryption.

[anon(9721108)]

It's my understanding that nothing is secure as a landline, if it's wireless I suppose it could be intercepted. But I also thought that all phone calls with a BlackBerry went through the BlackBerry computers at Waterloo and I thought that this was somehow safer?

[app_Developer]

It's my understanding that nothing is secure as a landline, if it's wireless I suppose it could be intercepted. But I also thought that all phone calls with a BlackBerry went through the BlackBerry computers at Waterloo and I thought that this was somehow safer?

No, your phone calls on your BB are routed by your carrier in exactly the same way as any other phone. Those calls are no more secure than anyone else, unless you buy a secusmart device from BB.

Landline calls can be just as easily intercepted. Landlines are not secure unless you buy appropriate devices to secure the call.

[thurask]

It's my understanding that nothing is secure as a landline, if it's wireless I suppose it could be intercepted. But I also thought that all phone calls with a BlackBerry went through the BlackBerry computers at Waterloo and I thought that this was somehow safer?

No, just BIS data for those phones that use it. Any BlackBerry from the past five years which isn't on a BES has the same connectivity as any Android or iOS phone.

And that's all assuming the NOC has ultimate trust.

[EFats]

The report appears to give equal marks in 5 sections:
1) Recognises online threats to human rights. This is useless when it comes to evaluating the technical qualities of a messaging app
2) Deploys end-to-end encryption as a default. It's a good metric, but really, you get full marks for having it on as a default, but does it matter if you have weak end-to-end encryption??? Not on this scorecard in this category
3) Informs users of risks and encryption used. Also I think useless. Most users wouldn't know what you're talking about nor do they even care (if they did, how come they aren't using end-to-end encryption in their email, which has been available for years? Why didn't they care about BBM when they were the only one with relatively secure messaging?)
4) Discloses government requests for user data. Also usless as a metric for evaluating the messaging app itself, never mind that the US government sometimes seems to prohibit companies from even disclosing their requests.
5) Publishes technical details of encryption. Good or bad? I'm not sure, most people wouldn't understand the technical details and the ones that do ... well, that's a small community and I bet most can guess what everyone else is using. It doesn't directly make your messaging app safer. It indirectly helps by getting more eyeballs to spot flaws in the algorithm, but I'm betting that small community are pretty up to speed on the technical strengths & weaknesses of each approach anyways. They're no dummies.

And the end of the day, I think Blackberry gets big marks off for 2), default end-to-end encryption, especially since they like to brag about their security. But that's about it.

Now about the issue of end-to-end security. Let's get it straight, it only solves one aspect of security & privacy and that has to do with man-in-the-middle type of attacks. That's pretty much it. If somebody physically has your phone, if they can unlock it (which has nothing to do with the messaging app), they can read your messages. If the phone hardware has a flaw or backdoor, they can read your messages. If the phone has malware or backdoor built in, they can read your messages. Even on a phone with built-in unique hardware key, I believe there is a point where the messages can be captured on the phone prior to encryption. (If you can read it on the screen, so can something else).

So who is going to intercept your messages in transit? Who has the capacity to do this? One is the carriers and another are government agencies. Neither of them have any business reading my messages nor do I trust any of them to behave ethically. BUT, I'm willing to bet the governments can already get whatever information they want about me anyways, even if I do use iMessage, Telegram or whatever. AND I trust those companies even less (Facebook, Line, Viber, etc) who do not have any obvious business plan to make money other than stealing my personal data. At least Apple & Blackberry are offering this (outwardly anyways) as a bonus in order to sell their other services or hardware.