1. TheStoryUp's Avatar
    I'm having trouble finding information on this. With the recent update from Edward Snowden and him highlighting the importance of End to End encryption I began to look into if my BB10 BBM is indeed encrypted.

    I heard back in December that E2E encryption was only available to BBOS and will not be available till spring of 2014 for BB10. Do you have to be on BES to get E2E encryption?

    Also how does encryption work on my BB10 device? Unless I have a password is it basically useless or does it keep apps from being able to read my files?

    Another thing is how do I make my email encrypted on BB10? I use Outlook

    Here's part of the conversation with Edward Snowden today.

    Chris: In the last eight months the big Silicon Valley technology companies have really improved their security in a way that was surprising to many of us who have been urging them for years to do so. It took Yahoo - Yahoo was kicking and screaming the whole way but they finally turned on SSL encryption in January of this year after Bart Gellman and Ashkan Sholtani shamed them on the front page of the Washington Post. The companies have locked things down but only in a certain way. They have secured the connection between your computer and Google?s server or Yahoo?s server or Facebook?s server, which means that governments now have to go through Google or Facebook or Microsoft to get your data. Instead of getting it with AT&T?s help or Verizon?s help or Comcast?s or any party that watches the data as it goes over the network. I think it is going to be difficult for these companies to offer truly end to end encrypted service simply because it conflicts with their business model. Google wants to sit between you and everyone you interact with and provide some kind of added value. Whether that added value is advertising or some kind of information mining. Improved experience telling you when there are restaurants nearby where you can meet your friends. They want to be in that connection with you and that makes it difficult to secure those connections.

    Full Transcript

    Edward Snowden SXSW: Full Transcription and Video Ô€” [ INSIDE ]

    Zed30
    03-10-14 11:42 PM
  2. yvpan1's Avatar
    what i know is, even though BB10 does not rely on BIS anymore but the fact that BBM will run if there is a BB logo displayed besides the signal bar, that means BBM convos are routed to the BBM NOC hence it is E2E encrypted.
    03-11-14 12:48 AM
  3. BlackBerry Guy's Avatar
    From everything I've read, end to end encryption was and still is only available on BES enabled devices.
    MADBRADNYC likes this.
    03-11-14 01:14 AM
  4. MADBRADNYC's Avatar
    From everything I've read, end to end encryption was and still is only available on BES enabled devices.
    Encryption only lives on BES. Everything else is "scrambled".
    http://encryptedmobile.com/is-bbm-secure-article/
    KDB84 and BlackBerry Guy like this.
    03-11-14 01:18 AM
  5. TheStoryUp's Avatar
    From everything I've read, end to end encryption was and still is only available on BES enabled devices.
    So BBM is really no more secure than Whatsapp for the consumer? except that it's a Canadian company and the US government can't force BlackBerry to give up their data?


    Zed30
    03-11-14 07:50 AM
  6. SirJes's Avatar
    So BBM is really no more secure than Whatsapp for the consumer? except that it's a Canadian company and the US government can't force BlackBerry to give up their data?


    Zed30
    It's still scrambled

    Posted via CB10
    03-11-14 07:55 AM
  7. TheStoryUp's Avatar
    What's the difference between PIN messages and just using the BBM app?


    Zed30
    03-11-14 08:11 AM
  8. SirJes's Avatar
    What's the difference between PIN messages and just using the BBM app?


    Zed30
    When it comes to security I can't say,

    But one difference is u don't have to have that person as a bbm contact in order to pin message them

    Posted via CB10
    03-11-14 08:13 AM
  9. TheStoryUp's Avatar
    When it comes to security I can't say,

    But one difference is u don't have to have that person as a bbm contact in order to pin message them

    Posted via CB10
    Thanks, this whole encryption thing has really been had to wrap my head around, and how I set up my BlackBerry to be as secure as possible as a consumer.

    I keep in contact with different people at work through BBM and they are on BES. I send them data and files. Was wondering if that is secure.

    Zed30
    03-11-14 08:28 AM
  10. Troy Tiscareno's Avatar
    BBM messages DO get encrypted even when not on BES, however, everyone uses the same shared key, and that key exists on every BB device, and on every copy of BBM, so from a code-breakers point of view, it might as well be in the clear, because the key is everywhere, and easily obtained. This encryption will prevent casual surveillance, but it certainly won't stop, or even slow down very much, anyone with experience or determination.

    When on BES, a key unique to that particular BES server is used, which means that far fewer have they key, and it's not the standard BB key that all non-BES users have, so the security is considerably higher.
    03-11-14 02:18 PM
  11. MADBRADNYC's Avatar
    True encryption has always only on BES. Normal BBM user messages are so-called "encrypted" but that is a very loose interpretation of encryption. Even BlackBerry admits that it is not as secure as BES, does NOT utilize "transport Layer Protection", and also acknowledges that it is also called "scrambling".

    I cannot see how BB10 would be any different from BBOS devices being that it uses the same technology, but uses current carrier data plans to connect to the NOC.
    Because all devices share the same global PIN encryption key, there is a limit to how effectively BlackBerry Messenger messages are encrypted. BlackBerry Messenger messages are not considered as confidential as email messages that are sent from the BlackBerry« Enterprise Server, which use BlackBerry transport layer encryption. Encryption using the global PIN encryption key is sometimes referred to as "scrambling".
    PIN encryption keys - Security Note - BlackBerry Messenger - 5.0, 6.0, 7.0
    03-11-14 02:45 PM
  12. MADBRADNYC's Avatar
    Here is a more current article.
    BlackBerry 10 Encryption Comparison to iOS and Android | N4BB
    Attached Thumbnails Does BBM use End to End encryption for BB10?-scrambling-bb10.png  
    03-11-14 02:55 PM
  13. vrud's Avatar
    BBM messages DO get encrypted even when not on BES, however, everyone uses the same shared key, and that key exists on every BB device, and on every copy of BBM
    Why do you think the key is in each copy of BBM?
    My impression is that the BB10/BBOS device is able to decrypt PIN messages (by having the private key burned in the secure hardware) but it's not the BBM software that has the key.

    I believe that BBM uses another transport (SSL?) when messages go to/from iPhone and Android and likely have the same vulnerabilities as competition.
    EDIT: Just noticed a table above saying that BB10 <-> iPhone/Android link is insecure which confirms my expectations.
    03-11-14 03:07 PM
  14. ssbtech's Avatar
    BlackBerry would see a drastic jump in BBM users if they enabled end to end encryption with private keys for all BBM users.
    Q10Bold likes this.
    03-11-14 03:11 PM
  15. MADBRADNYC's Avatar
    Why do you think the key is in each copy of BBM?
    My impression is that the BB10/BBOS device is able to decrypt PIN messages (by having the private key burned in the secure hardware) but it's not the BBM software that has the key.
    Correct!
    As per the BlackBerry link provided...
    By default, each device uses the same global PIN encryption key, which Research In Motion adds to the device during the manufacturing process. The global PIN encryption key permits every device to authenticate and decrypt every BlackBerry Messenger message that the device receives.
    03-11-14 03:16 PM
  16. TheStoryUp's Avatar
    I've found this app in BlackBerry world and it seems to be the only one that's available for pgp. Although I've yet to figure it all out it looks to be the only option for End to End encryption for the consumer.

    Their isn't any HUB integration yet, but it's supposed to be on they way.

    It's not that I'm worried about being hacked, I'm just interested in how to use my devices more securely.

    http://pawelgorny.com/PGpgp/




    Does BBM use End to End encryption for BB10?-untitled.png

    Zed30
    FijiBB likes this.
    03-11-14 03:46 PM
  17. Q10Bold's Avatar
    BlackBerry would see a drastic jump in BBM users if they enabled end to end encryption with private keys for all BBM users.
    This!

    Posted via BlackBerry Q10Bold
    03-11-14 04:03 PM
  18. karaya1's Avatar
    BBM does use moderately better encryption than whatapp, but whatsapp (post2012) is far better than SMS as those messages are literally plain text.
    Here is a simple article that doesn't get too technical for basic users.
    BolehVPN: Among the Top 5 rated VPN Providers in the World ┬╗ Blog Archive ┬╗ How secure is WhatsApp?
    In reality. If you REALLY wanted a very secure system for little $$ , you'd get an android nexus (or moto g/x) device, put cynogenmod on it and use Redphone/Text Secure(Free) or the silent circle group of apps(fee, but reasonable) with your group of other security minded individuals.

    Here is one other comparison article. BBM isn't all that great, especially on the other devices.
    BolehVPN: Among the Top 5 rated VPN Providers in the World ┬╗ Blog Archive ┬╗ Looking for a secure alternative to WhatsApp?
    03-14-14 07:22 AM
  19. lasouthern's Avatar
    Correct. I have that app too. Can you give me your public key ID and i'll send you an e-mail so we can test it out. I don't have any of my friends that use PGP. Lol

    My ID is 1b6bd21fadc6dc77

    Posted via CB10
    02-28-15 09:01 PM
  20. tipplex's Avatar
    It is scrambled with 3DES 168bit and masterkeys are owned by blackberry to decrypt when needed.

    Posted via CB10
    03-03-15 11:42 AM
  21. lasouthern's Avatar
    It is scrambled with 3DES 168bit and masterkeys are owned by blackberry to decrypt when needed.

    Posted via CB10
    You're wrong on one point. They do not own the "keys". They own the "key". There's only one key to decrypt all BIS which again I call on BlackBerry to offer end to end encryption like textsecure and others.

    Posted via CB10
    03-04-15 10:42 PM

Similar Threads

  1. Igrann not posting to Twitter or Facebook
    By d987654321 in forum General BlackBerry News, Discussion & Rumors
    Replies: 7
    Last Post: 03-21-14, 11:01 AM
  2. Does BlackBerry really care about US consumers?
    By dougverli1 in forum General BlackBerry News, Discussion & Rumors
    Replies: 94
    Last Post: 03-15-14, 06:09 AM
  3. Google play from browser to Snap!
    By sohood in forum BlackBerry 10 OS
    Replies: 7
    Last Post: 03-11-14, 02:01 PM
  4. Replies: 4
    Last Post: 03-11-14, 12:50 AM
  5. Replies: 4
    Last Post: 03-10-14, 11:13 PM
LINK TO POST COPIED TO CLIPBOARD