[belfastdispatcher]

and now reading even more about the London Riots I came across this quote:
In the words of Crackberry.com, “although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic 'key' that is common to every BlackBerry device all over the world". “This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed.”

Uh - that takes a lot of the advantage away. PIN to PIN messages are encrypted with a single symmetric key that is common to every blackberry in the world? Unless I'm not understanding this correctly, that seems to mean that there's almost no value in the encryption at all. If you can intercept the message and that message isn't encrypted by a asymmetric session key, and moreover is a key the whole world must be aware of, what is the point?

Can someone explain exactly how BBM encryption works?

edit: it looks like this article: Is BlackBerry messaging secure? | Sci-Tech | DAWN.COM reinforces that.

(quoted) However, it should be understood that if you are not using BES, you should not consider PIN-to-PIN messages as ‘secure’ and/or encrypted. The messages are only scrambled to the point where a normal third party cannot view them.

No kidding. This is basically exactly the same level of security that WhatsApp has. You just have to go to a different but also easily available place to get ahold of the symmetric key.

Someone please tell me that these articles are wrong and I am not correctly understanding how the PIN to PIN encryption is being applied for BIS communications with BBM?

I see what you're saying but RIM has made sure a PIN is imposibile to spoof on their network, never been done. It's the reason RIM knows exactly how many active subscribers they have. And not only messages but also files go trough this network.

[anon62607]

I see what you're saying but RIM has made sure a PIN is imposibile to spoof on their network, never been done. It's the reason RIM knows exactly how many active subscribers they have. And not only messages but also files go trough this network.

Spoofing the pin isn't the problem, observing the message in transport and then decrypting it is the problem. If you were somehow able to spoof the pin it would make things much easier in that you could have the messages delivered to you in encrypted form wherever in the world you wanted, but for example messages being delivered over a wifi or GSM network could be observed by a third party and then decrypted.

[belfastdispatcher]

Spoofing the pin isn't the problem, observing the message in transport and then decrypting it is the problem. If you were somehow able to spoof the pin it would make things much easier in that you could have the messages delivered to you in encrypted form wherever in the world you wanted, but for example messages being delivered over a wifi or GSM network could be observed by a third party and then decrypted.

You are assuming this, in practice is impossible as proved by the test of time, RIM has never had a BIS or BES breach of security. It's the reason givernments use it, it's the reason a lot of the UK police use them.

PS if one really wants to they can encrypt pin to pin messages as explained here by I can't remember who, I just saved the how to do it:

1) Select contact from contact list that has a BlackBerry pin saved.
2) Hit the menu button and select option to send a pin message to that contact.
3) Go up to where it says encoding and select s/mime (encrypt)
4) Once S/mime (encrypt) has been selected hit the BlackBerry button and select options. Scroll down to select use password based encryption, hit the BB button and save.
5)Type message keeping in mind the subject line will not be encrypted.
6) Hit the BB button and send
7) Enter the password the recipient will need to enter upon receiving the message in order to decrypt an read it.
8) Once password has been entered twice, select ok to send your encrypted message to your contact. Once they enter the password on their phone they will be able to read the body of the message.

[anon62607]

You are assuming this, in practice is impossible as proved by the test of time, RIM has never had a BIS or BES breach of security. It's the reason givernments use it, it's the reason a lot of the UK police use them.

PS if one really wants to they can encrypt pin to pin messages as explained here by I can't remember who, I just saved the how to do it:

1) Select contact from contact list that has a BlackBerry pin saved.
2) Hit the menu button and select option to send a pin message to that contact.
3) Go up to where it says encoding and select s/mime (encrypt)
4) Once S/mime (encrypt) has been selected hit the BlackBerry button and select options. Scroll down to select use password based encryption, hit the BB button and save.
5)Type message keeping in mind the subject line will not be encrypted.
6) Hit the BB button and send
7) Enter the password the recipient will need to enter upon receiving the message in order to decrypt an read it.
8) Once password has been entered twice, select ok to send your encrypted message to your contact. Once they enter the password on their phone they will be able to read the body of the message.

It's the same level of assumption that is going into the description of the WhatsApp weaknesses. Both are being described in almost exactly the same way, RIM also says that BBM over BIS messages should not be considered encrypted but simply scrambled, and there is considerable description of the weakness of both systems and it looks to be almost exactly the same weakness, and interception and decryption of both systems (whatsapp on android with the most recent software vs BBM on BIS) are both described theoretically but I can't find any examples of an attack demonstrated, but both of them certainly seem weak enough, and particularly weak for something of the level of western government (or Chinese or Russian, et. al.) agency to monitor.

Nothing in what they are describing looks to be particularly difficult for anyone to attack or at least one doesn't seem to be any more difficult than another. Short of taking a sabbatical and making it a grad school project it's going to have to be an assumption I'm making in both cases, but again, from what is described it does not look difficult to attack.

Government agencies may well use BBM over BES with supplemental security, I'm sure they don't use BBM over BIS for anything remotely sensitive.

Thanks for the description of how to encrypt the message but some of the same fundamental problems exist - it's a symmetric cypher and there needs to be a secure way of exchanging the key between the sender and recipient (PGP does something like this - or used to - the message is encrypted with a symmetric cypher but then that key is encrypted with the target public key, in the old days the encryption was too CPU intensive to do this for the entire message but I imagine now it's within reason). This is effectively the same security whatsapp has again - the message is encrypted but the key is communicated in the clear. If the key is intercepted during transmission, the message is vulnerable. Basically exactly the same thing those 1-8 steps above provide for, except there is at least the option in that situation of meeting and exchanging the shared secret or of communicating it in some other known secure way.

[belfastdispatcher]

It's the same level of assumption that is going into the description of the WhatsApp weaknesses. Both are being described in almost exactly the same way, RIM also says that BBM over BIS messages should not be considered encrypted but simply scrambled, and there is considerable description of the weakness of both systems and it looks to be almost exactly the same weakness, and interception and decryption of both systems (whatsapp on android with the most recent software vs BBM on BIS) are both described theoretically but I can't find any examples of an attack demonstrated, but both of them certainly seem weak enough, and particularly weak for something of the level of western government agency to monitor.

Nothing in what they are describing looks to be particularly difficult for anyone to attack or at least one doesn't seem to be any more difficult than another. Short of taking a sabbatical and making it a grad school project it's going to have to be an assumption I'm making in both cases, but again, from what is described it does not look difficult to attack.

Government agencies may well use BBM over BES with supplemental security, I'm sure they don't use BBM over BIS for anything remotely sensitive.

Thanks for the description of how to encrypt the message but some of the same fundamental problems exist - it's a symmetric cypher and there needs to be a secure way of exchanging the key between the sender and recipient (PGP does something like this - or used to - the message is encrypted with a symmetric cypher but then that key is encrypted with the target public key, in the old days the encryption was too CPU intensive to do this for the entire message but I imagine now it's within reason). This is effectively the same security whatsapp has again - the message is encrypted but the key is communicated in the clear. If the key is intercepted during transmission, the message is vulnerable. Basically exactly the same thing those 1-8 steps above provide for, except there is at least the option in that situation of meeting and exchanging the shared secret or of communicating it in some other known secure way.

But you're ignoring that BIS BES has stood the test of time and it has been impossible even for law enforcement agencies to break into them, which is part of the reason themselves are using them, you know, for security reasons.

What you maybe missed about Whatsapp is they base encryption on device mac number or imei etc

And what's more important a BBM identity cannot be stolen, you can't clone a pin and spoof it on the network, period. Phone numbers, well you know how easy that is.

http://www.ebay.co.uk/sch/i.html?_trksid=p5197.m570.l1311&_nkw=sim+card+clon er&_sacat=0&_from=R40

[anon62607]

But you're ignoring that BIS BES has stood the test of time and it has been impossible even for law enforcement agencies to break into them, which is part of the reason themselves are using them, you know, for security reasons.

What you maybe missed about Whatsapp is they base encryption on device mac number or imei etc

And what's more important a BBM identity cannot be stolen, you can't clone a pin and spoof it on the network, period. Phone numbers, well you know how easy that is.

sim card cloner in Computers/Tablets & Networking | eBay

Sure, the key is generated based on the imei (on android). At least that is a different key for every device in the world, BBM (on BIS) uses the same key for every device in the world. You wouldn't even have to know the imei - you already know the key.

Communications security establishment canada specifically calls some of this out:
Security of BlackBerry PIN-to-PIN Messaging

PIN-to-PIN transmission security: PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic "key" that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the "BlackBerry Solution Security Technical Overview" [1] document published by RIM specifically advises users to "consider PIN messages as scrambled, not encrypted".

Note the recommendations include using BES with a privately generated key, but that this negates the ability to communicate PIN to PIN to outside-of-enterprise devices. I have no idea if that is accurate, but that's what CSEC states there.

I'm not sure how much further to go with the discussion. A Crackberry editorial says that BBM over BIS is not secure ( Is PIN to PIN messaging secure? | CrackBerry.com ), a number of blogs indicate that it is not secure and as per the link I already provided the CSEC indicates it is not secure. Additionally it certainly doesn't seem secure in how it is described. I suspect further discussion will just go back and forth with you saying "it is secure, no one has ever broken it" and me saying "it is repeatedly stated that it is not secure by RIM itself, various agencies and various publications". Yes, I can't find a youtube video with someone decrypting a message taken out of a GSM frame and decrypted, but I also don't think the kinds of agencies that do this sort of thing put their findings on youtube.

[reeneebob]

Awwww look. One of the fake accounts finally got the courage to do more than like spam.

I had to get the red SGS3...garnet is my birthstone! Excuses sent via Tapatalk 2

[belfastdispatcher]

Sure, the key is generated based on the imei (on android). At least that is a different key for every device in the world, BBM (on BIS) uses the same key for every device in the world. You wouldn't even have to know the imei - you already know the key.

Communications security establishment canada specifically calls some of this out:
Security of BlackBerry PIN-to-PIN Messaging

PIN-to-PIN transmission security: PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic "key" that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the "BlackBerry Solution Security Technical Overview" [1] document published by RIM specifically advises users to "consider PIN messages as scrambled, not encrypted".

Note the recommendations include using BES with a privately generated key, but that this negates the ability to communicate PIN to PIN to outside-of-enterprise devices. I have no idea if that is accurate, but that's what CSEC states there.

I'm not sure how much further to go with the discussion. A Crackberry editorial says that BBM over BIS is not secure ( Is PIN to PIN messaging secure? | CrackBerry.com ), a number of blogs indicate that it is not secure and as per the link I already provided the CSEC indicates it is not secure. Additionally it certainly doesn't seem secure in how it is described. I suspect further discussion will just go back and forth with you saying "it is secure, no one has ever broken it" and me saying "it is repeatedly stated that it is not secure by RIM itself, various agencies and various publications". Yes, I can't find a youtube video with someone decrypting a message taken out of a GSM frame and decrypted, but I also don't think the kinds of agencies that do this sort of thing put their findings on youtube.

Yet the law agencies do cry they can't do it, no matter what you read on paper, usually disclaimers. It simply cannot be done, even if you do know the key it's useless if you cannot get on the network and if the devices are password protected and encrypted locally you have no chance in helll getting them from the devices either. So i don't know what more do you want. BBM is proven to be secure for quite a few years now, for some countries it's even too secure and tried to ban it.

[qbnkelt]

You know, seriously Varun Sain, no more kidding around here, OK? Seriously now...

Do you really think that engaging in this kind of behaviour is worth having your IP trapped and blocked? It's not just CB....there are laws in India that deal with internet/communications abuse. You have established a well seen pattern here and I don't think that this kind of childish behaviour is worth an impact to your being able to conduct your business. You are defacing an internet site, stalking three women, bullying.....all for the sake of a piece of plastic and wires.

Now....this is the last time that I will address you in a sensible, logical manner. I really don't want to act against you, so don't push my hand. You have shown a clear pattern and if you think just creating a new account is the end of it, you are incorrect. Seriously, stop and think. Research regulations and laws in India against this kind of stalking, defacing, bullying, and misogyny.

This is the last time.

From this point there will be action against you.

http://cybercellmumbai.gov.in/

[Sith_Apprentice]

Ok things are a biiit off topic. Getting back to BBM encryption and PIN-TO-PIN encryption let us go straight to the source.

http://docs.blackberry.com/en/admin/...1840226_11.jsp

There is a global 168bit TDES key. Keep in mind that every BlackBerry shares this key, but it is still encrypted. It should not been considered secure, but it is better than text etc.


Whatsapp says they are encrypted but I don't see the method. They also have some history of privacy issues so I would be cautious there.

[Sith_Apprentice]

Also please take a look here.

http://www.internetsociety.org/sites...files/07_1.pdf

[hornlovah]

Yet the law agencies do cry they can't do it, no matter what you read on paper, usually disclaimers. It simply cannot be done, even if you do know the key it's useless if you cannot get on the network and if the devices are password protected and encrypted locally you have no chance in helll getting them from the devices either. So i don't know what more do you want. BBM is proven to be secure for quite a few years now, for some countries it's even too secure and tried to ban it.

The following is not correct: "if the devices are password protected and encrypted locally you have no chance in helll getting them from the devices either," but you make a great point about the threat model. Cellebrite finally released software last September that will reliably decrypt and decompress BBMs sent via BIS from memory dumps of locked, encrypted devices. The shared key is known, but talented forensic researchers struggled with the compression algorithm for quite some time.

Valeuche, any threat to BIS BBM security will come from law enforcement via a lawful request to intercept communications or your locked device ending up in the hands of a skilled forensic analyst with access to specialized equipment and restricted software costing several thousand dollars. If you need/desire to thwart these types of attacks, use PGP, protect your keys with a long, randomly generated password, and pray that the recipient shares your commitment to security/privacy.

[Branta]

The following is not correct: "if the devices are password protected and encrypted locally you have no chance in helll getting them from the devices either," but you make a great point about the threat model. Cellebrite finally released software last September that will reliably decrypt and decompress BBMs sent via BIS from memory dumps of locked, encrypted devices. The shared key is known, but talented forensic researchers struggled with the compression algorithm for quite some time.

Are you suggesting the encryption and other protections required for FIPS 140-2 certification can be broken by Cellbrite? If your claim was true the FIPS approval for all RIM devices would have been revoked 4-5 months ago - and most other crypto module approvals would also be impacted if the approved encryption methods have been cracked.

[hornlovah]

Are you suggesting the encryption and other protections required for FIPS 140-2 certification can be broken by Cellbrite? If your claim was true the FIPS approval for all RIM devices would have been revoked 4-5 months ago - and most other crypto module approvals would also be impacted if the approved encryption methods have been cracked.

I'm suggesting that Cellebrite Physical Analyzer can decode BBMs scrambled with the global BIS key, and in some cases, they have also retrieved deleted BIS BBMs from locked, encrypted devices. Deleted BBM retrieval seems to be hit & miss and dependent on the OS and other factors though.

[belfastdispatcher]

I'm suggesting that Cellebrite Physical Analyzer can decode BBMs scrambled with the global BIS key, and in some cases, they have also retrieved deleted BIS BBMs from locked, encrypted devices. Deleted BBM retrieval seems to be hit & miss and dependent on the OS and other factors though.

Do you have a link for this that proves it?

[hornlovah]

Do you have a link for this that proves it?

I'm genuinely puzzled why anyone would think that a global encryption key, present on every BlackBerry phone, would remain a secret from forensic researchers. That said - I can't link to the exact discussion I was referring to because access is restricted, but I did locate a similar discussion in a public forum. This post does contain contain a statement from a Cellebrite representative saying that the next Cellebrite UFED Physical Analyzer adds deleted BBM retrieval from physical dumps and chip offs. Would that suffice? Are you familiar with the circumstances in which a chip-off extraction would be necessary? If so, read Deleted BBM extraction from phyical or chip-off.

[Sith_Apprentice]

I'm suggesting that Cellebrite Physical Analyzer can decode BBMs scrambled with the global BIS key, and in some cases, they have also retrieved deleted BIS BBMs from locked, encrypted devices. Deleted BBM retrieval seems to be hit & miss and dependent on the OS and other factors though.

Devices that are encrypted with the DEVICE key cannot be broken into by the cellebrite machines, also encryption set to "Strongest" is considered to be 'not breakable', and the data is NOT retrievable on anything newer than OS 4.5.

Also a wipe, with content protection set to "Stronger" or higher, will erase ALL data on the device, compliant with US Govt standards. On devices 4.5 and newer, this can be used to sanitize devices that have had classified data leak onto them.

[hornlovah]

Devices that are encrypted with the DEVICE key cannot be broken into by the cellebrite machines, also encryption set to "Strongest" is considered to be 'not breakable', and the data is NOT retrievable on anything newer than OS 4.5.

Please review my earlier posts. I would never claim that a Cellebrite UFED device can access data on a locked BlackBerry, but I did state that Cellebrite Physical Analyzer software can decode BIS BBMs from memory dumps of locked, encrypted devices. These memory dumps are obtained from chip-off and JTAG extractions.

[belfastdispatcher]

I'm genuinely puzzled why anyone would think that a global encryption key, present on every BlackBerry phone, would remain a secret from forensic researchers. That said - I can't link to the exact discussion I was referring to because access is restricted, but I did locate a similar discussion in a public forum. This post does contain contain a statement from a Cellebrite representative saying that the next Cellebrite UFED Physical Analyzer adds deleted BBM retrieval from physical dumps and chip offs. Would that suffice? Are you familiar with the circumstances in which a chip-off extraction would be necessary? If so, read Deleted BBM extraction from phyical or chip-off.

You're basing your argument on that? Did you even read it properly?

"Gregg,

To answer your question I think that you will have no luck getting anything back if the device has had the passcode entered incorrectly X times and caused a wipe to commence.

I had this same issue with a customer who gave me 12 variations of a password to try, obviously I was going to only be able to try 10 of those, so, after prioritising the list of 12, 10 passwords were entered, each of which was unsuccessful. The device commenced the wiping operation. I attempted to remove the battery and replace, but the wiping continued once the battery was replaced.

After this I took a physical acquisition using UFED and got absolutely nothing back. It is my understanding that the wipe operation doesn't just replace the file system but actually zeros out the memory space first.

If my memory serves me correctly it was an 8520 which I did this on.

Colin
_________________"

[hornlovah]

You're basing your argument on that? Did you even read it properly?

"Gregg,

To answer your question I think that you will have no luck getting anything back if the device has had the passcode entered incorrectly X times and caused a wipe to commence.

I had this same issue with a customer who gave me 12 variations of a password to try, obviously I was going to only be able to try 10 of those, so, after prioritising the list of 12, 10 passwords were entered, each of which was unsuccessful. The device commenced the wiping operation. I attempted to remove the battery and replace, but the wiping continued once the battery was replaced.

After this I took a physical acquisition using UFED and got absolutely nothing back. It is my understanding that the wipe operation doesn't just replace the file system but actually zeros out the memory space first.

If my memory serves me correctly it was an 8520 which I did this on.

Colin
_________________"

Yes, I read it properly. The first post from the Cellebrite rep says, "Since the interest in BBM messages is still very relevant, I would like to share with you that the next UFED Physical Analyzer release will add deleted BBM extraction from the physical dumps and chip-offs." Chip-off extractions are only used when analysts encounter a locked device - there is no debating that fact. I'm not sure why you quoted an off-topic post regarding device wiping capabilities to refute my previous assertion. Perhaps you should review the thread again.

[belfastdispatcher]

Yes, I read it properly. The first post from the Cellebrite rep says, "Since the interest in BBM messages is still very relevant, I would like to share with you that the next UFED Physical Analyzer release will add deleted BBM extraction from the physical dumps and chip-offs." Chip-off extractions are only used when analysts encounter a locked device - there is no debating that fact. I'm not sure why you quoted an off-topic post regarding device wiping capabilities to refute my previous assertion. Perhaps you should review the thread again.

Right, the NEXT version is claimed to be able to do it in a forum post, not happened yet has it? It implies it might happen at some time in the future, no facts to see here.

[hornlovah]

Right, the NEXT version is claimed to be able to do it in a forum post, not happened yet has it? It implies it might happen at some time in the future, no facts to see here.

Please do your own homework. A quick glance tells me that Physical Analyzer 3.6.1 was released on or about December 28, 2012, and that forum post was dated September 3, 2012. I've followed Cellebrite for several years, and they will generally announce new capabilities in forums and discussion groups when the new software reaches the beta testing stage.

[belfastdispatcher]

Please do your own homework. A quick glance tells me that Physical Analyzer 3.6.1 was released on or about December 28, 2012, and that forum post was dated September 3, 2012. I've followed Cellebrite for several years, and they will generally announce new capabilities in forums and discussion groups when the new software reaches the beta testing stage.

So do they officially advertise they can do it?

[hornlovah]

So do they officially advertise they can do it?

LOL. The post in question was written by Cellebrite's Co-CEO, Ron Serber.

[belfastdispatcher]

LOL. The post in question was written by Cellebrite's Co-CEO, Ron Serber.

That's not what I asked, we all know how prone to making wild promises CEOs are. Can they do it? Is their product advertised as they can do it? Personally the media would've been all over it if it was possible.