NSA: able to hack BlackBerry
- Just read an interesting article on Spiegel Online. Looks like BlackBerry is now officially "like everyone else".
original article (German):
NSA kann auch iPhone, BlackBerry und Android-Telefone auslesen - SPIEGEL ONLINE
international version (English):
Privacy Scandal: NSA Can Spy on Smart Phone Data - SPIEGEL ONLINE
EDIT | I'm not a tinfoilhat person. It's just the case that many BB users still try to argue with that "security feature" - and that seems to be wrong.09-07-13 11:54 AMLike 4 - Oh boy here we go...the FUD gates are now open.
As always, if you are using BES, you're fine. The data incoming/outgoing on non-BES BlackBerry devices was never really claimed to be "secure" if you get the facts straight.
But all BlackBerry devices are still most secure BY FAR BES or not in terms of OS code integrity and ability to lock apps down...but that doesn't pertain to data privacy. Security and privacy are two different things. I wish people would realize this before A) making claims overstating non-BES BB security, and B) before linking an article like this and saying "see, BlackBerry is no more SECURE than the others". Both erroneous statements.
~STV on Q10SQN100-5/10.1.0.4780 TMO US09-07-13 12:00 PMLike 10 - Just read an interesting article on Spiegel Online. Looks like BlackBerry is now officially "like everyone else".
original article (German):
NSA kann auch iPhone, BlackBerry und Android-Telefone auslesen - SPIEGEL ONLINE
international version (English):
Privacy Scandal: NSA Can Spy on Smart Phone Data - SPIEGEL ONLINE
EDIT | I'm not a tinfoilhat person. It's just the case that many BB users still try to argue with that "security feature" - and that seems to be wrong.09-07-13 12:07 PMLike 0 - So guessing it only applies to people who don't use BES then?
Posted via CB10Superfly_FR likes this.09-07-13 12:18 PMLike 1 -
BlackBerry's mail system could mean BES, or it could be interpreted a number of other ways, from the BIS email system, the server that figures out mail settings on BlackBerry 10, or even just may be referring to using email on a BlackBerry without BES. If BES was tapped into, that would be big enough of a deal to be specfic and it would make bigger headlines than this site I've rarely heard of.
~STV on Q10SQN100-5/10.1.0.4780 TMO US09-07-13 12:20 PMLike 2 - Oh boy here we go...the FUD gates are now open.
As always, if you are using BES, you're fine. The data incoming/outgoing on non-BES BlackBerry devices was never really claimed to be "secure" if you get the facts straight.
But all BlackBerry devices are still most secure BY FAR BES or not in terms of OS code integrity and ability to lock apps down...but that doesn't pertain to data privacy. Security and privacy are two different things. I wish people would realize this before A) making claims overstating non-BES BB security, and B) before linking an article like this and saying "see, BlackBerry is no more SECURE than the others". Both erroneous statements.
~STV on Q10SQN100-5/10.1.0.4780 TMO US
"The documents also state that the NSA has succeeded in accessing the BlackBerry mail system, which is known to be very secure. This could mark a huge setback for the company, which has always claimed that its mail system is uncrackable."
Strange part is, like you said no one thought bis was secure so why would the say it was thought to be "unbreakable" ?09-07-13 12:27 PMLike 0 - Even if it's true, I'm sure BlackBerry helped them out. I can just hear the conversion "give us the encryption algorithm if you want to continue selling BlackBerry to the DoD"lol
Posted via CB10John Pawling likes this.09-07-13 12:38 PMLike 1 - Would also like to point out that all you need is a COW (cell on wheels) to act as a connecting tower, a BIS server to read the BBM traffic, users then connect to this "tower" and ALL traffic can be intercepted that is not encrypted with the BES key.amazinglygraceless and helio9965 like this.09-07-13 12:48 PMLike 2
- I doubt this article. Why would the US government still use blackberry If this is so. It just another attempt to discredit blackberry.
Posted via CB1009-07-13 01:19 PMLike 0 - amazinglygracelessRetired ModBecause BlackBerry's used by and within governmental entities (especially Federal) are almost always on BES. This is nothing to do with discrediting BlackBerry (where do you people come up with this nonsense?) but more an issue of people NOT understanding the security differences that separate BlackBerry Internet Service (general consumer) and BlackBerry Enterprise Service.raino likes this.09-07-13 02:23 PMLike 1
- �hm...
Just to point out. I'm not bashing on BlackBerry.
I just wanted to recommend an interesting article, or at least what I think it was.
By the way. Consumers aren't on BES (normally) so my statement, that BlackBerry is like everyone else right now, isn't that wrong. I mean sure. You can say that this never has been the case, but at least it was my understanding that "security" is a feature, many BlackBerry users are proud of.09-07-13 02:49 PMLike 7 - amazinglygracelessRetired ModI don't think anyone thought you were...if anyone says that I'll punch them in the nose for you
By the way. Consumers aren't on BES (normally) so my statement, that BlackBerry is like everyone else right now, isn't that wrong. I mean sure. You can say that this never has been the case, but at least it was my understanding that "security" is a feature, many BlackBerry users are proud of.MKDS likes this.09-07-13 03:00 PMLike 1 - RIM Plays Defense as Snowden Leaks Touch BlackBerry - Digits - WSJ
Blackberry is still the most secure in general terms...against everything but the NSA . I think it's pretty naive to believe that they can't...09-07-13 03:04 PMLike 2 - I recognize four aspects:
1. how naive some people are cause they think the have nothing o hide therefore the NSA can�t be interested in their data traffic...
2. how indifferent a lot of people are about spying their life (and pay a lot of money to avoid spy-software on their PC)
3. who needs enemies with an (american) friend like the NSA... It doesnt helps to enhance the reputation of the USA!
4. The BES is also hacked- industrial espionage in the dishonest name of defense against terror....
Rammstein: "Amerika ist wunderbar".... If you�re able to- translate the lyrics...Last edited by serversurfer; 09-07-13 at 03:40 PM.
09-07-13 03:17 PMLike 5 -
The article in 'Spiegel' is the more recent article albeit the WSJ reported the same issue two month earlier. Even though the article in Spiegel isn't as detailed as I had hoped, the WSJ blog post from June leaves me under the impression that BES *might* not be affected.
It really is an interesting question and leaves my with another question: how about the security of the phone itself (and not regarding the BB mail infrastructure).
I am looking forward to an interesting discussion and hope to have the two questions answered.Tilman Mueller likes this.09-07-13 04:39 PMLike 1 - Fascinating discussion - and glad people (well some) are being objective, and also highlighting the difference between privacy and security. There is a difference, though both are important, in their own way.
If the man wants your info, he'll get it, whatever you're using. If you're transmitting sensitive corporate info, or whatever, you'd be foolish not to encrypt it. As far as I know, BlackBerry 10 doesn't have a pgp client - blow fish, two fish and serpent are out of the question (again, as far as I know) so what to do? I don't know.
Would love to hear more on this!
Posted via CB10 on my BlackBerry Q1009-07-13 04:59 PMLike 3 - Oh, Bes may offer some additional protection - and that's great. For the consumer... well what? BlackBerry don't support consumer vpns - like openvpn. I understand why (they are selling their own product, and consumers don't generally want, need nor care about wanting vpn access - I do) and it's frustrating.
Anyone know a way to deal with this issue also? Again, the man will probably have a way in... eventually...
What a world we live in!?
What happened?
Posted via CB10 on my BlackBerry Q1009-07-13 05:04 PMLike 0 - You guys should read Ars Technica for a better Knowledge of what has been disclosed by Snowden.
I really fail to see how blackberry could be safe, if not accomplice.
They implemented backdoors in https, ssl and many other encryption systems, with the help of the vendors, or the certifications authorities.
They can decrypt often in real time...
Posted via CB10danprown likes this.09-07-13 05:18 PMLike 1 -
- I am genuinely interested if BES is also affected - did you (or anyone) find a source regarding this issue?
The article in 'Spiegel' is the more recent article albeit the WSJ reported the same issue two month earlier. Even though the article in Spiegel isn't as detailed as I had hoped, the WSJ blog post from June leaves me under the impression that BES *might* not be affected.
It really is an interesting question and leaves my with another question: how about the security of the phone itself (and not regarding the BB mail infrastructure).
I am looking forward to an interesting discussion and hope to have the two questions answered.
I would presume that it's BES that they are talking about, but I also presume that it's not an attack on the cryptographic stream that they are breaking. However, the mention of the change of a compression system temporarily defeated the attack and that sort of implies that they are able to break the encryption itself, which is almost unbelievable - but the implication is there. With a known compression scheme there is a part of the message which will be known and that will aid in the decryption attempt. It's contributing a known plaintext, though only part of the width of a cryptographic block.
BES is not something I would rely on anyway to protect against a national intelligence resource and particularly not the NSA. BES still relies on the ability to indoctrinate / enroll a new device into an organization and thus supply a new device with the symmetric keys and thus those keys must be available and vulnerable to an organization willing and able to penetrate the server that those keys are located, and message keys are not "forward secret" they are kept around for a time before and after the current message is delivered.
The most concerning thing there is that a compression change temporarily defeated the attack, which slightly implies the NSA has an analytical attack available against either 3DES or AES, though there are other less scary possibilities.
Sent from my iPad using Tapatalk HD09-07-13 05:24 PMLike 4 - You guys should read Ars Technica for a better Knowledge of what has been disclosed by Snowden.
I really fail to see how blackberry could be safe, if not accomplice.
They implemented backdoors in https, ssl and many other encryption systems, with the help of the vendors, or the certifications authorities.
They can decrypt often in real time...
Posted via CB10
Unfortunately it's still not easy to find what attacks the NSA might have available. There are suggestions now to avoid eliptic curve encryption as it might be particularly vulnerable to the NSA and in almost the same breath it's said to avoid public key cryptography that relies on factoring. You're quickly left with almost nothing on the public key side you can trust and if RC4, 3DES and AES are suspect to varying degrees and even blowfish should be avoided due to small block sizes there is very little out there to use.
Sent from my iPad using Tapatalk HD09-07-13 05:36 PMLike 0 -
The article was published about as quickly as it could have been written making use of the just released documents. Why would they delay publication because apple is about to launch a product?
Sent from my iPad using Tapatalk HD09-07-13 05:47 PMLike 0 - so just as a quick question - if you run a bes10 server at home (I do), what traffic is encrypted from my blackberry back as far as my bes server? End to end email is not obviously, unless it is internal mail on the exchange server linked to the bes. But is all tcp traffic from the blackberry encrypted over bes, out via my carrier to the noc and back to my bes server? At this point it presumably emerges at my server and is once again 'in the clear'? Is that correct?09-07-13 06:03 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
NSA: able to hack BlackBerry
Similar Threads
-
WTS: Blackberry Z10 - AT&T (Barely Used)
By jdauria in forum The Marketplace - Buy, Sell & TradeReplies: 3Last Post: 09-12-13, 09:06 AM -
Create an "End of BlackBerry" subforum
By AluminiumRims in forum Site and App Feedback & HelpReplies: 5Last Post: 09-11-13, 08:21 AM -
70 M Subscribers can save blackberry
By ramanjit_kochhar in forum Armchair CEOReplies: 12Last Post: 09-10-13, 11:40 PM -
How can I remove the footnote "Sent from my Blackberry 10 smarthphone" ??
By fernandolsr in forum BlackBerry Q10Replies: 6Last Post: 09-08-13, 05:22 AM -
Blackberry z10 laptop app?
By monish patel in forum BlackBerry Z10Replies: 3Last Post: 09-07-13, 02:12 PM
LINK TO POST COPIED TO CLIPBOARD