[tmurphx5]

Here is an interesting article on BlackBerry security and BBM..

"
BlackBerry is a synonym of security, plain and simple. This ugly news that has come out recently may just be the shake up the world needed to see that simple fact."

Read more at The NSA And PRISM, Where Does BlackBerry Stand? - BlackBerry - BB The NSA And PRISM, Where Does BlackBerry Stand? - BlackBerry - BB

[Nindia]

The whole NSA leak is a great thing for BlackBerry overall. The majority of the world is too stupid to care about their privacy but hopefully it will open everyone's eyes to what is really going on. It's not a conspiracy theory anymore.

Posted via CB10

[Bilaal]

Sure, it's a great thing, but will BlackBerry capitalize on this and push a few internet ads? No. Thus making all this pointless.

[jojo212]

Already posted here.
http://forums.crackberry.com/general...ckbery-815954/

[m1a1mg]

How stupid. I realize the article is from a BB fanboi site, but does anyone, besides the most deluded fanboi, really believe this line?

Also, as a Canadian company, U.S. government agencies have no jurisdiction over BlackBerry, and unless BlackBerry hands over the encryption keys willingly (which hasn't and will most likely never happen), our data will stay secure.

The italicized part is funny. The bolded part made me laugh out loud.

BB has long been the choice for the DoD. If BB plays with the DoD, BB gave those encryption keys long ago. Willingly.

Also, to think that the NSA can't crack BB encryption is unrealistic.

Finally, there is a reason why the Canadians are one of our most trusted allies.

[dannyd86]

How stupid. I realize the article is from a BB fanboi site, but does anyone, besides the most deluded fanboi, really believe this line?

Also, as a Canadian company, U.S. government agencies have no jurisdiction over BlackBerry, and unless BlackBerry hands over the encryption keys willingly (which hasn't and will most likely never happen), our data will stay secure.

The italicized part is funny. The bolded part made me laugh out loud.

BB has long been the choice for the DoD. If BB plays with the DoD, BB gave those encryption keys long ago. Willingly.

Also, to think that the NSA can't crack BB encryption is unrealistic.

Finally, there is a reason why the Canadians are one of our most trusted allies.

Pretty much, we probably handed it over with a side a poutine.

The Internet is an information tool. And people will use that tool to their advantage. Don't do things you don't want people seeing on the Internet....

Posted via CB10

[jasonvan9]

How stupid. I realize the article is from a BB fanboi site, but does anyone, besides the most deluded fanboi, really believe this line?

Also, as a Canadian company, U.S. government agencies have no jurisdiction over BlackBerry, and unless BlackBerry hands over the encryption keys willingly (which hasn't and will most likely never happen), our data will stay secure.

The italicized part is funny. The bolded part made me laugh out loud.

BB has long been the choice for the DoD. If BB plays with the DoD, BB gave those encryption keys long ago. Willingly.

Also, to think that the NSA can't crack BB encryption is unrealistic.

Finally, there is a reason why the Canadians are one of our most trusted allies.

I don't know, i thought that the DoD was just a BES network... which has its own encryption keys.. but who knows what blackberry had to give up to win that contract...

BlackBerry uses 128bit AES encryption, i forget the exact figures but it was something like the worlds top 10 super computers put together would take 10 million years to get through all the combinations... have to look it up yourselves.

But yes, if you think being Canadian will shield you from the NSA that is simply not true, our own intelligence center shares information freely with their US counterparts and vice versa... if the US requests it, we provide it to them...

Posted via CB10

[Dave Bourque]

Common wealth countries share all information with the US... BlackBerry isn't a safe haven from that either.

Sent from my BB10 smartphone.

[hkkelvinlee]

That's why you have BES, where the Corp supposedly have their own key. Still afraid? I reckon there should be TP encryption products.

Posted via CB10

[Dapper37]

BlackBerry encryption hasn't been broke, they will hand over information when there is a court order presented to them. Checks and balances matter people.
BlackBerry has a secure private network. Data sent on It is inherently more secure then the WWW.
There's lots of data that's not 100% secure on a BlackBerry depending on 3rd party service you use. "Your choice not BlackBerry's"
But there is no better device on the market if you want to keep your data yours!

Posted via CB10

[mccs]

Well, here's what I now find interesting:

Canada says it monitors foreign phone, internet traffic
By David Ljunggren | Reuters – June 10, 2013

OTTAWA (Reuters) - Canada's government on Monday declined to say whether it was using data gathered by a secret U.S. government eavesdropping program, but confirmed its own secret signals intelligence agency was monitoring foreign phone and internet traffic.

http://ca.news.yahoo.com/canadas-pri...174818067.html

So, tell me now, how secure really is our Blackberry...?

[Dave Bourque]

@mccs point is nothing is secure. Absolutely nothing. Just different degrees of security.

Sent from my BB10 smartphone.

[mccs]

@dave: concur. it was more a rhetorical question...but i had always wondered just how secure things were when using BBM on my 9700 via BIS through tmobile...

[jrohland]

BlackBerry stands about 800 kilometers north of NSA.

Remember BlackBerry uses the carrier network to route phone calls. The Prism, as I understand it, collects phone connections. Since that is stolen from the carriers at gun point (that is how the government gets everything), it doesn't matter what mobile phone you have.

Data traffic is different. It can be encrypted at the endpoint in such a way that even the NSA could not decode it in realtime. Although, some cryptographers believe encryption standards are not accepted by the US government until the NSA finds a back door.

[cgk]

Other documents record apparently successful efforts to penetrate the security of BlackBerry smartphones: "New converged events capabilities against BlackBerry provided advance copies of G20 briefings to ministers … Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year."

GCHQ intercepted foreign politicians' communications at G20 summits | UK news | The Guardian

[grahamf]

Canadian law prevents companies from handing out data willy-nilly. I'd be surprised if BB was lassoed into PRISM, considering the fights they have had in India and such.

[Omnitech]

It's a fact that Canada is a close ally of the USA and cooperates on intelligence matters. And it's also a fact that BlackBerry has longstanding tight relationships with US federal government agencies including intelligence and military agencies.

But Canada is still a sovereign country with its own laws, and in general has not been nearly as draconian in its approach to the "war on terror" as the USA has, so I still think there are advantages to the company being based in CA.

[cgk]

That's all great but any thoughts about possible ways in which GCHQ was intercepting messages off foreign diplomats BBs?

[JeepBB]

That's all great but any thoughts about possible ways in which GCHQ was intercepting messages off foreign diplomats BBs?

Heh-heh... anyone who knows details is unlikely to be discussing it on a public forum... just sayin'

[Omnitech]

That's all great but any thoughts about possible ways in which GCHQ was intercepting messages off foreign diplomats BBs?

Among other things, the UK, Canada, Australia and (I believe) New Zealand are all participants in the ECHELON system for decades now.

The UK has an installation at the RAF base at Menwith Hill that is part of that system.

[anon62607]

BlackBerry stands about 800 kilometers north of NSA.

Remember BlackBerry uses the carrier network to route phone calls. The Prism, as I understand it, collects phone connections. Since that is stolen from the carriers at gun point (that is how the government gets everything), it doesn't matter what mobile phone you have.

Data traffic is different. It can be encrypted at the endpoint in such a way that even the NSA could not decode it in realtime. Although, some cryptographers believe encryption standards are not accepted by the US government until the NSA finds a back door.

(edit for prism): first of all, Prism as described in the leaked slides involve interception of the communications at the companies themselves (google, apple, microsoft, et. al.) and thus by inference is all of the data communication and moreover does not need decryption as the messages are in unencrypted form as they pass through the servers - most messaging is encrypted at the device and transmitted to the server, decrypted there, then reencrypted to the target device's key and transmitted. Unless a messaging system with end to end, "zero knowledge" encryption is used, *if the slides are to be believed*, the NSA has no need to decrypt that large mass of data because they intercept it in unencrypted form. If Blackberry were party to it, BBM over BIS and all BIS messaging would be in the same boat. Even if blackberry were not part of it, BBM over BIS is not cryptographically secure (comment below) (edit ends)

There has been a long thread on this topic already (here: http://forums.crackberry.com/blackbe...spying-818272/ )

But to rehash briefly: The AES algorithm is public and open for examination, and has been examined for years. It is slightly weaker than "uncrackable" in that an attack has been found that is slightly faster than brute force searching the entire keyspace, but it is still and impractical attack and not applicable to 14-round 256-bit AES. It is extremely unlikely that any kind of back door could have been left in the AES algorithm itself.

It's slightly more possible that specific implementations of AES have back doors in them, but still unlikely because there are several implementations of AES, some of them public, which all have to work together.

BBM over BIS is not secure. Blackberry themselves stress this (they pointedly call the data "scrambled" rather than encrypted). It uses 3DES to "scramble" the data, but with static keys common to every blackberry worldwide. The NSA should have no trouble decrypting all of that real time. Moreover the messages themselves exist in plaintext form in BIS servers (the encryption is between handset and BIS server, then again between BIS server and target handset).

Data communicated over BES is more secure, but generally messages are not end-to-end encrypted and thus do exist in plaintext at some point before delivery to the target handset.

You can send (from what I've seen posted) S/MIME messages encrypted to a password that would be secure if you communicate that password to the target in a secure way, and if there is not some other weakness such as the key derivation function being used with very few or a single iteration, which would open up an attack against the password (rather than the AES or 3DES keys) for easier brute force searching. Blackberry has had an incident in the past in which one component of their software made use of PBKDF2 with a single iteration, which is either very strange or very naive but whatever the case, very vulnerable.

[smoothrunnings]

Your talking about the NSA, Blackberry is a Canadian company, the NSA has no jurisdiction when it comes to BlackBerry. CSEC does. CSEC is so private there is nothing you find out from them, they don't even have a general mission statement or any kind of information on their purpose like the NSA does.

[Whyareallthegoodnamestaken]

Canada is part of the "five eyes" community though. It's likely that Canada does much the same as the US and UK.

Posted via CB10

[secularphobia]

I don't know, i thought that the DoD was just a BES network... which has its own encryption keys.. but who knows what blackberry had to give up to win that contract...

BlackBerry uses 128bit AES encryption, i forget the exact figures but it was something like the worlds top 10 super computers put together would take 10 million years to get through all the combinations... have to look it up yourselves.

But yes, if you think being Canadian will shield you from the NSA that is simply not true, our own intelligence center shares information freely with their US counterparts and vice versa... if the US requests it, we provide it to them...

Posted via CB10

[secularphobia]

Does BlackBerry retain the encryption codes for all of its clients? Or does BlackBerry have a system whereby the client dynamically changes its encryption codes according to a scheme determined by the client?

I'm sure the DOD for example does not store it's encryption scheme at BlackBerry headquarters in Waterloo...this would be a major security risk!

Perhaps someone should ask Thorsten point blank in BlackBerry is part of PRISM.