1. ADFXPro777's Avatar
    I understand that emails sent and received between BIS and the mail server (Yahoo, Hotmail, etc) have optional SSL features and can be encrypted. However, when emails are sent and received between BIS and the phone, security is essentially in the hands of the wireless service provider (wsp).

    Some questions I have:

    1. Are the security protocols of wireless service providers generally secure? If so, what specific methods do they implement in their network?

    2. If emails are encrypted by BIS, does this mean that emails I receive are encrypted regardless of wsp protocols, but not emails I send from my phone?

    3. If the security protocols of a wireless service provider is questionable, is there a way to secure the transmission between the phone and BIS without going through BES or similarly complicated systems?

    Thank you.
    05-09-11 11:56 PM
  2. ADFXPro777's Avatar
    Because no one posted an answer, I did a bit of research and found a few, but very helpful posts from two users (xfrosch & Hung) on Sprint's website: (Note: I cannot post the link, as I am only a junior member of crackberry.com, but you can manually go to Sprint's website and search for the subject,"Encryption of PCS Vision Images")

    "It is practically impossible to intercept traffic on a CDMA network the way you can tap a wired network or eavesdrop a TDMA channel. Unless you have a CDMA phone which has properly authenticated to the network, the CDMA RF signal is indistinguishable from thermal noise. Therefore you need not worry about third parties picking your images off the air. I am not familiar with whatever access controls Sprint uses to prevent unauthorized access to your images over conventional internet. Perhaps Hung can speak to this."

    "Xfrosch very much summed it all up from my perspective. The CDMA technology used in the enhanced Sprint Nationwide PCS Network has many layers of added security that make it difficult to intercept. A user's voice or data traffic goes through multiple stages of encoding and encryption, as well as spreading before it reaches its destination. Six levels of protection guard the privacy of information on the radio network. The complexity of the CDMA air interface and the lack of reference material make interception virtually impossible. Technologies such as GSM (Global Systems for Mobile) or TDMA (Time Division Multiple Access) assign a userís voice or data session to a particular time slot on a frequency where the userís traffic is then easier to isolate and recover."

    From reading this, Sprint uses cdma technology and utilizes heavy security measures through layers of encoding and encryption. Because Virgin Mobile USA and Boost Mobile are part of Sprint and use it's network, this should automatically translate to equal/similar security protocols. (I haven't found any specific details on how Sprint uses puts these into play, but I doubt they will be publishing that to the public...)

    In conclusion, while I will continue to do more reading on this, BIS should be secure enough for most individuals/small businesses, provided, you:

    1. Choose a wireless service provider with ample security measures to connect and secure the connection between your phone and BIS

    2. Have an email account with SSL abilities to have BIS automatically encrypt your emails.

    Feel free to add comments or inputs - thanks.
    05-10-11 10:45 PM