1. davepett's Avatar
    Article on The Register:

    "The mobile tapping system, dubbed AURORAGOLD, successfully cracked 701 of an estimated 985 cellular networks worldwide, according to the leaked NSA presentation released by The Intercept."

    http://http://www.theregister.co.uk/...bile_networks/

    ".....the agency appears to have cracked more advanced forms of encryption used on the networks sometimes even before it was rolled out for commercial use."

    Enjoy
    12-05-14 11:27 AM
  2. MobileMadness002's Avatar
    12-05-14 02:01 PM
  3. notafanofyou's Avatar
    There is a reason why the masses are not allowed to use BlackBerry. All one has to do is open ones eyes and add 2+2.

    Posted via CB10
    12-06-14 12:18 AM
  4. schmeat's Avatar
    There is a reason why the masses are not allowed to use BlackBerry. All one has to do is open ones eyes and add 2+2.

    Posted via CB10
    Having a BlackBerry wouldn't make you immune to this type of snooping (for consumers at least)

    Posted via CB10
    12-06-14 08:51 AM
  5. Poncherelly's Avatar
    Someone needs to release a free end to end encryption similar to what black phone attempted to release but for BlackBerry users who care about privacy.

    I read a whole back that MEGA was going to do just that, but that noise fizzled out for some reason.

    Posted via CB10
    12-06-14 09:01 AM
  6. mornhavon's Avatar
    Someone needs to release a free end to end encryption similar to what black phone attempted to release but for BlackBerry users who care about privacy.
    TextSecure would fit the bill (on Android & soon for iOS), hopefully there will be a BB10 native app eventually.
    12-06-14 11:26 AM
  7. Nick_LM's Avatar
    TextSecure would fit the bill (on Android & soon for iOS), hopefully there will be a BB10 native app eventually.
    ??? Just BBM. No?
    12-06-14 02:01 PM
  8. Cozz4ever's Avatar
    TextSecure would fit the bill (on Android & soon for iOS), hopefully there will be a BB10 native app eventually.
    That app like all ios and android apps can be hacked and modified.

    All I want for Christmas is a Passport
    deezy87 likes this.
    12-06-14 09:21 PM
  9. mornhavon's Avatar
    ??? Just BBM. No?
    BBM has "good enough" encryption for most, your BBM messages aren't going to be decrypted by some kid at a local Starbucks, but standard BBM isn't up to the task of hiding anything from the NSA, or any other large, motivated government. There are enough threads around here arguing about that, I won't turn this into another one of those ;-)
    12-06-14 11:58 PM
  10. mornhavon's Avatar
    That app like all ios and android apps can be hacked and modified.
    I wasn't aware that BB10 apps were incapable of being modified.

    It all comes down to trusting the source of the file (publisher as well as host, if they differ, unless the publisher provides an independently stored hash for verification). Applications can be hacked and modified for any platform, and certainly for any popular platform.

    If you download TextSecure or RedPhone, both published by Open Whisper Systems, from the Google Play Store (or the iOS app store soon), you're getting the proper app.
    12-07-14 12:10 AM
  11. Prem WatsApp's Avatar
    I wasn't aware that BB10 apps were incapable of being modified.

    It all comes down to trusting the source of the file (publisher as well as host, if they differ, unless the publisher provides an independently stored hash for verification). Applications can be hacked and modified for any platform, and certainly for any popular platform.

    If you download TextSecure or RedPhone, both published by Open Whisper Systems, from the Google Play Store (or the iOS app store soon), you're getting the proper app.
    md5sum or sha1 checksum...
    Unless they can spoof these hashes already...

    md5sum is known to be weak. :-(

    ? ? ? Zzzzwipetyped from The Maskport - Zzzzmoqin'.... ? ? ?
    Smitty13 likes this.
    12-07-14 01:59 AM
  12. katiepea's Avatar
    Local police can do this to any phone, including a BlackBerry. So people still think BlackBerry is nsa proof? Not even a little bit.
    12-07-14 05:17 AM
  13. cbvinh's Avatar
    What about Truphone with its encryption?

    Truphone upgrades free app with cost prediction, encrypted calling and reactive sound quality

    Both parties need to have the app installed, but it's free to have and available on Android, iOS... *and* BlackBerry 10.
    12-07-14 05:32 AM
  14. Cozz4ever's Avatar
    I wasn't aware that BB10 apps were incapable of being modified.

    It all comes down to trusting the source of the file (publisher as well as host, if they differ, unless the publisher provides an independently stored hash for verification). Applications can be hacked and modified for any platform, and certainly for any popular platform.

    If you download TextSecure or RedPhone, both published by Open Whisper Systems, from the Google Play Store (or the iOS app store soon), you're getting the proper app.
    Wrong. BB10 apps can not be modified

    BB10 uses sha keys as a signature. Its their patent. Meaning once an app is built, it produces a key that matches the app code. The phone uses the key to see if the app was modified. Changing just one bite of the app causes failure

    All I want for Christmas is a Passport
    12-07-14 07:03 AM
  15. mornhavon's Avatar
    Wrong. BB10 apps can not be modified
    BB10 uses sha keys as a signature. Its their patent. Meaning once an app is built, it produces a key that matches the app code. The phone uses the key to see if the app was modified. Changing just one bite of the app causes failure
    Thanks, I appreciate being called out when I'm mistaken. The last time I dealt with BB10 app signing was for APK to BAR conversion, at that time signing the converted app was ridiculously easy. It looks like modifying an actual signed BAR file would be difficult now though.

    However, my primary point remains that there's no need to mistrust an app like TextSecure or RedPhone if you get it from a trusted source (the original publisher on the official app store that it was published to).
    12-07-14 07:59 AM
  16. byex's Avatar
    Signal for iPhone and redphone for android but nothing for BlackBerry.


    Posted via CB10
    12-07-14 09:03 AM
  17. stealthbob's Avatar
    What about the eBBM strength, would that be on the level of being spy proof?
    12-07-14 09:10 AM
  18. mornhavon's Avatar
    What about the eBBM strength, would that be on the level of being spy proof?
    From what I've read, I expect that BBM Protected is quite secure against any threat that involves intercepting traffic, no less secure than anything else mentioned in this thread anyway.
    12-07-14 09:28 AM
  19. AnimalPak200's Avatar
    From what I've read, I expect that BBM Protected is quite secure against any threat that involves intercepting traffic, no less secure than anything else mentioned in this thread anyway.
    Isn't the main advantage of BBM Protected that it uses a per-message encryption key? Even if one message is compromised, they have to start from scratch to decrypt the next one.

    "Each device that uses BBM Protected has two long-lived public and private key pairs that are static for the device and the user: an encryption key pair and a signing key pair. When a BBM Protected user starts a BBM chat with another BBM Protected user, BBM creates a pairwise key between the users that is used as a session key. The session key is used to encrypt all messages in a BBM chat. The pairwise key is derived from the BBM chat initiator?s private encryption key and the recipient?s public encryption key, using One-Pass ECDH.

    *** Each session key is combined with unencrypted, but signed, keying material in the message to produce a message encryption key. The message encryption key is derived from the keying material and the session key, using the KDF. Each BBM Protected message is signed using ECDSA with the signing key pair***

    "
    From: http://docs.blackberry.com/en/admin/...ty_Note_en.pdf

    Article: Snowden files show NSA's AURORAGOLD pwned 70% of world's mobile networks-img_20141207_104248.png

    Posted via CB10
    12-07-14 09:45 AM
  20. rbtg's Avatar
    if us gov would not be able to access a cell it would not be sold anywhere in the world
    12-07-14 09:51 AM
  21. mornhavon's Avatar
    Isn't the main advantage of BBM Protected that it uses a per-message encryption key? Even if one message is compromised, they have to start from scratch to decrypt the next one.
    Spot on, it's commonly referred to as "forward secrecy". BBM Protected has a great implementation of it from what I've been able to find. As mentioned earlier, I consider BBM Protected to be among the best of them.

    It's just too bad that the average consumer can't get access to BBM Protected, so other solutions get more attention.
    Last edited by mornhavon; 12-07-14 at 04:04 PM.
    Smitty13 likes this.
    12-07-14 03:51 PM
  22. Smitty13's Avatar
    md5sum or sha1 checksum...
    Unless they can spoof these hashes already...

    md5sum is known to be weak. :-(

    ? ? ? Zzzzwipetyped from The Maskport - Zzzzmoqin'.... ? ? ?
    I am glad someone brought this up. If people are worried about some form of a MITM attack, or perhaps even Google modifying the .apk files from these developers, checking the file checksum values is a good place to start.

    I would also stay away from md5sum hashes as those have been known to be very weak. I would even suggest a SHA256 hash over a SHA1.

    Edit: For anyone looking for a dead simple way to check file checksum values, be sure to download the MD5 & SHA Checksum Utility. It is as simple as dragging and dropping a file into the program's Window. It can even verify hash values as well so there is no need for manual inspection.
    Last edited by Smitty13; 12-08-14 at 01:44 AM. Reason: Added a link
    12-08-14 01:42 AM
  23. anon62607's Avatar
    from an American point of view at least, this doesn't change the security discussion at all. We should already assume that the carrier is not secure and they don't have much need to decrypt data on intercepted out of the air when it can be collected directly from the network carrier.

    the first line of developing security is presume that your transport is compromised. Another reason not to trust baseline BBM
    mornhavon likes this.
    12-08-14 01:50 AM
  24. anon62607's Avatar
    What about the eBBM strength, would that be on the level of being spy proof?
    BlackBerry Messenger Protected, if it has been implemented as designed and used properly, is about as spy proof as we're likely to get. Keep in mind that "used properly" means verifying key fingerprints out of band, which is something that I think a lot of people tend to skip. I kind of doubt that someone would attempt an MITM when there is a high probability that there will be an out of band fingerprint verification though, as it would tip off the subject that they are being attacked by a sophisticated adversary.

    "As spy proof as we're likely to get" is an important caveat though, but in the context that the cellular data network can be listened in on - yes, data communicated via BlackBerry Messenger protected should be considered to be at the same level of security that it was before we found out about Auroragold.

    What people should be watching out for is some indication that the NSA has broadly weakened random number generators across many platforms as this is probably the most obvious place to attack - that way the NSA can guarantee American communications are secure through a strong cipher (AES) yet weaken the use of that cipher for others by increasing the probability of use of a weak random number generator.
    12-08-14 09:47 AM

Similar Threads

  1. UK bb10 devices owners and Barclays Mobile banking
    By adigawi in forum BB10 Leaked/Beta OS
    Replies: 154
    Last Post: 11-23-16, 01:24 PM
  2. Microsoft Office Mobile: does it work on your Passport?
    By FeitaInc in forum BlackBerry Passport
    Replies: 16
    Last Post: 04-21-15, 08:24 AM
  3. Anyone else tired of "NEW STICKERS!?!"
    By RandomSkratch in forum BlackBerry 10 OS
    Replies: 53
    Last Post: 12-08-14, 11:10 AM
  4. Mobile Hotspot on Bell?
    By BB_Phoenix in forum BlackBerry Z30
    Replies: 4
    Last Post: 12-06-14, 10:17 AM
  5. Show do I get the camera on the Q5 to start again?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 12-05-14, 10:10 AM
LINK TO POST COPIED TO CLIPBOARD