03-01-15 06:13 AM
98 1234
tools
  1. Loc22's Avatar
    Without BIS,...BBM's travel over servers out of Blackberry's control.

    iMessage traffic travel's, encrypted, via servers owned and operated by Apple.

    Posted via the CrackBerry App for Android
    I have the impression that BBM is encrypted using 3D secure just like Visa & Mastercard transactions whenever you swipe your credit card. In that case it doesn't matter even if it travels through the Internet.

    If it is secure enough for my credit card I think it is secure enough for my communications right?

    Posted via CB10
    11-07-14 04:14 AM
  2. damien kupuku's Avatar
    not so secure, i don't trust Icloud, Imessage,IOs New malware can infect iPhones via Mac computers
    spyeagle likes this.
    11-07-14 04:26 AM
  3. cjcampbell's Avatar
    Yes, but auditing one's own product might not be considered very above board.
    They gave Snap chat the green light as they announced that its audited by an internal team so it seems that it is above board. That was a revision added after the fact.

    Posted via CB10
    11-07-14 04:27 AM
  4. Komoto's Avatar
    i have a feeling the "tests" were designed to produce a specific result. look who came out on top....
    11-07-14 04:38 AM
  5. Tre Lawrence's Avatar
    They gave Snap chat the green light as they announced that its audited by an internal team so it seems that it is above board. That was a revision added after the fact.
    Oh. I missed that.
    11-07-14 05:37 AM
  6. trsbbs's Avatar
    The level of denial and the number not living in the real world is clear.

    Very frightening as well..



    BlackBerry hates America!
    11-07-14 06:19 AM
  7. Komoto's Avatar
    The level of denial and the number not living in the real world is clear.

    Very frightening as well..



    BlackBerry hates America!
    Obviously never had anything to do with the PR and communications industry.

    Posted via CB10
    11-07-14 07:20 AM
  8. GoJaysGo's Avatar
    not so secure, i don't trust Icloud, Imessage,IOs New malware can infect iPhones via Mac computers
    Did you even read the article you posted? It's iCloud, iMessage and iOS... just pure ignorance.
    11-07-14 07:38 AM
  9. THBW's Avatar
    For a company that wants to make their money via software they sure seem unable to get the apps and software right.

    BBM no longer secure as it once was.
    FB still lights years behind.
    BES12 still not out.
    BB10 still is missing many features of the Legacy OS.
    No improvement in BlackBerry Maps.
    BBM for DROID and Windows still behind its competitors.





    BlackBerry hates America!
    Read the post above, your thoughts were completely debunked. It's a bit of an embarrassment for EEF when they failed to actually do there homework. But then again, it had the look of a corporate sponsored hit piece and of course the naive get suck in as usual. My bet is that EEF will pull the web link in a day or two.

    Posted via CB10
    CerveloJohn likes this.
    11-08-14 06:49 PM
  10. ssbtech's Avatar
    BIS (aka. BlackBerry Infrastructure) is still used, it's simply more transparent to the user and the carrier. Every BBM message traverses the internet through BlackBerry's own secure infrastructure. This is why you can't send a direct peer-to-peer BBM without internet access. Every message is encrypted using FIPS 140-2 certified crypto, generated on the device itself. The encrypted packets then flow through servers owned and operated by BlackBerry themselves.
    I haven't done a whole lot of reading on this but this is my understanding: BBM Messages are all encrypted with the same key which is like everyone using the same password for their online banking. BBM Messages are also decrypted as they pass through BB servers, then encrypted again before being sent to the recipient. This is why governments in the middle east were successful in forcing BlackBerry to comply with providing messages when asked.

    It's like uploading files to Google Drive, DropBox, OneDrive, etc... files in transit are encrypted, but the service can decrypt the stored data when requested by the government.


    Now BBM through BES is another story, and BB has no access to the private BES servers.
    11-08-14 07:35 PM
  11. spyeagle's Avatar
    Not "all" of them, no.

    But far more than are carrying BlackBerry phones are. Aren't they?

    And I'm sorry. But working a matrix of publicly-available information on some celebrities and cracking their weak-a55 icloud passwords is very definitely NOT the same thing as "hacking iCloud." YES. Apple absolutely should have had guess limiting on, and they didn't. But that's been addressed now.

    People here talk about that as if some intricate man in the middle cracking went down. And that's just not what happened.

    Posted via the CrackBerry App for Android
    That's not what happened according to Apple, and we know they are ALWAYS so upfront and honest about issues.
    11-08-14 07:47 PM
  12. spyeagle's Avatar
    I haven't done a whole lot of reading on this but this is my understanding: BBM Messages are all encrypted with the same key which is like everyone using the same password for their online banking. BBM Messages are also decrypted as they pass through BB servers, then encrypted again before being sent to the recipient. This is why governments in the middle east were successful in forcing BlackBerry to comply with providing messages when asked.

    It's like uploading files to Google Drive, DropBox, OneDrive, etc... files in transit are encrypted, but the service can decrypt the stored data when requested by the government.


    Now BBM through BES is another story, and BB has no access to the private BES servers.
    The middle east governments were never successful in that. Get your facts straight. They have access to who sent a message and to who recieved it. They DO NOT know what those messages contain.
    11-08-14 07:52 PM
  13. BACK-2-BLACK's Avatar
    Umm....

    eBBM is not the same as BBM

    Atleast from what I gathered to date.

    Maybe because eBBM has not been officially released and implemented it was not included in this test?

    I don't recall BB stating specific security features for BBM (correct me if I'm wrong) like they did with eBBM regarding end-to-end encryption, etc.

    BBM is for us common folk?
    eBBM is for enterprise with security features hence the subscription costs?
    Last edited by BACK-2-BLACK; 11-08-14 at 09:50 PM.
    11-08-14 09:40 PM
  14. sentimentGX4's Avatar
    i have a feeling the "tests" were designed to produce a specific result. look who came out on top....
    A bunch of obscure, security oriented IM clients that were not BBM?

    iMessage isn't even 5th place. It's just the highest scoring of the mainstream options.
    mornhavon likes this.
    11-08-14 09:51 PM
  15. woofster's Avatar
    I remember reading this article/review when it came out and immediately thought,"There's no way people will actually put any merit in this 'review'!" And here we are. The writers have won. It's a pure water cooler piece, written with the intention of getting the layperson to talk about the rankings as though it were based on a comprehensive and highly scientific set of test standards. Can you hear the chatter now?
    11-09-14 09:10 PM
  16. wout000's Avatar
    We at CrackBerry don't out any faith in it, but the EFF is a huge entity that a lot of people keep a close watch on. They will undoubtedly buy into this bull* and that's why I posted it here.

    We can fight the good fight but when the media reports we're not fighting, that's what the mainstream will believe.

    Posted via CB10
    11-10-14 01:15 AM
  17. schmeat's Avatar
    BlackBerry needs to be quicker with the fact book or whatever it's called, for things like this. Unless it's true, then not much can be said. When things like this are unaddressed, especially by a huge entity like EFF, then it will be taken like factual information.
    mornhavon and sentimentGX4 like this.
    11-10-14 11:18 AM
  18. gruv4u's Avatar
    I agree! Constructive criticism is one thing but damn!

    Z10 (STL 100-3) with vitamin 10.2.1.3337
    11-10-14 11:40 AM
  19. jpvj's Avatar
    The big problem is the two words BlackBerry and security.

    The media (well supports by BlackBerry carefully chosen statements) are to blame for the common misconception that everything from BlackBerry is secure.

    It's not.

    BlackBerry is a trademark (and company name).
    You have BlackBerry Enterprise Service, BlackBerry Smartphone etc.


    When used in a certain way BlackBerry products can perform very securely.

    BBM is a communication app. The chat feature is based on PIN messages which are NOT secure from a cryptographic point of view.

    Messages are encrypted (3DES as far as I remember) with a key common to all devices. This is often referred to as scrambling.

    With BES5 the admin could create a new key for the activated devices though.

    Nothing is decrypted at the BBI but if a law full request is presented BlackBerry can intercept and decrypt messages very easily.

    The transport protocol used is call "Service Routing/Relay Protocol" (SRP). It's proprietary and closed source.

    BlackBerry doesn't talk about legal discussions or disputes in public. Ever.

    Etisalat (Saudi Arabia ) tried to deploy an app that could be activated to intercept messages on the device. They failed miserably because the setup was not ready for production. RIM actually published an app that could remove the app because of the problems it caused on the devices. The app was apparently developed by SS8 and showed that SRP + 3DES with a common key was not THAT easy to handle.

    India and Pakistan was more pragmatic. They told BlackBerry to "comply with local legislation etc" or BlackBerry services would be shut down. As a result BlackBerry had to setup local infrastructure and upon request deliver plain text messages to the police / intelligence service.

    NSA and the British counterparts are most probably able to do it on their own.

    BBM protected will be a paid service with proper encryption.

    Pls accept that because the word BlackBerry is stamped on a product it doesn't make it universally secure out of the box.



    Posted via CB10
    ssbtech, mornhavon and Loc22 like this.
    11-10-14 01:22 PM
  20. Jonny-R's Avatar
    "BlackBerry sets the record straight on BBM security" - http://utbblogs.com/bbm/blackberry-s...-bbm-security/

    Some of you need to brush up on your BBM knowledge before you impart incorrect facts, judging by a quick browse of the comments.

    For example BlackBerry DO list BBM's security features very openly on their own website. IE that is end-end TLS encryption, extra DES key scrambling (on top of TSL encryption) for BlackBerry devices and man in the middle attacks being (probably?) impossible due to certificate pinning (which iMessage and WhatsApp for instance don't employ).

    Posted via CB10
    11-11-14 06:25 PM
  21. THBW's Avatar
    "BlackBerry sets the record straight on BBM security" - http://utbblogs.com/bbm/blackberry-s...-bbm-security/

    Some of you need to brush up on your BBM knowledge before you impart incorrect facts, judging by a quick browse of the comments.

    For example BlackBerry DO list BBM's security features very openly on their own website. IE that is end-end TLS encryption, extra DES key scrambling (on top of TSL encryption) for BlackBerry devices and man in the middle attacks being (probably?) impossible due to certificate pinning (which iMessage and WhatsApp for instance don't employ).

    Posted via CB10
    Thank you for stating the obvious again to all those closet BBM haters. Hasn't this sloppy bit of journalism died yet. Who wants to bet the article was a sponsored corporate hit piece. Come on EEF. For a foundation that blathers on about accountability, you are certainly opaque on the authors, their affiliations and who paid for the research and article. Whoops, I guess the dog ate your homework again.

    Posted via CB10
    11-11-14 08:59 PM
  22. mornhavon's Avatar
    So at any point can BlackBerry decrypt messages as they pass through BlackBerry's networks?
    Judging by their ability to hand over the contents of BBM messages to law enforcement, I'd say yes.
    Example: http://www.ctvnews.ca/mobile/sci-tec...pted-1.1866154

    The EFF's criteria for this study was made clear, they've also shown their willingness to correct the score card if new information is brought to their attention. From what I can tell, their marks for BBM are correct. If you can prove that the score card for BBM is wrong, contact the EFF with your proof and get it fixed. Otherwise, be thankful for a non-profit watchdog that's trying to hold tech companies to a higher standard. Maybe BBM should put a few of these items on their "to do" list.
    11-11-14 09:13 PM
  23. mornhavon's Avatar
    For a foundation that blathers on about accountability, you are certainly opaque on the authors, their affiliations and who paid for the research and article.
    The EFF isn't a fly-by-night "research" firm, they don't take donations in exchange for biased research. They're very forthcoming about where their money comes from, and almost none of it is from corporations (aside from the Humble Bundle, if you call that a corporation).
    Source: https://www.eff.org/about/annual-reports-and-financials
    If you have a problem with their findings, disprove them. It's a checklist, not a touchy-feely essay.
    11-11-14 09:26 PM
  24. Bluenoser63's Avatar
    The EFF isn't a fly-by-night "research" firm, they don't take donations in exchange for biased research. They're very forthcoming about where their money comes from, and almost none of it is from corporations (aside from the Humble Bundle, if you call that a corporation).
    Source: https://www.eff.org/about/annual-reports-and-financials
    If you have a problem with their findings, disprove them. It's a checklist, not a touchy-feely essay.
    What foundations make up the over 2 million? Foundations are fronts for corporations. And I have a problem with EFF protecting child porn, criminals and terrorists.

    And how about the 2 million from Google and Facebook?

    Google and Facebook?s new tactic in the tech*wars - Fortune

    http://www.pcmag.com/article2/0,2817,2409070,00.asp
    11-11-14 10:07 PM
  25. mornhavon's Avatar
    What foundations make up the over 2 million? Foundations are fronts for corporations. And I have a problem with EFF protecting child porn, criminals and terrorists.
    And how about the 2 million from Google and Facebook?
    I'm not sure how seriously I should be taking you. If you think that the primary purposes of online freedom and privacy is for child porn, criminals and terrorists... I'm sorry.

    What nonprofits make more than $2 million? Most of the ones that anyone has heard of.

    As stated in the article you linked to, the Facebook/Google money was for the settlement of a class-action lawsuit for alleged privacy violations. A portion of the settlement went to the EFF, a privacy advocate that is on the side of Net Neutrality, as is Google. None of this changes the score cards or reveals why you think the study is wrong, so remind me again what you're taking issue with?
    sentimentGX4 and schmeat like this.
    11-11-14 10:33 PM
98 1234

Similar Threads

  1. no icon to make call over bbm
    By bilinguin in forum General BBM Chat
    Replies: 15
    Last Post: 12-16-14, 02:33 PM
  2. PlayBook NOT dead... Bridge has just been updated!
    By Prem WatsApp in forum General BlackBerry Discussion
    Replies: 67
    Last Post: 11-07-14, 10:01 AM
  3. BBM Stickers overpriced?
    By talberry in forum General BBM Chat
    Replies: 7
    Last Post: 11-06-14, 06:52 AM
  4. BBM voice and video not working
    By marvini in forum BlackBerry Passport
    Replies: 5
    Last Post: 11-05-14, 06:41 AM
  5. Strange bbm call behaviour
    By greatgretschsound in forum BB10 Leaked/Beta OS
    Replies: 9
    Last Post: 11-04-14, 10:50 PM
LINK TO POST COPIED TO CLIPBOARD