07-06-11 08:10 PM
27 12
tools
  1. TheMimic's Avatar
    Over the course of the last 12 months, RIM has been dealing with India as well as a few other countries regarding giving governments lawful access to their services. Over the course of the last 12 months, I've always read that in every article that decrypting BES emails is not possible by RIM since they do not have the encryption key that is set between the bes server and the units. This morning I read the following article which makes me wonder if that is true or not.

    India to approach Canadian govt to get access to BlackBerry services

    From what I gather from the article, it seems that perhaps they are able to access the information. And before we derail on the topic, I'm well aware they can intercept the encrypted emails and how secure 3DES and AES is. The real question is, can they decrypt the information?

    The point of particular interest that I'm referring to in the article is the following

    "Inspired by a similar deal between the US and Canada where RIM is providing all intercepting facilities to the US under a government-to-government agreement, this will force RIM to provide the same facilities, including corporate email, to the Indian security agencies."

    Maybe I'm reading too much into it but from what I remember, India's GOV is able to intercept the encrypted email without RIM's assistance through the carriers so this agreement doesn't change anything unless they are giving them the tools to decrypt the information.
    06-30-11 08:47 AM
  2. lnichols's Avatar
    My understanding of the way the BES works is that it is an AES VPN tunnel established between the handset and the BES server directly. I'm not sure how the key works on the BES server (X.509 certificate, text key, etc), but I know that with a VPN session unless you have the key/certificate, you aren't getting the data. Giving any one government the backdoor for BES would allow them to look at any other Governments BES, and since it has FIPS approval, their is likely no backdoor. So I'm going to stick with the information is not attainable by RIM either, and the Indian Government is moronic to still be pushing this and not grasping the concept.
    06-30-11 09:13 AM
  3. Crucial_Xtreme's Avatar
    Yes BES can be decrypted.
    howarmat likes this.
    06-30-11 11:08 AM
  4. lnichols's Avatar
    Yes BES can be decrypted.
    Can you elaborate on how? If not I understand because it is dealing with security and possibly proprietary info, but working with VPN's every day would just like to get a better understanding of how BES fits into that IPSEC model that I'm familiar with.
    06-30-11 01:45 PM
  5. blue81to's Avatar
    So if US and Canada backdoor workaround is true than when do you think it happen? RIM wouldn't be allowed to give the requested info to India without approval from US and Canada. If they did work out a deal with India would that compromise BES encryption somehow? I mean, outside of India.

    If BES can be decrypted, than is there a way that companies can encrypt everything locally then send it through BES. Like, have a 3rd party app installed on the handset that encrypts the info with a different key from BES. So when the BES is decrypted it would still be encrypted by the app on the handset. The BES administrator would decrypt it once it get back to the office. If there is a backdoor, would it be built into the way BES apps encrypt data? Is that doable?
    06-30-11 08:42 PM
  6. WillieLee's Avatar
    Can you elaborate on how? If not I understand because it is dealing with security and possibly proprietary info, but working with VPN's every day would just like to get a better understanding of how BES fits into that IPSEC model that I'm familiar with.
    RIM does not possess the keys. This story from India was just another attempt to stir up this idea that RIM is giving access to certain governments.

    When given a warrant, RIM can monitor BIS traffic, but the information on BES servers is not accessible by RIM despite all the people that claim there's a solution. It's up to the companies to comply with the government agencies to turn over their logs. RIM would not be able to sell a secure solution if they possessed backdoor access to the information being passed by their customers.
    anon(3749235) likes this.
    07-03-11 11:33 AM
  7. lnichols's Avatar
    RIM does not possess the keys. This story from India was just another attempt to stir up this idea that RIM is giving access to certain governments.

    When given a warrant, RIM can monitor BIS traffic, but the information on BES servers is not accessible by RIM despite all the people that claim there's a solution. It's up to the companies to comply with the government agencies to turn over their logs. RIM would not be able to sell a secure solution if they possessed backdoor access to the information being passed by their customers.
    This is the way I thought it was too, but CX seems to be implying that their is a back door of some sort. i wouldn't think this is the case because the back door could be used by someone to get into US govt BES's too.
    07-03-11 03:50 PM
  8. T
    If this part about the back door is true, it will indeed be very troubling. I've always been suspicious, because the US government -- Big Brother SuperSpy -- has not made any fuss about BES decryption when it already has access to every bit of telecommunication information, be it voice or data. No, it's unbelievably quiet and unconcerned (next to vocal India) about all of our "encrypted" BES communications. And it's absolutely ludicrous to posit that in this day and age of surveillance, torture, and military tribunals the US government would just "get a warrant" and leave it up to persons and companies being investigated to comply with the warrant(s). Would pedophiles comply? Would "terrorists" comply? I was also suspicious when it was reported that Obama's BlackBerry would be fitted with a super-duper encryption. Why, if there isn't already a back door?

    Sure, you could apply additional encryption to your data before sending it over BES, but what would you use? TrueCrypt? Who says that doesn't have a back door? Who says any available encryption program isn't fitted with a back door? I'm also a bit suspicious about the media card files, too. Why is my device always so busy whenever I add or delete a pic? Why all this scanning and indexing? Are my "encrypted" files being uploaded to somewhere in some high-tech, very compressed format?

    RIM can say publicly all day long it doesn't possess the keys, but that doesn't mean a third party doesn't. If it's not the governments directly, it has to be a third party agency.

    These are serious and troubling concerns. Thanks for this topic. Let's see if it gets pushed to some obscure corner of cb or gets deleted altogether.

    Is TrueCrypt a CIA Honeypot?
    Last edited by Tnis; 07-03-11 at 05:40 PM.
    07-03-11 05:15 PM
  9. _StephenBB81's Avatar
    Yes BES can be decrypted.
    This was cryptic in itself


    CAN BES be decrypted BY RIM.
    or is BES decryption done only by the clients who own the BES Servers?
    07-03-11 06:45 PM
  10. T
    This was cryptic in itself


    CAN BES be decrypted BY RIM.
    or is BES decryption done only by the clients who own the BES Servers?
    And if BES can't be decrypted by RIM, can it be decrypted by any other persons, known or unknown, not a party to the BES communications?
    07-03-11 06:49 PM
  11. greggebhardt's Avatar
    Just becasue India can get into incrypted BES mesages in India, it does NOT give them the ability to get into any BES they wish. Just think about it.
    07-04-11 06:50 AM
  12. FunktasticLucky's Avatar
    I am... and it seems like if you give them the ability to do so what keeps them from figuring out a way to do it to others. I think that's what's going on here. They seem to think there IS a way to do it and then they would try and take that information to get into other countries BES info. I am with the others that believe there is no back door that rim can access.

    As for decrypting... I'm sure they have programs that can crack it if they wanted.
    07-04-11 07:11 AM
  13. T
    I am with the others that believe there is no back door that rim can access.

    As for decrypting... I'm sure they have programs that can crack it if they wanted.
    Even if RIM can't decrypt BES, can someone else decrypt it? To crack AES, you would need decades or a quantum computer (if one exists). It would be easy for RIM to hand a backdoor BES decryption key to a third party. RIM could then say, "We dont have the key," and it wouldn't be lying. The problem would be that someone does.

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by Tnis; 07-04-11 at 07:33 AM.
    07-04-11 07:29 AM
  14. Rootbrian's Avatar
    If anonymous could break into BES's encrytion like they have with countless other things, RIM would then need to patch that hole or any "backdoor" people claimed RIM to have, which they likely do not.

    Posted from my CrackBerry at wapforums.crackberry.com
    07-04-11 08:28 AM
  15. CanuckBB's Avatar
    The BES encryption keys are not held by RIM.

    The issue in India and other was over BIS traffice which is encrypted betwenn the handset and the NOC. RIM agreed to install NOCs in those countries.

    RIM has stated numerous times that given proper warrants, they would turn over the encrypted stream of BES communication. It's then up to the warrant holder to break the encryption.
    07-04-11 09:18 AM
  16. T
    The BES encryption keys are not held by RIM.
    Does anyone else [other than the BES user(s)] have the keys? Does anyone else [other than the BES user(s)] have the tools and/or ability to decrypt BES communications?

    Posted from my CrackBerry at wapforums.crackberry.com
    07-04-11 09:47 AM
  17. Crucial_Xtreme's Avatar
    This was cryptic in itself


    CAN BES be decrypted BY RIM.
    or is BES decryption done only by the clients who own the BES Servers?
    Like that eh?
    07-04-11 09:56 AM
  18. CanuckBB's Avatar
    Does anyone else [other than the BES user(s)] have the keys? Does anyone else [other than the BES user(s)] have the tools and/or ability to decrypt BES communications?

    Posted from my CrackBerry at wapforums.crackberry.com
    No. The keys are generated and kept on the BES server.
    07-04-11 10:30 AM
  19. _StephenBB81's Avatar
    Like that eh?
    I certainly appreciated the post, made me chuckle
    07-04-11 11:00 AM
  20. TheMimic's Avatar
    Even if RIM can't decrypt BES, can someone else decrypt it? To crack AES, you would need decades or a quantum computer (if one exists). It would be easy for RIM to hand a backdoor BES decryption key to a third party. RIM could then say, "We dont have the key," and it wouldn't be lying. The problem would be that someone does.

    Posted from my CrackBerry at wapforums.crackberry.com
    I remember when I had my bes training years ago to support RIM products, this was the same info we were given. takes something like 50 years to decrypt and by then the info is so outdated, no one cares lol
    07-04-11 01:28 PM
  21. T
    No. The keys are generated and kept on the BES server.
    Thanks. Is there any back door, some other way someone else other than a BES's users could decrypt the communications? For example, does RIM or another party have the ability to extract the keys from the BES server, kind of like a BES with an IT policy that overrides the BES? Are all the BES's out there somehow tied in to a super-BES with these capabilities or even to like a remote desktop type of thing?

    Posted from my CrackBerry at wapforums.crackberry.com
    07-05-11 05:15 PM
  22. greggebhardt's Avatar
    As for decrypting... I'm sure they have programs that can crack it if they wanted.
    Need to do some more homework, it would take a LOT of time of the world's most powerful computers to break the encryption code. This is SERIOUS encryption here. Not impossible but close as it get to being impossible. Without the encryption key, you are screwed.
    07-05-11 05:35 PM
  23. T
    Okay, here's what I'm thinking. Do BES communications go through RIM? If no, then everything else in this post below is moot. If BES communications do go through RIM, then consider the following hypothesis: the RIM noc is to BES systems as BES systems are to BlackBerries.

    Everyone agrees that a BES can exercise extreme control over the BlackBerries connected to it. Could the RIM noc be a super BES system with the capability of exercising the same type of control over the BES systems connected to it as those BES systems exert over the BlackBerries connected to them? Everyone also agrees that BES encryption keys are generated on the BES. Thus, even if my hypothesis is true, RIM could still say, without lying, that it does not possess BES encryption keys, but RIM could also use a super IT policy to extract those keys from the BES systems connected to it if ordered to by a government. To me, this is entirely conceivable. Thoughts, please ...

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by Tnis; 07-05-11 at 06:33 PM.
    07-05-11 06:21 PM
  24. sf49ers's Avatar
    Okay, here's what I'm thinking. Do BES communications go through RIM? If no, then everything else in this post below is moot. If BES communications do go through RIM, then consider the following hypothesis: the RIM noc is to BES systems as BES systems are to BlackBerries.

    Everyone agrees that a BES can exercise extreme control over the BlackBerries connected to it. Could the RIM noc be a super BES system with the capability of exercising the same type of control over the BES systems connected to it as those BES systems exert over the BlackBerries connected to them? Everyone also agrees that BES encryption keys are generated on the BES. Thus, even if my hypothesis is true, RIM could still say, without lying, that it does not possess BES encryption keys, but RIM could also use a super IT policy to extract those keys from the BES systems connected to it if ordered to by a government. To me, this is entirely conceivable. Thoughts, please ...

    Posted from my CrackBerry at wapforums.crackberry.com
    yes it goes through BES servers but everything is pass through and no decryption occurs in between as RIM doesn't have a master key or something like that.
    07-05-11 06:53 PM
  25. T
    yes it goes through BES servers but everything is pass through and no decryption occurs in between as RIM doesn't have a master key or something like that.
    Thanks. Then why does it go through RIM's servers? Seems it could bypass that and still work (unlike BIS) ...

    Posted from my CrackBerry at wapforums.crackberry.com
    07-05-11 06:57 PM
27 12
LINK TO POST COPIED TO CLIPBOARD