Information Security News mailing list archives
How did the RCMP crack BlackBerry's security?
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 13 Jun 2014 06:31:16 +0000 (UTC)
http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security By Vito Pilieci ottawacitizen.com June 12, 2014BlackBerry Ltd. has long held that its BlackBerry devices are among the most secure in the world, but it turns out the platform isn’t as bulletproof as many had been led to believe.
On Thursday, Royal Canadian Mounted Police revealed the results of Project Clemenza, which it began in 2010. During the course of its investigation, the federal police force says, it intercepted more than a million private messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to identify suspects in a series of violent crimes that included arson, forcible confinement and drug trafficking.
Personal Identification Number (PIN)-to-PIN messages are not the company’s popular BlackBerry Messenger service (BBM,) which the company still contends is ironclad when it comes to keeping messages secure. PIN-to-PIN allows BlackBerry users to send email directly to one another, keeping it from going out into the Internet where it could be spied on by prying eyes.
PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption Standard (DES) encryption technology, which is among the best in the world. However, BlackBerry devices use what is known as a global cryptographic key to decode all of the messages sent to its devices. By faking, or “spoofing”, the PIN of the receiving BlackBerry device and utilizing the global cryptographic key, all messages sent to that device can be viewed by an eavesdropper.
[...]
-- Subscribe to InfoSec News http://www.infosecnews.org/subscribe-to-infosec-news/
Current thread:
- How did the RCMP crack BlackBerry's security? InfoSec News (Jun 12)
- <Possible follow-ups>
- Re: How did the RCMP crack BlackBerry's security? InfoSec News (Jun 17)