Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

How did the RCMP crack BlackBerry's security?

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 13 Jun 2014 06:31:16 +0000 (UTC)
http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security

By Vito Pilieci
ottawacitizen.com
June 12, 2014
BlackBerry Ltd. has long held that its BlackBerry devices are among the most secure in the world, but it turns out the platform isn’t as bulletproof as many had been led to believe.
On Thursday, Royal Canadian Mounted Police revealed the results of Project Clemenza, which it began in 2010. During the course of its investigation, the federal police force says, it intercepted more than a million private messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to identify suspects in a series of violent crimes that included arson, forcible confinement and drug trafficking.
Personal Identification Number (PIN)-to-PIN messages are not the company’s popular BlackBerry Messenger service (BBM,) which the company still contends is ironclad when it comes to keeping messages secure. PIN-to-PIN allows BlackBerry users to send email directly to one another, keeping it from going out into the Internet where it could be spied on by prying eyes.
PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption Standard (DES) encryption technology, which is among the best in the world. However, BlackBerry devices use what is known as a global cryptographic key to decode all of the messages sent to its devices. By faking, or “spoofing”, the PIN of the receiving BlackBerry device and utilizing the global cryptographic key, all messages sent to that device can be viewed by an eavesdropper. 

[...]


--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: