funsec mailing list archives
How did the RCMP crack BlackBerry's security?
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 12 Jun 2014 20:05:18 -0400
http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security BlackBerry Ltd. has long held that its BlackBerry devices are among the most secure in the world, but it turns out the platform isn’t as bulletproof as many had been led to believe. On Thursday, Royal Canadian Mounted Police revealed the results of Project Clemenza, which it began in 2010. During the course of its investigation, the federal police force says, it intercepted more than a million private messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to identify suspects in a series of violent crimes that included arson, forcible confinement and drug trafficking. Personal Identification Number (PIN)-to-PIN messages are not the company’s popular BlackBerry Messenger service (BBM,) which the company still contends is ironclad when it comes to keeping messages secure. PIN-to-PIN allows BlackBerry users to send email directly to one another, keeping it from going out into the Internet where it could be spied on by prying eyes. PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption Standard (DES) encryption technology, which is among the best in the world. However, BlackBerry devices use what is known as a global cryptographic key to decode all of the messages sent to its devices. By faking, or “spoofing”, the PIN of the receiving BlackBerry device and utilizing the global cryptographic key, all messages sent to that device can be viewed by an eavesdropper. The flaw in BlackBerry’s PIN-to-PIN messaging technology has long been known by security researchers. In March 2011, the Communications Security Establishment of Canada, the federal electronic intelligence agency, released a security bulletin warning public servants to avoid the use of PIN-to-PIN messaging and even urged federal departments to disable the feature on the devices in order to ensure that it is not used. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- How did the RCMP crack BlackBerry's security? Jeffrey Walton (Jun 12)