[liberationtech] BlackBerry and CALEA-II
Jacob Appelbaum
jacob at appelbaum.net
Mon Apr 29 10:28:15 PDT 2013
Hi,
I've long heard things about BlackBerry and RIM regarding BBIM. I was
unable to substantiate until this morning when a friend pointed me at this:
http://docs.blackberry.com/en/admin/deliverables/21760/PIN_encryption_keys_for_BBM_1840226_11.jsp
The relevant part is here:
"The PIN encryption key is a Triple DES 168-bit key that a BlackBerry®
device uses to encrypt BlackBerry® Messenger messages that it sends to
other devices and to authenticate and decrypt BlackBerry Messenger
messages that it receives from other devices. If a BlackBerry device
user knows the PIN of another device, the user can send a BlackBerry
Messenger message to the device. Before a user can send a BlackBerry
Messenger message, the user must invite the recipient to add the user to
the recipient's contact list.
"By default, each device uses the same global PIN encryption key, which
Research In Motion adds to the device during the manufacturing process.
The global PIN encryption key permits every device to authenticate and
decrypt every BlackBerry Messenger message that the device receives.
Because all devices share the same global PIN encryption key, there is a
limit to how effectively BlackBerry Messenger messages are encrypted.
BlackBerry Messenger messages are not considered as confidential as
email messages that are sent from the BlackBerry® Enterprise Server,
which use BlackBerry transport layer encryption. Encryption using the
global PIN encryption key is sometimes referred to as "scrambling".
When people ask how secure BBIM is - I suppose we can now cite RIM's
official documentation on the topic - without a BES server, it's
encrypted with a key that is embedded in all handsets.
I've heard other things relating to similar intentional cryptographic
designs - stuff that also makes me question the BES solutions - though
this largely comes from the fact that I believe one can't trust people
who backdoor their *some* of their users.
Surely someone has already extracted this Triple DES 168-bit key, right?
And surely, this key is only used for BBIM, right? And surely, the rest
of the data in and out of the device isn't using other static keys,
right? :-)
I think this basically represents the kind of stuff we're going to see
if this CALEA-II like legislation comes to pass:
http://www.washingtonpost.com/world/national-security/proposal-seeks-to-fine-tech-companies-for-noncompliance-with-wiretap-orders/2013/04/28/29e7d9d8-a83c-11e2-b029-8fb7e977ef71_story.html
All the best,
Jacob
More information about the liberationtech
mailing list