[liberationtech] BlackBerry and CALEA-II
Griffin Boyce
griffinboyce at gmail.com
Mon Apr 29 11:34:47 PDT 2013
Jacob Appelbaum <jacob at appelbaum.net> wrote:
> When people ask how secure BBIM is - I suppose we can now cite RIM's
> official documentation on the topic - without a BES server, it's
> encrypted with a key that is embedded in all handsets.
>
This was critical in the London Riots case back in 2011. As most people
on this list know, building in the ability to decrypt *some* users means
that they can decrypt *all* users. Which is basically what happened [1].
Surely someone has already extracted this Triple DES 168-bit key, right?
Yep, though you may not even need it if you use another Blackberry device
(and not, say, a laptop). A Blackberry device can spoof the PIN of another
and read all of its messages. It's been a bit of a controversial topic for
a few years now, as you might imagine.
BBM is perhaps *slightly* more secure than plain email or SMS, but users
aren't protected in case of government interest or vindictive exes.
best,
Griffin Boyce
[1]
http://www.guardian.co.uk/uk/2011/aug/15/mi5-social-messaging-riot-organisers-police
--
#Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130429/1194fbd3/attachment.html>
More information about the liberationtech
mailing list