[liberationtech] BlackBerry and CALEA-II
Jacob Appelbaum
jacob at appelbaum.net
Mon Apr 29 12:11:14 PDT 2013
Griffin Boyce:
> Jacob Appelbaum <jacob at appelbaum.net> wrote:
>
>> When people ask how secure BBIM is - I suppose we can now cite RIM's
>> official documentation on the topic - without a BES server, it's
>> encrypted with a key that is embedded in all handsets.
>>
>
> This was critical in the London Riots case back in 2011. As most people
> on this list know, building in the ability to decrypt *some* users means
> that they can decrypt *all* users. Which is basically what happened [1].
>
> Surely someone has already extracted this Triple DES 168-bit key, right?
>
>
> Yep, though you may not even need it if you use another Blackberry device
> (and not, say, a laptop). A Blackberry device can spoof the PIN of another
> and read all of its messages. It's been a bit of a controversial topic for
> a few years now, as you might imagine.
>
> BBM is perhaps *slightly* more secure than plain email or SMS, but users
> aren't protected in case of government interest or vindictive exes.
This document outlines the entire problem very well:
http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html
What an embarrassing joke.
All the best,
Jacob
More information about the liberationtech
mailing list