[liberationtech] BlackBerry and CALEA-II
Andreas Bader
andreas.bader at nachtpult.de
Mon Apr 29 12:19:16 PDT 2013
Griffin Boyce:
> Jacob Appelbaum <jacob at appelbaum.net> wrote:
>
>> When people ask how secure BBIM is - I suppose we can now cite RIM's
>> official documentation on the topic - without a BES server, it's
>> encrypted with a key that is embedded in all handsets.
>>
>
> This was critical in the London Riots case back in 2011. As most people
> on this list know, building in the ability to decrypt *some* users means
> that they can decrypt *all* users. Which is basically what happened [1].
>
> Surely someone has already extracted this Triple DES 168-bit key, right?
>
>
> Yep, though you may not even need it if you use another Blackberry device
> (and not, say, a laptop). A Blackberry device can spoof the PIN of another
> and read all of its messages. It's been a bit of a controversial topic for
> a few years now, as you might imagine.
>
> BBM is perhaps *slightly* more secure than plain email or SMS, but users
> aren't protected in case of government interest or vindictive exes.
>
> best,
> Griffin Boyce
>
> [1]
> http://www.guardian.co.uk/uk/2011/aug/15/mi5-social-messaging-riot-organisers-police
>
Blackberry secures the connection if other firms want to get your data.
If the government wants it then you should better use open source
encrypted Hardware.
I have been a BB user for years, but there are some mail accounts that
are only used on my Laptop, not on the BB.
Andreas
More information about the liberationtech
mailing list