How Canadian Police Intercept and Read Encrypted BlackBerry Messages

by Volker Weber

Imagine for a moment that everybody’s front door has the same key. Now imagine that the police have a copy of that key, and can saunter into your living room to poke around your belongings while you’re out, and without your knowledge.

By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada’s federal police force, intercepted and decrypted “over one million” BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

This is actually no big news to anybody who knows how BBM works. But it is going to bite BlackBerry, because they like to pride themselves as the master in security. The truth is that BBM is not more secure than SMS, because all messages are encrypted with the same key. And access to that key is what countries wanted from BlackBerry, when they demanded lawful inspection. They could read SMS just fine, but not BBM. Since you can easily run a man-in-the-middle attack once you have the key, it is exactly as insecure as SMS.

BlackBerry also has a product called BBM Protected which puts end-to-end encryption on top of BBM. But that's not free. It really does not matter much anymore since everybody and their grandma now uses WhatsApp which has end-to-end encryption to begin with. The only thing that is going to happen is that this case will damage BlackBerrys image. And it's their own fault since they always lumped insecure technology together with secure one under the same brand, pretending it was all secure.

More >

Comments

You nailed it.

Richard Kaufmann, 2016-04-15 14:31

Danke. Laut unseren Foren-Trollen sind wir von WhatsApp gekauft. :-)

Volker Weber, 2016-04-15 14:34

Exactly right.
Well, no one can claim that RIM/Blackberry was murdered.
It was pure, lengthy, suicide by thousands of small and large stabs.

Craig Wiseman, 2016-04-15 15:54

Recent comments

Hubertus Amann on Amazon Rekognition :: Technik und gesellschaftliche Diskussion at 20:58
Tobias Hauser on Pi-hole on Raspberry Pi at 20:46
Hubert Stettner on Amazon Rekognition :: Technik und gesellschaftliche Diskussion at 18:50
Jochen Kattoll on Exit from init at 17:48
Stephan Perthes on Exit from init at 14:45
Jörg Hermann on Exit from init at 14:03
Manfred Wiktorin on Exit from init at 13:08
Armin Auth on Exit from init at 11:46
Patrick Bohr on Exit from init at 11:43
Markus Dierker on Exit from init at 11:19
Markus Dierker on Exit from init at 11:18
Karl Heindel on Exit from init at 10:48
Markus Dierker on Exit from init at 10:30
Jean Pierre Wenzel on Pi-hole on Raspberry Pi at 23:02
Andy Mell on Fix that brand at 21:23
Reinhard Fellner on Coming up :: Nokia 7 Plus at 16:07
Peter Siering on Pi-hole on Raspberry Pi at 12:13
Ralph Hammann on Napuleone :: Da gehe ich in Bessungen gerne hin at 08:40
Julian Ardeleanu on Fix that brand at 23:42
Thomas Meyer on Farewell Sonos. Tempus fugit - amor manet. at 23:33
Volker Weber on Fix that brand at 21:23
Ian Bradbury on Fix that brand at 21:20
Jens Japes on Napuleone :: Da gehe ich in Bessungen gerne hin at 20:58
Volker Weber on Farewell Sonos. Tempus fugit - amor manet. at 19:23
Thomas Meyer on Farewell Sonos. Tempus fugit - amor manet. at 16:59

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter amazon

Local time is 00:16

visitors.gif

buy me coffee