How Canadian Police Intercept and Read Encrypted BlackBerry Messages

by Volker Weber

Imagine for a moment that everybody’s front door has the same key. Now imagine that the police have a copy of that key, and can saunter into your living room to poke around your belongings while you’re out, and without your knowledge.

By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada’s federal police force, intercepted and decrypted “over one million” BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

This is actually no big news to anybody who knows how BBM works. But it is going to bite BlackBerry, because they like to pride themselves as the master in security. The truth is that BBM is not more secure than SMS, because all messages are encrypted with the same key. And access to that key is what countries wanted from BlackBerry, when they demanded lawful inspection. They could read SMS just fine, but not BBM. Since you can easily run a man-in-the-middle attack once you have the key, it is exactly as insecure as SMS.

BlackBerry also has a product called BBM Protected which puts end-to-end encryption on top of BBM. But that's not free. It really does not matter much anymore since everybody and their grandma now uses WhatsApp which has end-to-end encryption to begin with. The only thing that is going to happen is that this case will damage BlackBerrys image. And it's their own fault since they always lumped insecure technology together with secure one under the same brand, pretending it was all secure.

More >

Comments

You nailed it.

Richard Kaufmann, 2016-04-15 14:31

Danke. Laut unseren Foren-Trollen sind wir von WhatsApp gekauft. :-)

Volker Weber, 2016-04-15 14:34

Exactly right.
Well, no one can claim that RIM/Blackberry was murdered.
It was pure, lengthy, suicide by thousands of small and large stabs.

Craig Wiseman, 2016-04-15 15:54

Recent comments

Roland Dressler on Microsoft Tech Summit: Ab in die Wolke at 10:22
Volker Weber on One Thousand Move Goals at 09:58
Peter Meuser on Microsoft Tech Summit: Ab in die Wolke at 09:41
Volker Weber on BackBerry Motion :: Mein anderes Telefon at 00:36
Daniel Kirstenpfad on One Thousand Move Goals at 19:47
Jochen Kattoll on BackBerry Motion :: Mein anderes Telefon at 18:48
Fotios Nisiropoulos on One Thousand Move Goals at 18:22
Detlev Poettgen on One Thousand Move Goals at 18:09
Florian Vogler on Microsoft Tech Summit: Ab in die Wolke at 16:27
Leo Wiggins III on One Thousand Move Goals at 14:55
Nick Coenen on Ferrari Evolution at 13:16
Andreas Fischer on Your favorite messenger at 08:58
Peter Meuser on Microsoft Tech Summit: Ab in die Wolke at 08:41
Volker Weber on Microsoft Tech Summit: Ab in die Wolke at 21:37
Florian Vogler on Microsoft Tech Summit: Ab in die Wolke at 20:35
Alan Lepofsky on Attending IBM think 2018 at 14:08
Andy Mell on Android Enterprise Recommended at 12:28
Martin Kautz on Om Malik :: The #1 reason Facebook won’t ever change at 11:27
Viktor Dexheimer on Ferrari Evolution at 05:18
Richard Moy on Om Malik :: The #1 reason Facebook won’t ever change at 22:06
Kristian Raue on Concept Zero :: Echo Dot auf Steckdose montieren at 22:01
Armin Grewe on Android Enterprise Recommended at 21:02
Jean-Marc Autexier on Android Enterprise Recommended at 20:49
Volker Weber on Quo vadis IBM Connections? at 20:41
Samuel Orsenne on Ferrari Evolution at 12:38

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter

Local time is 10:43

visitors.gif