How Canadian Police Intercept and Read Encrypted BlackBerry Messages

by Volker Weber

Imagine for a moment that everybody’s front door has the same key. Now imagine that the police have a copy of that key, and can saunter into your living room to poke around your belongings while you’re out, and without your knowledge.

By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada’s federal police force, intercepted and decrypted “over one million” BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

This is actually no big news to anybody who knows how BBM works. But it is going to bite BlackBerry, because they like to pride themselves as the master in security. The truth is that BBM is not more secure than SMS, because all messages are encrypted with the same key. And access to that key is what countries wanted from BlackBerry, when they demanded lawful inspection. They could read SMS just fine, but not BBM. Since you can easily run a man-in-the-middle attack once you have the key, it is exactly as insecure as SMS.

BlackBerry also has a product called BBM Protected which puts end-to-end encryption on top of BBM. But that's not free. It really does not matter much anymore since everybody and their grandma now uses WhatsApp which has end-to-end encryption to begin with. The only thing that is going to happen is that this case will damage BlackBerrys image. And it's their own fault since they always lumped insecure technology together with secure one under the same brand, pretending it was all secure.

More >

Comments

You nailed it.

Richard Kaufmann, 2016-04-15

Danke. Laut unseren Foren-Trollen sind wir von WhatsApp gekauft. :-)

Volker Weber, 2016-04-15

Exactly right.
Well, no one can claim that RIM/Blackberry was murdered.
It was pure, lengthy, suicide by thousands of small and large stabs.

Craig Wiseman, 2016-04-15

Recent comments

Volker Weber on Ed Bott :: How to master Microsoft's free cloud storage at 12:49
Peter Meuser on Ed Bott :: How to master Microsoft's free cloud storage at 12:42
Sulayman Marena on A hot Apple autumn at 08:50
Samuel Orsenne on Ed Bott :: How to master Microsoft's free cloud storage at 15:08
Volker Weber on Ed Bott :: How to master Microsoft's free cloud storage at 12:08
Axel Koerv on Ed Bott :: How to master Microsoft's free cloud storage at 11:59
Volker Weber on Puzzling Surface Health Report at 10:59
Markus Dierker on Puzzling Surface Health Report at 09:51
Frank van Rijt on Ed Bott :: How to master Microsoft's free cloud storage at 08:29
Stephan H. Wissel on Puzzling Surface Health Report at 02:57
Volker Weber on A hot Apple autumn at 19:45
John Head on A hot Apple autumn at 19:21
Johannes Matzke on A hot Apple autumn at 16:28
Uwe Brahm on Microsoft Office 365 :: Dilettantischer Service at 15:41
Volker Weber on Microsoft Office 365 :: Dilettantischer Service at 15:25
Torben Volkmann on Microsoft Office 365 :: Dilettantischer Service at 15:13
Jens Nullmeyer on A hot Apple autumn at 15:09
Ingo Harpel on Microsoft Office 365 :: Dilettantischer Service at 14:46
Ragnar Schierholz on Microsoft Office 365 :: Dilettantischer Service at 13:50
Hubert Stettner on Microsoft Office 365 :: Dilettantischer Service at 10:02
Stefan Dorscht on Microsoft Office 365 :: Dilettantischer Service at 09:56
Heiko Voigt on Microsoft Office 365 :: Dilettantischer Service at 09:55
Moritz Dahlmann on Microsoft Office 365 :: Dilettantischer Service at 08:57
Volker Weber on Microsoft Office 365 :: Dilettantischer Service at 08:23
Jan Tietze on Microsoft Office 365 :: Dilettantischer Service at 00:32

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 08:37

visitors.gif

buy me coffee