How Canadian Police Intercept and Read Encrypted BlackBerry Messages

by Volker Weber

Imagine for a moment that everybody’s front door has the same key. Now imagine that the police have a copy of that key, and can saunter into your living room to poke around your belongings while you’re out, and without your knowledge.

By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada’s federal police force, intercepted and decrypted “over one million” BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

This is actually no big news to anybody who knows how BBM works. But it is going to bite BlackBerry, because they like to pride themselves as the master in security. The truth is that BBM is not more secure than SMS, because all messages are encrypted with the same key. And access to that key is what countries wanted from BlackBerry, when they demanded lawful inspection. They could read SMS just fine, but not BBM. Since you can easily run a man-in-the-middle attack once you have the key, it is exactly as insecure as SMS.

BlackBerry also has a product called BBM Protected which puts end-to-end encryption on top of BBM. But that's not free. It really does not matter much anymore since everybody and their grandma now uses WhatsApp which has end-to-end encryption to begin with. The only thing that is going to happen is that this case will damage BlackBerrys image. And it's their own fault since they always lumped insecure technology together with secure one under the same brand, pretending it was all secure.

More >

Comments

You nailed it.

Richard Kaufmann, 2016-04-15

Danke. Laut unseren Foren-Trollen sind wir von WhatsApp gekauft. :-)

Volker Weber, 2016-04-15

Exactly right.
Well, no one can claim that RIM/Blackberry was murdered.
It was pure, lengthy, suicide by thousands of small and large stabs.

Craig Wiseman, 2016-04-15

Recent comments

Ralf ter Veer on Nespresso-Maschine für 50 € at 12:03
Volker Weber on Nespresso-Maschine für 50 € at 11:38
Bernd Hofmann on Nespresso-Maschine für 50 € at 11:27
Volker Weber on Traveling with the iPad Pro and Beats Studio 3 at 11:06
Jochen Schug on Microsoft Office 365 verlängern at 10:55
Stephan Perthes on Nespresso-Maschine für 50 € at 10:53
Volker Weber on Nespresso-Maschine für 50 € at 10:51
Harald Gaerttner on MyScript Nebo :: Also for Galaxy Note at 10:37
Federico Hernandez on Traveling with the iPad Pro and Beats Studio 3 at 10:34
Felix Kluge on Nespresso-Maschine für 50 € at 10:23
Harald Gaerttner on Erzähl mir nicht, das geht nicht at 09:56
Tobias Vogel on Nespresso-Maschine für 50 € at 09:53
Martin Imbeck on Nespresso-Maschine für 50 € at 09:53
Karl Heindel on Nespresso-Maschine für 50 € at 09:49
Michael Jäckel on Traveling with the iPad Pro and Beats Studio 3 at 09:48
Axel Koerv on Samsung Mobile Business Summit in Madrid at 09:33
Axel Koerv on Nespresso-Maschine für 50 € at 09:23
Johannes Neubrecht on Nespresso-Maschine für 50 € at 09:13
Frank Quednau on Traveling with the iPad Pro and Beats Studio 3 at 08:44
Volker Weber on Nespresso-Maschine für 50 € at 08:29
Andreas Weinreich on Nespresso-Maschine für 50 € at 07:55
Daniel Kirstenpfad on Nespresso-Maschine für 50 € at 07:45
Johannes Neubrecht on Erzähl mir nicht, das geht nicht at 07:38
Johannes Neubrecht on Nespresso-Maschine für 50 € at 07:35
Volker Weber on Erzähl mir nicht, das geht nicht at 23:11

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 12:17

visitors.gif

buy me coffee