Media Probe Reveals BlackBerry Shared BBM Encryption Key With RCMP

By Wayne Rash  |  Posted 2016-04-16 Print this article Print
BlackBerry Encryption

Apple not only started encrypting all information on its devices by default, but it also added security capabilities such as two-factor authentication.

The original event that precipitated the BlackBerry key sharing was an organized crime murder case that stretched into Italy. The criminals used BBM for their internal communications, believing it to be secure. Because the Canadian authorities had gained access to the BlackBerry encryption key, the contents of the messages were available to be used in the trial.

The Canadian government fought the release of the court filings by the prosecutors that revealed the use of the encryption key because it didn't want that fact to become known. However, the government's attempts to keep such a secret didn't pass muster with the courts.

As was the case with the attempts by the FBI to force Apple's cooperation, the Canadian authorities used a criminal trial as justification.

But since the time of that Canadian criminal case, BlackBerry has not changed its encryption key. This would have to be accomplished through a simultaneous update of all devices globally. As a result, the RCMP can continue to read BBM messages regardless of where in the world the BBM user is located.

Despite its success at penetrating an iPhone 5C used by San Bernardino, Calif., terrorist Syed Farook, the Justice Department is attempting to force Apple to assist it in decrypting the contents of hundreds of iPhones alleged to have been used in a number of serious crimes such as drug trafficking. So far, Apple has refused, explaining that it doesn't even hold the encryption keys.

For BlackBerry, the future is unclear. Gold noted that BlackBerry sales have plummeted in recent years even among users who in the past had trusted the company's encryption. "Will this cause consumers to dump the devices?" Gold asked. "They already have."

For business users, the company's encryption may still be intact, although it pays to confirm this. For small companies that may not be using BES, then the encryption has been compromised. For larger companies using BES, it's critical to ensure that a unique encryption key is being used and if it's not, then it's time to change that. If your company has been using BES for a while, it's probably a good idea to change your key. Who knows what else might have been compromised?

BlackBerry devices have long been a favorite device for people in countries with repressive governments, who used BBM to communicate in ways that couldn't be read by their governments. Now it appears that the trust in BlackBerry encryption may have been misplaced.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel