Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Media Probe Reveals BlackBerry Shared BBM Encryption Key With RCMP

    By
    Wayne Rash
    -
    April 16, 2016
    Share
    Facebook
    Twitter
    Linkedin
      BlackBerry Encryption 2

      Canada’s federal police force, the Royal Canadian Mounted Police, has been decrypting BlackBerry Messenger messages since 2010, according to papers uncovered in a joint investigation conducted by Vice News and Motherboard following a two-year fight by government lawyers to keep that information from being released.

      BlackBerry has long pointed to its supposedly unbreakable encryption for BBM. Now it appears that the company only had one encryption key for most of its individual users, and that the company kept the key. The RCMP was able to begin decrypting messages after the company shared the key with the police agency.

      This may not be the only time that BlackBerry has shared its encryption key with governments. During the same period of time, the company reached agreements with governments in India, Pakistan, the United Arab Emirates and Indonesia after being threatened with expulsion from the countries involved when the national police couldn’t find a way to break BlackBerry’s encryption. In each case, the threats went away after meetings between those national governments and BlackBerry executives.

      “If all of this is true, it’s clearly a black eye,” said Jack Gold, principal analyst at J. Gold Associates. “BlackBerry has been known forever for its security.”

      Gold noted that enterprises using BlackBerry Enterprise Services may not have been affected, since those organizations have the ability to create their own encryption keys.

      “But if you’re a BBM user because you thought it was secure, then it’s not,” Gold said. “This obviously is not good.”

      It’s unclear how broadly BlackBerry encryption is compromised. BlackBerry stopped providing its private network, BlackBerry Internet Services, to most users around the same time as it apparently helped the RCMP get into the encryption. At one point, older devices used BlackBerry’s network as the pathway for email as well as for BBM messages. Whether that service used the same encryption key as BBM isn’t known.

      RCMP’s access to a BBM encryption key presents a clear parallel to demands by the U.S. Department of Justice and the FBI that tech companies, including Apple, help them break the encryption of mobile devices and email messages. The apparent difference is BlackBerry’s willingness to work with law enforcement. BlackBerry is based in Waterloo, Ontario, Canada.

      U.S. tech firms have been publicly less cooperative with requests from the FBI to help bypass encryption on mobile devices. Apple began encrypting the contents of its iPhone devices following a series of scandals in which the personal information and photos of celebrities were leaked and released on the Internet.

      Media Probe Reveals BlackBerry Shared BBM Encryption Key With RCMP

      Apple not only started encrypting all information on its devices by default, but it also added security capabilities such as two-factor authentication.

      The original event that precipitated the BlackBerry key sharing was an organized crime murder case that stretched into Italy. The criminals used BBM for their internal communications, believing it to be secure. Because the Canadian authorities had gained access to the BlackBerry encryption key, the contents of the messages were available to be used in the trial.

      The Canadian government fought the release of the court filings by the prosecutors that revealed the use of the encryption key because it didn’t want that fact to become known. However, the government’s attempts to keep such a secret didn’t pass muster with the courts.

      As was the case with the attempts by the FBI to force Apple’s cooperation, the Canadian authorities used a criminal trial as justification.

      But since the time of that Canadian criminal case, BlackBerry has not changed its encryption key. This would have to be accomplished through a simultaneous update of all devices globally. As a result, the RCMP can continue to read BBM messages regardless of where in the world the BBM user is located.

      Despite its success at penetrating an iPhone 5C used by San Bernardino, Calif., terrorist Syed Farook, the Justice Department is attempting to force Apple to assist it in decrypting the contents of hundreds of iPhones alleged to have been used in a number of serious crimes such as drug trafficking. So far, Apple has refused, explaining that it doesn’t even hold the encryption keys.

      For BlackBerry, the future is unclear. Gold noted that BlackBerry sales have plummeted in recent years even among users who in the past had trusted the company’s encryption. “Will this cause consumers to dump the devices?” Gold asked. “They already have.”

      For business users, the company’s encryption may still be intact, although it pays to confirm this. For small companies that may not be using BES, then the encryption has been compromised. For larger companies using BES, it’s critical to ensure that a unique encryption key is being used and if it’s not, then it’s time to change that. If your company has been using BES for a while, it’s probably a good idea to change your key. Who knows what else might have been compromised?

      BlackBerry devices have long been a favorite device for people in countries with repressive governments, who used BBM to communicate in ways that couldn’t be read by their governments. Now it appears that the trust in BlackBerry encryption may have been misplaced.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×