Blackbeery no longer secure

Thu Aug 19 13:03:48 MST 2010

Since RIMs network is a proprietary network, they do have full control over the end to end communication stream for email data that is transmitted on it.  Emails are stored on the RIM servers in their NOC(s) for delivery to Blackberry devices when the devices are out of reach (example: user is on an airplane).  Keep in mind that voice calls are transmitted over the mobile carrier's network so those can still be eavesdropped upon.

As for security / encryption of email access with other smartphones (iPhones, Android, Windows Mobile, etc.), it is dependent upon the email service that you connect to.  I know Exchange well, so I can talk to that.  The Exchange Admin has the ability to configure the policy to only require secure (SSL) communication with mobile devices and therefore block devices that don't support secure mechanisms.

Harold Wong
IT Pro Evangelist | US Developer & Platform Evangelism - West Region
Office: (425) 706-3501 | Blog: blogs.technet.com/haroldwong
MCITP Server Administrator | MCITP Enterprise Administrator | MCITP Enterprise Messaging Administrator 2007 / 2010

-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Kurt Granroth
Sent: Thursday, August 19, 2010 10:18 AM
To: plug-discuss at lists.plug.phoenix.az.us
Subject: Re: Blackbeery no longer secure

On 08/18/2010 11:20 PM, der.hans wrote:
> Am 18. Aug, 2010 schwätzte Bryan O'Neal so:
> 
>> Generaly BB was considerd the most secure. I can listen into any GSM 
>> phone call for about $1500 in equipment and sniff unecrypted data. As 
>> I understood it BB made the point of encrypting all of their data - 
>> iphone and android levee it to the application but I believe the 
>> default mail apps do not encrypt on either platform.
> 
> Well, then there's an opportunity. We need android mail and sms apps 
> that will encrypt messages :).
> 
> The BB stuff just encrypts in transit to/from the servers, so RIM 
> still has unencrypted access to it anyway, right?

Well, the default Mail app on the iPhone mostly certainly does support encrypted mail.  I'm using it with IMAP-SSL and SMTP-SSL with no problems.  I can't imagine that Android wouldn't have similar functionality.

I don't believe that emails for companies using Blackberry phones are stored on RIM servers at all, much less unencrypted.  And... in fact, I found this page which does a pretty decent job of explaining how it works as well as some speculation on exactly what RIM is giving up in the Saudi Arabia and UAE cases:

http://swildstrom.wordpress.com/2010/08/16/blackberry-between-a-rim-and-a-hard-place/
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss