Blackbeery no longer secure

Thu Aug 19 22:07:38 MST 2010

Note, that describes BIS services operations, but not quite BES
operation. The BIS/BES are the store/forward points. In the case of
corporate BES, it sits inside the firewall talking MAPI to the Exchange
server. There's a outbound encrypted tunnel from BES to RIM's SRP
servers,  and encrypted tunnel from BB to SRP servers, and an end-to-end
symmetric key encryption ("enterprise activation") from BB to BES. I
don't see how the Saudi Arabia and India folks would be able to do
anything with the BES encryption channels, so long as the activation key
exchange doesn't occur OTA.  With BIS access, you effectively pay the
provider to be your BES, and the man in middle for the govt.

On 8/19/2010 1:03 PM, Harold Wong wrote:
> Since RIMs network is a proprietary network, they do have full control over the end to end communication stream for email data that is transmitted on it.  Emails are stored on the RIM servers in their NOC(s) for delivery to Blackberry devices when the devices are out of reach (example: user is on an airplane).  Keep in mind that voice calls are transmitted over the mobile carrier's network so those can still be eavesdropped upon.
> 
> As for security / encryption of email access with other smartphones (iPhones, Android, Windows Mobile, etc.), it is dependent upon the email service that you connect to.  I know Exchange well, so I can talk to that.  The Exchange Admin has the ability to configure the policy to only require secure (SSL) communication with mobile devices and therefore block devices that don't support secure mechanisms.
> 
> Harold Wong
> IT Pro Evangelist | US Developer & Platform Evangelism - West Region
> Office: (425) 706-3501 | Blog: blogs.technet.com/haroldwong
> MCITP Server Administrator | MCITP Enterprise Administrator | MCITP Enterprise Messaging Administrator 2007 / 2010
> 
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Kurt Granroth
> Sent: Thursday, August 19, 2010 10:18 AM
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: Blackbeery no longer secure
> 
> 
> 
> On 08/18/2010 11:20 PM, der.hans wrote:
>> Am 18. Aug, 2010 schwätzte Bryan O'Neal so:
>>
>>> Generaly BB was considerd the most secure. I can listen into any GSM 
>>> phone call for about $1500 in equipment and sniff unecrypted data. As 
>>> I understood it BB made the point of encrypting all of their data - 
>>> iphone and android levee it to the application but I believe the 
>>> default mail apps do not encrypt on either platform.
>>
>> Well, then there's an opportunity. We need android mail and sms apps 
>> that will encrypt messages :).
>>
>> The BB stuff just encrypts in transit to/from the servers, so RIM 
>> still has unencrypted access to it anyway, right?
> 
> Well, the default Mail app on the iPhone mostly certainly does support encrypted mail.  I'm using it with IMAP-SSL and SMTP-SSL with no problems.  I can't imagine that Android wouldn't have similar functionality.
> 
> I don't believe that emails for companies using Blackberry phones are stored on RIM servers at all, much less unencrypted.  And... in fact, I found this page which does a pretty decent job of explaining how it works as well as some speculation on exactly what RIM is giving up in the Saudi Arabia and UAE cases:
> 
> http://swildstrom.wordpress.com/2010/08/16/blackberry-between-a-rim-and-a-hard-place/
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 