Blackbeery no longer secure

Bryan O'Neal Bryan.ONeal at TheONealAndAssociates.com
Fri Aug 20 07:17:56 MST 2010


That is the point of the new RIM software. They are now required to
break that encryption and make those communications available for the
government. The new servers are being tested now in the middle east
and if successful deployed in India and beyond.
I do not have the details but my guess is that they will be pushing a
breakable endpoint encryption to any relay that wishes to use those
servers.

On Thu, Aug 19, 2010 at 10:07 PM, James Lee Bell <nuclear-cowboy at cox.net> wrote:
> Note, that describes BIS services operations, but not quite BES
> operation. The BIS/BES are the store/forward points. In the case of
> corporate BES, it sits inside the firewall talking MAPI to the Exchange
> server. There's a outbound encrypted tunnel from BES to RIM's SRP
> servers,  and encrypted tunnel from BB to SRP servers, and an end-to-end
> symmetric key encryption ("enterprise activation") from BB to BES. I
> don't see how the Saudi Arabia and India folks would be able to do
> anything with the BES encryption channels, so long as the activation key
> exchange doesn't occur OTA.  With BIS access, you effectively pay the
> provider to be your BES, and the man in middle for the govt.
>
> On 8/19/2010 1:03 PM, Harold Wong wrote:
>> Since RIMs network is a proprietary network, they do have full control over the end to end communication stream for email data that is transmitted on it.  Emails are stored on the RIM servers in their NOC(s) for delivery to Blackberry devices when the devices are out of reach (example: user is on an airplane).  Keep in mind that voice calls are transmitted over the mobile carrier's network so those can still be eavesdropped upon.
>>
>> As for security / encryption of email access with other smartphones (iPhones, Android, Windows Mobile, etc.), it is dependent upon the email service that you connect to.  I know Exchange well, so I can talk to that.  The Exchange Admin has the ability to configure the policy to only require secure (SSL) communication with mobile devices and therefore block devices that don't support secure mechanisms.
>>
>> Harold Wong
>> IT Pro Evangelist | US Developer & Platform Evangelism - West Region
>> Office: (425) 706-3501 | Blog: blogs.technet.com/haroldwong
>> MCITP Server Administrator | MCITP Enterprise Administrator | MCITP Enterprise Messaging Administrator 2007 / 2010
>>
>> -----Original Message-----
>> From: plug-discuss-bounces at lists.plug.phoenix.az.us [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Kurt Granroth
>> Sent: Thursday, August 19, 2010 10:18 AM
>> To: plug-discuss at lists.plug.phoenix.az.us
>> Subject: Re: Blackbeery no longer secure
>>
>>
>>
>> On 08/18/2010 11:20 PM, der.hans wrote:
>>> Am 18. Aug, 2010 schwätzte Bryan O'Neal so:
>>>
>>>> Generaly BB was considerd the most secure. I can listen into any GSM
>>>> phone call for about $1500 in equipment and sniff unecrypted data. As
>>>> I understood it BB made the point of encrypting all of their data -
>>>> iphone and android levee it to the application but I believe the
>>>> default mail apps do not encrypt on either platform.
>>>
>>> Well, then there's an opportunity. We need android mail and sms apps
>>> that will encrypt messages :).
>>>
>>> The BB stuff just encrypts in transit to/from the servers, so RIM
>>> still has unencrypted access to it anyway, right?
>>
>> Well, the default Mail app on the iPhone mostly certainly does support encrypted mail.  I'm using it with IMAP-SSL and SMTP-SSL with no problems.  I can't imagine that Android wouldn't have similar functionality.
>>
>> I don't believe that emails for companies using Blackberry phones are stored on RIM servers at all, much less unencrypted.  And... in fact, I found this page which does a pretty decent job of explaining how it works as well as some speculation on exactly what RIM is giving up in the Saudi Arabia and UAE cases:
>>
>> http://swildstrom.wordpress.com/2010/08/16/blackberry-between-a-rim-and-a-hard-place/
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


More information about the PLUG-discuss mailing list