BBM Protected walkthrough and hands-on with Jeff Gadway

By Bla1ze on 29 Jul 2014 09:27 pm EDT

As part of the BlackBerry Security Summit held in NYC, we got to catch up with Jeff Gadway from the BBM Product Marketing team to learn more about BBM Protected, how it works and what to expect in the future updates for the secure enterprise messaging service. If you're not familiar with BBM Protected, it provides an enhanced security model for BBM messages sent between BlackBerry smartphones and is the only secure mobile instant messaging app that uses a FIPS 140-2 validated cryptographic library.

When BBM Protected was initially launched last month, it was targeted for only for EMM Regulated Work Space in Corporate-Owned, Business-Only (COBO) deployments, which also required a BlackBerry Enterprise Server Gold Client Access License. The next phase though will enable BBM Protected on Corporate Only, Personally Enabled (COPE) deployments with BlackBerry Balance enabled including BES10 Cloud. Once that is complete, in the fall BBM Protected will then be rolled out to iOS and Android devices through Secure Work Space.

Needless to say, BlackBerry is working hard on BBM Protected and ensuring anyone who has increased security needs has access to the messaging service through their enterprise offerings. Hit play on the video above to learn more and see how it all works between devices.

Reader comments

BBM Protected walkthrough and hands-on with Jeff Gadway


Yes it gives you a sense of security doesn't it. :)

Classifieds Canada and GeoYeo B4B Apps all the way!!!

Adam, you could have sounded more excited about the whole thing and at the end mentioned that it's not something you would use or have a need for.

It seems like to me you were throwing it in their face that it's not something you care about.

I understood your message and I still have love for you... hahaha.

Hope all is well in Connectedly!

Posted via CB10

I thought he was gonna use the joke as a segway into asking "but what if I did want my chats and calls protected, are there any plans on making this a premium feature available to non BES users?"

After all, that's really what matters to most CB users.

Posted via CB10

Exactly!!! I was hoping that was the question that would be asked. I'd love to have the option of having the protected version of bbm with some of my contacts. Heck, if they had a premium bbm subscription service I'd consider the investment.

Yes. It's all very nice and well, but what about users that are outside enterprise.
It would be nice to have the option to have the service.

Posted via CB10

Users outside enterprise can also buy a BES. I think this is the direction that BlackBerry is taking.

If all security features are available for power users without a BES, then why buy a BES?

Posted via CB10

Having heard this and the secusmart video, my reading further into this, is that is some messaging that BB is instructing these guys to use when presenting the features. Since they are being marketed to corporations, you don't really want the CB guys asking how they could get that same security on their personal devices if the product isn't there yet.

It's really early for a lot of these features. I think in time, these will be available for personal BES12 Cloud deployments. If you could pay $50 per year for a personal BES12 cloud to have access to these features, would it be worthwhile? If they can figure out a way to market it and made this protected chat and secusmart calling "software version" a part of the eBBM suite, that would be pretty attractive for the security-minded.

I understand the arguments you state concern the point of view of BlackBerry the company.
But i they do have PR and will do videos targeted at corporations.

The point of view of the CrackBerry user is completely different. Most of us aren't using a BES so it feels something is missing in the interview because that question was not asked.
Even if we know the probable answer.

Maybe BlackBerry specifically said "no interview if you ask that question" but I doubt it.

Posted via CB10

This is exactly the vibe I got. Sorry to be blunt but the " not something my wife or I would need.." comment just was asinine when trying to promote and report.. Fail.

Posted via CB10

So does this eBBM use, or will it use the same algorithm as the voice called Secusmart system coming? Just curious of how eBBM voice calls will work, or be compatible with the new Secusmart tech.

Lol, my Z30 does not recognize eBBM as a valid word. Had to add to dictionary.

Yes, eBBM is actually a suite of enhanced security messaging products that BlackBerry is working on for the enterprise. BBM protected is just one app within this suite and it seems like they have the implementation down pretty elegantly.

Posted via CB10

Two levels of encryption in which BlackBerry held the keys. This includes a third 256 AES level in which the BES server provides a key for each individual message, so BlackBerry holds no back door into the communication.

From my Neutrino Powered Z10

Wrong. You're thinking of emails sent with old BBOS when on a BES and of course BlackBerry has the private key to decrypt everything.

Posted via CB10

Love the idea of BBM protected and definitely want in on it. That said, I am very new to BES, both self hosted and cloud; is there anyone out there that can give a relatively succinct and quick rundown of what would be required of me, one consumer, to set this up for myself and my friends?

The over view for extra level of security for either groups or/and individual with eBBM, seems very easy setup process, but still the easy of use once setup...

Great enterprise tool for company IT

Saying security is easy, applying is hard

Posted via CB10

Heavy duty secure(each message has its own encryption key, so even if you manage to brute force decrypt one, you have to do the same for the next one from scratch) , yet message history archived for compliance with corporate communications regulations. Off the shelf convenient non-email corporate communications. Takes the email service providers out the security loop.

From my Neutrino Powered Z10

Adam, you do a class act! To top that, you even forgot where you were, subtle way to say that you really don't care. Wonder how Jeff Gadway calls you his friend!

As financial analyst are now expected to disclose if they have taken a position on a particular stock, I wonder if time has come for you folks in the media, especially Crackberry to indicate if you have been compensated in anyway (material or otherwise) to show Blackberry in bad light.

Yeah, no zeal, no passion there. One other member on Crackberry doesn't even own or use Blackberry. Is Crackberry losing its lustre?

It's lost already starting at the top (mister CrackBerry himself with his iPhone or Android phone)

Bla1ze is on his own defending the fort for how long, that's anyone's guess..

I wanted to state a few things. I would like to see this level of security to come to the consumer. I understand that enterprise customers require this. Are our BB's really that secure without enterprise? I'm not too really sure... I want to protect my BBM's like this between my self and other friends, I want encrypted phone calls as well even if I have to pay for a premium. Bring this level of security to your consumers as well...

Just curious why Adam was doing the interview; I thought he moved on to Connectedly. Someone with "BlackBerry" passion should have done the interview.

Crikey, get the lay over to the posts around here about poor notifications for BBM on iPhone .... he will be redundant, soon, if the problems on other platforms aren't fixed soon.

Posted via CB10

he doesn't sound very enthusiastic. or perhaps it's not something for general public to be enthusiastic about.

Jeff Gadway, I've been hoping to contact you with a bbm feature that I've discovered and am hoping to speak to you or someone on your team about this. It would be for law enforcement and military applications only.

I've tried calling BlackBerry and a few other methods but all have yielded negative results.

I'm a pro BlackBerry user and feel that what I've discovered will prove extremely beneficial.

Please contact me when possible.

Posted via CB10

Answers may be revealed once BES in the cloud (reminder: this is not hosted BES) will be released/advertised. Autumn may be the time frame.

Awesome. I love that BlackBerry is attacking the security issues present in the currently compromised climate head-on. They are poised to become the most important, secure phone on the planet. It's only a matter of time before the public demands the features that define BlackBerry and BB10.

Posted via CB10

Is the pass phrase used for exchange of public key for authentication only? Ie is actual communication using symmetric key encryption? If so what scheme/level? AES256?

The new BlackBerry. Ahead of the curve.

I am always dazed to see how people promptly give up their right to privacy:
at 3.42 "if people intercept our chat it's no big deal"...
Sorry to disagree but it's truly a big deal and we should have an instinctive reaction of defence to anything coming close to our privacy: for example even if i certainly don't need that encryption layer i would certainly not decide it because of the importance of what might be intercepted as nothing should be intercepted (except when a judge decided to put you on wire)
It will always be better to have the choice to use an additional layer of encryption, choose your degree of privacy don't let the "if you have nothing to hide then you have nothing to be scared of" policy (you never know what the future has in store for you and with all the data they collect on you "guilty" could be only a political twitch away)

Totally agree. I have three words for people who think like that : "Guy Paul Morin".

Innocent or nothing to hide can mean diddly. There are sometimes agendas, egos, politics etc. at play contrary to morals and basic civility.

Don Diego endorses the Zed.

I also want security in my phone!!does it all means That BlackBerry users are very unsecure at all? I want my bbm to be secure! Bad feeling for me actually,i hope BlackBerry doesnt focus so much in business World and forget the rest of users...

Posted via CB10

BBM (consumer grade) is already the most secure consumer messaging platform having two levels of encryption built in, so you are already using the best thing available to you. eBBM has the extra AES256 level encryption with a unique key applied to each message individually for a far more robust secure communications channel. Plus it has message archiving for compliance in corporate communications standards. But this comes at a price few consumers would be interested in or require.

From my Neutrino Powered Z10

I asked that the video be removed asap everything is wrong about the video. Shame on you Adam

Posted via CB10

I was expecting a little more information too and not the personal use of Adam :-).

- Will this service be avaliable for the non-BES users?
- When will the service available for the BES Cloud organizations?
- Is the level of encryption keys like the PGP? And what level 1024/2048/4096?

I am using PGPGP now and very satisfied by the way.

Posted via CB10

It's clear to see the loss of enthusiasm specifically towards the end of this video. Hey Kevin maybe just a bit more oversight can help eliminate situations like that from recurring. I know it may be tedious to operate in such a manner but it's important CrackBerry doesn't fall to the saying "the higher the monkey climbs, it's the more it becomes exposed."

Man United 4life!!!!

My question is about licensing. Will there be an additional cost to implement it on balance devices for instance.

Posted with my Z10

What us BBRY doing with regard to any type of shutdown scheme for units when stolen. Are they addressing device theft?

Posted via CB10

As usual.

Device is protected by the device password.
Data is securely stored in encrypted form.
Device can be remotely wiped by the BES admin.

There is jogging special regarding BBM Protected here.

Posted via CB10

I agree with some of the other comments here. We shouldn't be in the mind set that non-enterprise conversations aren't important enough to be protected. All conversations should be protected. There may come a time when anything can be used against someone, and also making it easy for authorities s to read our messages at will just supports a world where nothing is private. This is not okay. I think these features should be offered to consumers. Even if they cost more I would be willing to pay a bit.

I also agree with the other members that a couple of comments in the secusmart video and this video downplayed the importance of the products being displayed. They were also a slap in the face for the people who kindly took the time to give us a walk through. Maybe crackberry can get it right in Washington with some prepared questions around how this can relate to consumers and a bit more enthusiasm.

Posted via CB10

Available to consumers in 2018 at the earliest...Probably. Of course, most people wanting a secure IM solution can use an Android app today.

I feel like naming it 'BBM Protected' makes regular BBM feel _less_ protected. Hypothetically speaking as someone who knows about BBM and BBM Protect, and doesn't know the difference, I may now move to another messaging service since BBM feels on par with other IM software since it's not 'protected'. My two cents.

Posted via CB10

Would you rather call the regular BBM "BBM Super-Protected" and the one in eBBM "BBM Hyper-Protected"?

However you twist the thing, BBM Protected is more protected that the regular BBM.

Posted via CB10

If blackberry can actively and aggressively market this to enterprise clients they have a shot at real success.

Posted via CrackBerry App

No one can seem to answer my question yet. I get that this adds another wrapper of encryption to my BBM. But what I really want to know is: are these messages still sent through BlackBerry servers and just the content of the message is now encrypted? because if my message is 100% encrypted then there is no way for BlackBerry servers to know who it is for. The envelope for the message I would assume will still have to be in the open for BlackBerry to see. Is so BlackBerry can still hand over information of who and when you were BBMing someone and only the blobs of encrypted text in those messages.. So really thre NSA or whom ever will only need to know your passphrase to unencrypted those message they see are to an important suspect and unless you speak it verbally to them, SMS email are all monitored so it would not be difficult to find the passphrase you sent, then apply that to the messages and its just one more step for them to read your messages.. ?? can someone that knows answer how this works?

LOL did you even read MY comment???

I get how it works at the 30,000 foot level I am asking about the 10,000 foot level. Everything they are talking about is all marketing stuff, I want to know the details of how it works as a Network / BES administrator. If someone intercepted the pass phrase what can they do with it? I am assuming its just an ID of sorts to prove the other end is who they say they are before exchanging the large keys that encrypt everything. After the keys are exchanged is the pass phrase at that point useless to anyone?

And to my other question does this still go through BlackBerry's servers? If so its still not private kind of like encrypting an email, it still has to transport through the internet MTAs so all the headers can't be encrypted so anyone can still see who you talked to and when but not what you said... is this the same for BlackBerry with this new service or will it be queued on the device and do end to end transport through a secure tunnel only? if so the only thing this does is stop BlackBerry for viewing the message.


Well, if you look at the sales figures, the people who currently support BlackBerry are companies that buy BES and not consumers...

Posted via CB10

I'm liking the pasphrase being sent out of band ... seems a LOT less secure and a failure to even being. It may not be less secure to initiate but it's all in the perception. This seriously needs to be changed.