Leaked documents question BlackBerry security at 2009 G20 summit

By Adam Zeis on 17 Jun 2013 01:39 pm EDT
2
loading...
0
loading...
44
loading...

All eyes have been on the NSA since word got out that they forced various carriers to hand over call records from millions of customers. Now The Guardian has uncovered more documents that claim the British Government (GCHQ) had special instructions to intercept phone calls and emails from officials and politicians who attended the G20 summit in London back in 2009.

According to the documents, GCHQ used "ground-breaking intelligence capabilities" to monitor and intercept communications that included fake internet cafes and supposedly breaking the security on BlackBerry devices in order to monitor email and phone calls.

While we can't say to just what measures the GCHQ went to monitor the officials, a few issues arise for us on the topic of "hacking" the security of a BlackBerry device.

It's fairly safe to assume that all of the officials in question were running their device on a BES which means that there is no chance that anyone or anything could simply hack in and monitor communications. A BES on BlackBerry is as secure as it gets. Not even the folks at BlackBerry HQ have the key to check out emails behind a BES, so the thinking that any agency would be able to do so seems a bit much.

On the flip side, a BlackBerry runs off a carrier network just like an other phone, so phone calls could have been monitored however. Not necessarily tapping into the actual calls - but just times, length and numbers as every carrier keeps tabs on those.

We reached out to BlackBerry and this is what they had to say:

"While we cannot comment on media reports regarding alleged government surveillance of telecommunications traffic, we remain confident in the superiority of BlackBerry's mobile security platform for customers using our integrated device and enterprise server technology. Our public statements and principles have long underscored that there is no "back door" pipeline to that platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications."

So in case you read the article and were left questioning the security of your BlackBerry - don't worry. While some agencies may be tapping your carrier for info, your BlackBerry is still keeping your data safe - especially if you're using a BES. So don't be afraid of heading to your local coffee shop with your BlackBerry in-hand.

Reader comments

Leaked documents question BlackBerry security at 2009 G20 summit

151 Comments

They have been listening for years and everyone suspected it. Now that there is truth to it, people are up in arms.

Next up, Aliens!

I'm with you until you mention Rand Paul. Yet another opportunist misdirecting a legit concern of citizens into his own political ambition.

I disagree. Defending the 4th Amendment and The Constitution is something everyone should do and as I recall, when elected into office, is what you SWARE TO DEFEND.

As his father before him, he continues to fight for Liberty.

Every president has scandals.... the list our glorious president bush conjured would make anyone upset

Posted via CB10

While I don't agree with everything that Bush did, he made a lot of mistakes, I am tired of everyone bringing up Bush whenever something bad happens under Obama. EVERY president has had issues, but Obama appears to have the most apologists. Good grief! It is his second term. At some point you have to quit blaming the man before you and take responsibility for your own actions.

Like Obama decides anything....he's a puppet. Wake up, look around presidents dont decide anything they obey.

posted using my Z10

"On the flip side, a BlackBerry runs off a carrier network just like an other phone, so phone calls could have been monitored however. Not necessarily tapping into the actual calls - but just times, length and numbers as every carrier keeps tabs on those."

Exactly... this was probably the case. If anything was hacked, it was probably calls (through a carrier) or hotmail (Microsoft).

Thanks for reporting on this topic and getting an official statement from BlackBerry. I don't know whether the phones' security was compromised themselves but if it was I'd hope the last 4 years plus the upgrade to BB10 has given BlackBerry ample opportunity to plug any potential security risks.

Posted via CB10

If they were setting up fake internet cafes and things like that, I would bet that BES emails were NOT actually the target; instead, they were probably after the various politicians' personal Gmail and other non-BES email accounts that they do all their dirty political business and contacting of their mistresses, etc, on.. These accounts are up for grabs regardless of what platform you access them from, whether BlackBerry or anything else..

Exactly!

BlackBerry made a statement they defended their security just 3 hours ago.
http://www.bloomberg.com/news/2013-06-17/blackberry-defends-smartphone-s...

[QUOTE]“We remain confident in the superiority of BlackBerry’s mobile security platform for customers using our integrated device and enterprise server technology,” Waterloo, Ontario-based BlackBerry said in an e-mailed statement today. “There is no ‘back door’ pipeline to that platform.” The company said it couldn’t comment specifically on media reports of government surveillance.[/QUOTE]

The report ...
[QUOTE]Snowden’s Leak
“We never comment on security or intelligence issues and I am not about to start now,” U.K. Prime Minister David Cameron told broadcasters today in Enniskillen, Northern Ireland, where he is hosting the Group of Eight, or G-8. “I don’t make comments on security or intelligence issues. That would be breaking something that no government has previously done.”
Snowden is a former U.S. National Security Agency contractor who earlier this month said he leaked classified documents about government surveillance programs. His disclosures to the Guardian and Washington Post forced the administration of President Barack Obama to confirm the existence of two surveillance programs, one designed to collect phone call records from millions of U.S. citizens and another that monitors the Internet activity of foreigners with links to terrorism[/QUOTE]

Hmmm. Calls and Internet activity. The G20 was last held right here in Toronto and believe me and you how much of a clauster-frak that was to organize ... the police HAD no organization there where completely unprepared (Emergency Task Force - our weak version of US SWAT also was unprepared). I literaly walked by 4 burning cars on Queen street roughly 2 hours after they where set a blaze. Subway from Bathurst station (which goes East/West not North or South to Queen Street) was shut down - again another senseless act.

If Voice Security was circumvented, you sure as hell are NOT going to get any shred of evidence about it because its FULL OF SHITE, but for sake of truth vs ignorance if it was ...

Then this should at least been considered during their "surveilance"
http://www.bloomberg.com/article/2013-06-06/atmhOt8cRkCQ.html

[QUOTE]Kryptos Voice Encryption App for iPhone, Android and BlackBerry Achieves
Distribution Milestone in Over 100 Countries Worldwide

LONGWOOD, Fla., June 6, 2013 (GLOBE NEWSWIRE) -- Kryptos Communications, Inc.,
announced today that Kryptos, the company's secure voice encryption App for
iPhone, Android and BlackBerry smart phones recently surpassed over the
threshold of 100 countries worldwide in which users have selected Kryptos as
their secure communications solution.

Stephen W. Carnes, President of Kryptos Communications, Inc., stated, "Kryptos
was developed to provide mobile phone users with an affordable, easy to
install, easy to use secure voice communications App in order to provide the
average person, the average citizen an affordable means of having a
conversation that is totally secure from both hackers and electronic
eavesdropping surveillance."

Kryptos utilizes 256 bit AES military grade encryption to provide secure,
encrypted voice communications between users of iPhone, Android and BlackBerry
mobile smart phones. Kryptos is a secure, encrypted Voice Over IP (VoIP)
application. The product provides secure VoIP connectivity for secure calling
over several networks including 3G, 4G and WiFi.

Carnes further stated, "We are happy that users in over 100 countries have
selected Kryptos as their preferred means of securing their voice
conversations. I believe that the affordable price, coupled with ease of
download and use has enabled Kryptos to become the product of choice among
such diverse groups of people around the globe. In addition to individual
users, Kryptos has been selected as the secure communications solution by
numerous businesses around the world including a number of multi-national
organizations."

Kryptos is available in your favorite App store and can be used on the
following devices:

* Apple's iOS platform mobile devices including the iPhone, iPad and iPod
Touch
* Android enabled smart phones and tablets
* BlackBerry (RIM) smart phones
[/QUOTE]

At the time i did come across some articles saying BBOS 5 is not so secure. But there were no proofs for that.

Ummm... BES is safe... An accusation like this is completely unintelligent...

Posted via CB10 on my Z10!

Any official with a full blown BES connection should have the brains not to be connecting to random WiFi hotspots in the first place. They also have the taxpayer to thank for their nifty unlimited data plans.

As an aside, while you were reaching out to BlackBerry, did you happen to ask them wtf is going on with the PlayBook?

I would LAUGH if their reasoning to jump on the rogue WiFi network was "hmm...I'll save on roaming charges!!"

All, There is something called Signals Intelligence... this has nothing to do with Blackberry Security or any other mobile device for that matter. The whole world does it and someone just wants to make a story out of it. Read for yourself.. I know how some of us don't like to trust wiki.. but again.. just read it. Your emails are being collected by someone overseas right now before you even hit send. That my friend is a fact.

read up on signals intelligence and communications intellience below..
http://en.wikipedia.org/wiki/Signals_intelligence#Targeting

I have a problem with the way the Guardian and The Globe reported the story. They both clearly state that BlackBerry's security was penetrated. They specifically say that messages (emails) were intercepted.

Either Blackberry needs to make a stronger rebuttal or they need to Challenge the reports. Headlines are clear all over the net that "BlackBerry Security was BREACHED"....if it was phone calls i would understand as that is inevitable...but to make claimns that they "hacked" into BlackBerry security on mobile devices is a problem for BlackBerry and one they need to address more clearly.

Its already got Apple/Windows/Android fanboys "lol"ing all over the net.

If BlackBerry loses its image as the security platform...we have a problem.

There's no "back door" to the platform unless the government requires it : like in India and the UAE. And the whole wash coming from the media (re all this snooping) is that it's not about backdoor - someone comes in and INSTALLS their own equipment and feeds off the network.

That response was legalese.

Posted via CB10 on my BlackBerry Q10

If you need to hide what you are doing from the Gov, then you might want to invent your on language.

If you want to hide something from an individual that is trying to steal your credit card, than using BES for email is the best option.

Not sure about BBM... heard that BBM messages could be "hacked" that it's key was not unique..

It would need to be a really good language too, and changed frequently. Otherwise that can be decoded too.

And simply put any platform can be breached if the hardware is accessed. Notice the report mentioned key logging. If they used something that basic then I'm sure they took a similar approach on the BlackBerry.

Let's be serious, there's no such thing as absolutely perfect security. While there's no back door, there's always a way around the limits.

Posted via CB10

Try using TrueCrypt (truecrypt dot org) and encrypt volumes before you send them by email. Even if intercepted, they would take a long time to crack if you use a good password. But you still need to give the password to your recipient... perhaps face to face. Of course, if they managed to install a key-logger on the other person's computer or camera, they may give away the password too. Or they can simply capture the other person, or you, to spill the key under enough pressure.

In fact, most countries have laws which force you to give your password to the police if you are being prosecuted. Hence "deniable encryption technology" which lets encrypted data to be decrypted in two or more different ways, creating "plausible deniability"... so you give them the password which decrypts to garbage and say you gave them the only key available.

BBM on BES is encrypted.

This is one of the benefits of BlackBerry's BBM when they roll it out to other platforms. BlackBerry will enable encrypted instant messaging to companies that allow Bring Your Own Devices to enable encrypted corporate communication through BBM and BES 10.1 no matter what phone you're using.

This is something Whatsapp cannot offer. Many people think BBM will not be able to compete with Whatsapp on iPhone or Android, but reality is BBM is far superior and serve different purpose and the media just doesn't understand. (I would never trust sending anything that has to do with work or even personal stuff through Whatsapp or text messaging - they are open doors and anyone can see inside.)

While the world is focused on encrypting sent messages..

your messages are actually collected before they are sent. This whole conversation is way below our paygrades... trust.

Your comment is not vaild when you obviously don't understand how the BIS/BES infastructure works! The BIS/BES is pretty much like a VPN (Virtual Private Network). Its a secured tunneling that can not be penetrated from the out side. If a hacker which for this case (man in the middle attack) is trying to penetrate and collect data from a VPN, the VPN will automatically shut its self down and quickly reroute its self to another set of routers. All the data in the secured tunnel is highly encrypted. So for you saying messages are collected is false and NOT vaild. BIS/BES conneccted BlackBerry devices encrypts its data before it leaves the phone. Only the BlackBerry user has the keys. Wireless carriers have no way of ever seeing or collecting your messages because nothing leaves a BlackBerry device connected to BIS/BES without being encrypted. After it leaves the phone as encrypted, it goes to the cellular tower base station, through the wireless carrier centural switch office, throught the internet that goes through thousands of routers in to Canada, then BlackBerry firewall and BlackBerry Servers that reside in Canada, decrtyped inside the the BlackBerry infastructure in Canada and then compressed and re encrypted, goes through another firewall, back out of Canada, throught the internet of millions of routers back to the cellular tower and wireless carrier switch office and sent to another blackberry phone which the message that was sent gets decrypted.

SIGINT has nothing to do with any of this. And is not just for BB. You should really read up on what countries are doing in intelligence.

Triple DES ... key on single DES is not unique but its encrypted 3 times and relys on the hardware as well, not just software - to this date has NEVER been "hacked"

Its 2013 do we really use "hacked" anymore if not whats in it's place?

I totally agree with you, but it is possible that this was reported by somebody, who wanted some glory for "hacking" into blackberry.
There was no mention in U.S. documents, however, of Canada’s Research In Motion Ltd. and its highly secure BlackBerry, the quote is from Michael Babad's article i posted here earlier.
Another quote, "These would have been older models of the BlackBerry".
And response from RIM(BBRY)
"While we cannot comment on media reports regarding alleged government surveillance of telecommunications traffic, we remain confident in the superiority of BlackBerry's mobile security platform for customers using our integrated device and enterprise server technology,” RIM said in a statement today.

exactly. everything we do is monitored and intercepted.. EVERYTHING.. just someone wanting glory for putting "blackberry" and "hacking" in the same sentence.

To play devil's advocate for a minute, is it possible that they could have captured the encrypted data, and then hammered it with several super computers for a while (months, if necessary) until finally breaking it? Certainly not real-time data, but you can learn a lot about people's thinking and motivations by reading their old communications. (I'm a noob at this stuff, so if I'm wrong, be gentle).

And how exactly is monitoring *policitians* and *officials* part of the "War on Terror" that is supposedly the excuse for needing this kind of surveillance? Hmmm... makes you wonder more and more about the real motivation behind NSA, PRISM, etc... Just sayin'

Ok so let me get this straight, you people are worried that government is gathering info, yet you people could care less when companies do it? At least government does it for security purposes yet companies do it for profit. Somehow the media spinned this as the big bad government twisting the arms of tech companies. Please!

Who is the lesser evil here?

Exactly. The sad fact is that everyone is in on it and we're commodities as much as the commodities we chase after.

Posted via CB10 on my BlackBerry Q10

True. I say it's time to stop using electronic communications and go back to messenger pigeons carrying your piece of paper in a cryptex, which if opened the wrong way has acid which dissolves it. :-)

The government, or a future government, has the power to detain, imprison, or kill you. Microsoft, Apple, nor Google has either 3, directly.

Z10 via T-Mobile (10.1.0.2354)

Also: If you weren't white, and mouthing the international symbol for "I have money" (cigar), maybe you'd be more concerned?

Z10 via T-Mobile (10.1.0.2354)

The government is also there to protect us, Microsoft, Google, and Apple do not. US government, feel free to listen to me have a conversation about what my dog did today, Apple, you're not invited.

Posted via CB10

The big problem I see is comments putting the government on a pedestal. The government is supposed to be a an elected body of the people not gods. They do what we say not the other way around (in the free world anyway)

I don't want my government spying on me but I don't like Google doing it either but most people don't seen to have a problem with it.

Our best bet is still with BlackBerry don't worry

Posted via CB10

"At least government does it for security purposes"
Your naivete is breath-taking. What's to say that today's "security" doesn't become tomorrow's "hate speech" and the next day certain groups with anti-government beliefs (like "Tea Party") are targeted and harassed. Then when there is wide-spread fraud alleged during an election, all those members are arrested, black-mailed or otherwise detained and all of a sudden you have a dictatorship.

Oh god, how bad this is getting from governments that preach freedoms and democracy and yet criticise other countries and invade them to overthrow them for freedom.

Intelligence agencies have computers powerful enough to break encryption codes. That is one of the drivers for having the most powerful computers. But it is not easy and takes time plus money. It is not clear that those resources would be used to tap one or a few BlackBerry phones.

Posted via CB10

Yes, it's about the price of the information and computer resources you are willing to devote to it. On the other hand, you can "nest" multiple encryptions inside each other making the task much more difficult. For example, encrypt a file... then encrypt it inside another wrapper, then encrypt it again inside another wrapper, and so on multiple times...

The ground breaking intelligence was very likely bribing mid-level admins in the various governments to install wire sniffers inside the network. That would be a whole lot easier then trying to decode BES traffic in realtime.

I grew up during the cold war. We were always told this level of snooping was what "others" did. It's a sad state of affairs (pun intended) when the curtain is moved aside and what is revealed is that we are the same. It's all the same.

Re BlackBerry specifically, by law BlackBerry must comply with governmental requests. Under patriot or fisa or whatever, the gchq working in tandem with the "agencies" to get a better handle on the negotiations - well that is not illegal or far fetched. Not illegal at all. Just like it wasn't illegal for big banks to bet our money and lose.

As said, big companies, big government - who's the bad guy here.

They're not doing ANY thing illegal. Unethical, immoral, unconstitutional, against the basic tenets of a so called human right... well there are competing realities here and one is winning over the other...

It's a shame that BlackBerry's credibility may suffer. Like facebook. Google. Microsoft. Apple. Yahoo. Whoever whoever.

We'll still keep buying, using and consuming.

We are addicts.

Posted via CB10 on my BlackBerry Q10

BlackBerry can only be forced to comply if they have any control.
With BES the general understanding is that BlackBerry has zero control and thus cannot be forced to hand over access etc.
With a standard carrier BIS plan, data would go through the data centre in Slough and thus could be requested by the prying UK government.

Sure - say you're a company like PWC (largest accountants firm in the world) and someone wanted access to BES - well just ask PWC. Access granted.

Yeah I understand BlackBerry is not the only party in all this - everyone is. And there's nothing BlackBerry can do about it.

Shame that.

Posted via CB10 on my BlackBerry Q10

Why do people not care that Google, Yahoo, Facebook and all the social networks read their emails? This to sell their personal information. Does not make sense for them to be worried about the government that is restricted by law when private companies have no restrictions. Companies are not trustworthy.

Posted via CB10

For one thing, Facebook, Google, Microsoft, Yahoo, etc... don't have guns and they can't put in in a cage on the island of Cuba. The worst thing they may do with your data is make sure advertisements are for products you've expressed interest in. The problem is the state (using their tool, the government) forces those companies at gun point to hand over that nicely mined data. What the state does with that data can be very, very bad for you.

actually, email carriers have the RIGHT which you have consented to when you signed up for their email service to go in and scan any email item that you send out. Most of us just scroll down to the bottom to "accept" the terms and conditions... Google and these other sites haven't done anything that you haven't given them authority to do so ... all of course in exchange for utilizing their communication services... How do you think they pay for all of this.... ?? remember.. NOTHING in life is free..

If you don't like it, maybe we should stop emailing and go back to carrier pigeon.. But that would have a cost too.

Big Brother and the Holding Company continue to watch and listen...
"When freedom is outlawed,
Only outlaws
Will be
Free "

#BB10Believe

Now I know why the stocks is going down because of this absurd story. After it rallied last week and with all those good news shorts been dragging it down again.
Can't wait to see the June 28 report.

Posted via CB10

BlackBerry data centre... in slough... hence any BlackBerry not on a company BES could in theory be intercepted. But BES - yes, that's the whole point, encryption by the company for the company.

On the other hand, for some reason, the data centre in the UK was the reason the German government never certified the old BlackBerry - you would have thought they could use their own BES? Or maybe there is something else to it...

They certified BB10 because it no longer requires a datacenter in a foreign country. Plus there is also some security add-on.

Correct. BB10 was certified because they are using VPN to encrypt the traffic and don't need to use the BlackBerry Infrastructure. This is quite cumbersome for the user. They should have looked into solutions to transparently encrypt the traffic instead.

Posted on Q10

Correct, certain Governments such as Germany or Enterprises with requirements for data privacy have forbidden the use of Blackberries. The main concern isn't primerly the data flowing through BlackBerry Data Centers in anglo-saxon countries, but the way the encryption keys are generated and exchanged between BES and the device. If someone can obtain the encrypted traffic and the encryption key, obviously your security is broken. There are solutions on the market to actually get this doubt of the table by using PKI technology. In this case it's technology used by Swiss Banks, Governments etc.:
http://www.totemo.com/en/products/mobile/transcoder-for-blackberry/overv...

Posted on Q10

@Rimperator..

You mean the Germany that just ordered 40,000 blackberry devices?

Privacy is the reason they go with blackberry...not the other way around.

They did not exclusively chose BlackBerry 10. There is a choice between a specialy hardened Android and BB10 (initially the Z10 was certified). The reason why they decided to choose BB10 devices was because they no longer are forced to use BES and the BlackBerry Infrastructure. As I mentioned in an earlier comment, they are using traditional VPN to encrypt the traffic instead. The federal security agency for information technology BSI has been one of the toughest opponents of the legacy BlackBerry solution. Therefore agencies that did chose legacy BlackBerry had to add an additional layer of security.

Where did you get that number of BlackBerry devices? So far I have only heard that the German Government ordered approximately 5'000 Z10 and 5'000 Samsung SII/III devices.

Posted on Q10

Thanks!

Well it states "... plans to buy as many as 40,000 BlackBerry 10 devices". I'm sure that if the order for more devices had already been placed we would have read about it. I'm convinced that will be the case, but it will probably just take a bit of time.

The article was based off of the current "Leaker" that worked at NSA...

All, There is something called Signals Intelligence... this has nothing to do with Blackberry Security or any other mobile device for that matter. The whole world does it and someone just wants to make a story out of it. Read for yourself.. I know how some of us don't like to trust wiki.. but again.. just read it. Your emails are being collected by someone overseas right now before you even hit send. That my friend is a fact.

read up on signals intelligence and communications intellience below..
http://en.wikipedia.org/wiki/Signals_intelligence#Targeting

I think there was a copy of a paper saying 20 messages where taken from the blackberry platform but using whatsapp or just the wrong browser could be the problem her. Not the BES server. Also wifi ,bluetooth and usb could clossed by BES.

Just like BB10 you can watch emails in private workspace but that's because you give in your password and after that I don't know. Just saying open your email in your work space so you in a BES enviroment and dont use whatsapp, skype for messaging because both are not allowed in my workspace.

Didn't that Snowdon chap say something along the lines that he could get the User id and passwords for ANYTHING?

Oh - the guardian had a chat with him live an hour ago - check out what he says.

It's all so sad.

Posted via CB10 on my BlackBerry Q10

It always reassuring to hear BB's comments when it comes to security. . .with everything else their language is full of "maybes" and "most likely" but when it comes to security, it's always a strong and definitive response!

The keys went out to US Canadian and British governments. Don't fool yourself to thinking otherwise. Even RSA has handed out their encryption keys.

At this point, I think it’s naïve to think no system can be hacked. When the government puts all their resources behind getting into something, they get into it. Blackberry is unfortunately no different at this point. They may be the hardest to hack but that probably means the rewards are that much greater.

If a government can hack a blackberry device, they sure as heck aren’t going to advertise it.

To think that BES is the holy grails is folly after the various NSA/GCHQ shenanigans going on. Japanese, German and Russian codes were broken...

If you’re using your BBRY for illegal activities... make sure you’re a small fish flying under the radar so no one cares.

Well what happened in the middle east? Wasn't BlackBerry forced to give the government access or else face a shut down of their services?

Nsa and the pentagon have all the access to go throw the security on all the os. Maind you (fcc)

Posted via CB10

So BlackBerry learns from the press that their the security of their solution has been compromised. So we can assume that at least the legacy devices are still having these issues.

But who would really be so foolish to believe that BlackBerry products do not have weaknesses?

Posted via CB10

Didn't they just use keyloggers on a private network that everyone had to get on in order to use the net? Not necessarily Blackberry's fault. More like devious organizers.

All other phones owned by those that attended were affected if they used the network, not just BBRY's...

Digital is always traceable and permanent record. Doesn't mean it happens, just means it is completely possible.

Posted via CB10 on a Q10 or a Z10, either way it's golden.

Maybe it's time that BlackBerry become a Network Service Provider. Example : every BlackBerry that is sold, comes with a built in SIM Card, registered to BlackBerry Network Services. Meaning that security is not only your data but your calls etc etc will be secure.

Posted via CB10

Wasn't that from the gild of surviving control agents and their struggle for a more equitable contract...something like that?
hahaha, I'm surprised only one comment about the picture in this article.

If you're not using BES, how is a BlackBerry any more secure than other platforms? You're not using BIS any more for emails, iMessage (end-to-end encryption) is more secure than BBM and voice on any platform is tappable at the carrier level.

I think we’ve gotten off topic a bit. We’re all commenting not on the fact that the government monitors us, it’s the fact that Blackberry devices may not be as secure (BES) as we may have been led to believe. If big brother can get it, then it doesn’t take a leap for a well oiled crime syndicate to be able to do the same.

Other devices get knocked for not being as secure, maybe we need to re-evaluate our assumptions about X being the most secure etc.

All these leaks about the government’s capabilities just mean whatever we have to hide is only safe if it’s living in your head.

Where did it say internal BES traffic was intercepted? That's highly unlikely.

But once email leaves the protected network (and almost any BES to public email would do) then it's simply a matter of intercepting the mail. A ten year old with a packet sniffer (and the right network access) could manage that. Unless you're encrypting your email of course.

Thats why there are encryption standards such as S/MIME and OpenPGP (as well as some alternatives that however are not based on standards). However that topic is not specific to smartphones or other mobile devices.

I don't think there's anything secure about bbry emails unless third party encryption is involved.

Posted via CB10

They're secure within the internal network if you're using BES. (Or were until BB10 at least - I assume they still are)

If an organisation needs to ensure data privacy the only thing that really makes sense is using end-to-end email encryption. There are solutions on the market that allow to do this transparently and without the hassle of users managing certificates. However for private use it would be more complicated or with BB10 even impossible as BlackBerry did not care to implement S/MIME!

Digital is always accessible and is also permanent. A phone company tracks everything. Do they track you for evil reasons? No. It's for business purposes, so they track and store what you do with your device on a network, yes. So they can effectively sell services and track spending, etc... do they care that some soccer mom updated her kids soccer game score on facebook from their smartphone? No. Do they care if the police or government approaches them with suspected people who talk about anarchy or some criminal activities? Yes, they care. Do they provide information to law enforcement "willy nilly"? No. Law enforcement and government still have to follow FOIP and can't just arbitrarily request tracking data, but through the proper channels, they can acquire any data they need.

Posted via CB10 on a Q10 or a Z10, either way it's golden.

I don't believe that anything is secure. I'm sure a BES BlackBerry can be broken, maybe with incredible difficulty but I'm sure it can be done

Posted via CB10

For me BlackBerry still is the way most secure mobile platform on the market - there is no question about that. However that doesn't mean that there aren't potentially ways how certain government agencies with a fair amount of resources could still look into the traffic.

Talking about BBM security out of BES10, can it compete security wise with XMPP clents?
Off The Record Encryption vs a single key that could be broken by now?

For now, since the prism affair, i've manage to ditch:

All my four gmail/outlook accounts(got à paid hosted exchange in France )
Google search replaced with Mystartpage.com
And now i'm trying to get rid of Skype, but this is hard....for now there are only Beem And Gibberbot, XMPP complient, but only chat is available, although very nicely.
Couldn't sideload the Nightly build of Jitsi.

Posted via CB10

Now that it's somewhat hidden, who knows? ;)

But the best thing has yet to come: within the meta data, encrypted noise is going to take epic proportions, coming from people who want to hide the fact that they have nothing to hide.
How will the NSA find terrorists in this sea of AES256 encrypted messages?

Posted via CB10

"can it compete security wise with XMPP clents"

Doesn't BBM use TLS? All those certificates must be used for something.

There is only one key for BBM traffic, unless you are using BES and have your own. However hardly any organisation does that.

The French Government isn't exactly known for respecting data privacy, so I'm not sure that was that much of improvement for the email part :) But you can obviously additionally start encrypting your emails. In fact this is done by several cloud (Hosted Exchange, Office365, Google Apps etc.) customers.

Remember when the riots were happening in Britain. The police were intercepting messages and we're kicking doors in and rounding up people that were citing riots. These people were on all platforms except BLACKBERRY. Everyone was then instructed only to use BlackBerry. At the time the police could not crack a BlackBerry but they could all other devices. Don't know what else to say. Besides this guy is a weasel not to be trusted. Bet he used an iphone. Check it out. Bet he used an iphone and is an iphone fanboy!

Posted via CB10

The world's major governments can hack/breach pretty much any system they want, regardless of their relatively high security. Sure, BlackBerry is great for ensuring protection against mid-level classified information and corporate confidential information, but the UK/US governments can breach them if and when they want.

I'm surprised you're all surprised by this - BlackBerry may be the industry leader in security, but they're by no means immortal

Posted via CB10

Only if the report was on Samsung s4 (for example ) and it somehow made it to crackberry, would we 1 bash Samsung security server or 2 come up with these intelligent comments as to why it could happen to any phone.

Personally I'd bash Samsung's security #teamblackberry #+1ifyouagree

Posted via CB10

Honestly, I love BlackBerry and all (been using only BlackBerry devices since 2004) but this commentary is a bunch of crock. First, the scale and capability, not to mention technical and technological prowess of these government organizations is far beyond your average stuff. To assume that they do not have the means to get into virtually anything is really completely ignorant. Just look at the encryption policies. There are much stronger encryption schemes out there but most services are limited to 128-bit. This is not coincidental and results from the fact that everything and anything commercially available in the US has to be feasibly crackable by the NSA. In other words our encryption schemes are always a few pegs behind. Second, if all of this fails you can always just attack the endpoints, which are typically weak no matter what.

At the end of the day, BlackBerry probably did get hacked. They are no exception to the industry norm, no matter what they say. They are better than others, but not invincible or foolproof.

Posted via CB10

We all know the Guardian had to re-tract on their last report on Blackberry security. Former CEO Laz was asked about security in the middle east that caused a stir on the BBC..he said " Its about national Security "
Former CEO of BBRY about National Security in the Middle east : http://www.youtube.com/watch?v=Q6iGe7vuGeQ

CBC Amanda Lang had headlines on her Lang and Oleary show " Blackberry security was broken into " or something to that fact. Blackberry should be front and center on this Guardian article

There are many many ways to get message traffic by going around BES. Keep in mind that the data is only encrypted (ON BES) between the server and the handheld. And that is only if your BES Admin has it set to something even remotely realistic for security (AES), and not T-DES. RIM/BB has stated many many times that they do not have the keys to give to governments to decrypt the messages, but what if AES was broken? That could lead to the data being decrypted.
 
RIM could also have had to comply with lawful requests by the UK government for other forms of data traffic.
This could also be speaking about BBM messages (which are messages), which use a universal encryption key
 
 
Abiguity in an article like this is the best friend of reporters. Also that appeared to be in a slide, and does not have anything *really* to back it up. Its a "hey we did this" article.

With all these recent spying and security issues coming out. Can it spin a positive light for BBM voice calls and BBM video, especially when it goes cross platform? No way to track those calls as they use only data routed through blackberry's network. Just a thought...

Posted via CB10

Actually if it works similar to BBM IM I wouldn't be that secure, but still way better than the competition such as WhatsApp, Viber etc.

It's unlikely they could easily hack BES10 traffic. But once the traffic is outside the BlackBerry network it's open season unless you encrypt your email.

And if you're a regular BlackBerry user they simply need to tap into the carriers network at some point.

I'd be very surprised if half of their claims were remotely true.

So why don't blackberry fix the Damn sound alert notification for email and text while on a call. Every other phone in the world has this feature. The Z10 and Q10 do not have this feature which is totally unexceptable. If I complain enough, and more and more Z10 and Q10 owners realize that this feature is missing from there device, and miss important text or email, and stop encouraging potential customers to try the phones then it might get fixed.

Posted via CB10

And that makes sense how?

Why not just write to BlackBerry or the beta team, you'll be surprised how responsive they are.

Posted via CB10

Blackberry's can be hacked. A companies from Germany sold governments tech and support for hardware and software to

Posted via CB10

Edit: A company from Germany sold hardware and software tech to governments and agencies that allow access to all types of devices. People using Blackberrys were sent fake and malicious software disguised as a "blackberry software update" and within an "Internet cafe" or conference room all their messages and emails could be copied and monitored. No device is immune to these kinds of hacks. If a user downloads something onto their device then whatever was downloaded could easily give a person access to it if that is the intent.

Posted via CB10

Not a hack if the user installs this application, at best it is malware/spyware. Any BES Admin worth anything would have this blocked.

", your BlackBerry is still keeping your data safe - especially if you're using a BES"

ONLY if using BES. BB10 or BBOS on their own offer little privacy protection apart from apps isolation and permission.

The dilemma that faces the modern world and us in the US in particular is that modern communication infrastructures and many social networks services know no boundaries - everybody "good" and "bad" use communicate on the same infrastructure. This fact really make privacy as defined by the US Bill or Rights impossible. So how to maintain national security while complying with the Constitution?? National security can not be achieved by the "good" guys without knowing what the "bad" or "other" guys are doing. But if the "good" and "bad" guys communicate over the same infrastructure, in order to learn about the "bad" guys are up to one also gets information on the "good" guys.

It seems that when any usa president is elected two terms the second term is always filled with scandals.

Why cause they can only be elected two terms in a row so they may as well screw the USA up as much as they can before leaving.

Posted via CB10