Is PIN to PIN messaging secure?

By IsaacKendall on 18 Jun 2010 03:38 pm EDT
3
loading...
33
loading...
24
loading...

PIN Message Flow

** 18 Jun 2010 Update: We posted this article a few days ago (for a few minutes it was live) but we took it down temporarily after some comments were added by community members questioning it. We wanted to double check and follow up with the supporting data; after some additional research we have verified the information in this post is correct. If you have any questions on it, leave it in the comments and we'll do our best to address them. **

If I had a nickel every time I've been asked the question "Is PIN-to-PIN secure?" then I could quit my day job and write for CrackBerry full time. In my day job this has come up constantly from all types of BlackBerry users. It's a very good question... it seems secure, doesn't it?

The simple answer to this question is YES & NO. PIN-to-PIN is encrypted using Triple Data Encryption Standard (Triple DES). PIN-to-PIN security is very controversial topic. For sure, it's far more secure than regular email because the "internet tubes" are not part of the message path the way they would be in an email message. In the case of PIN-to-PIN the message flow looks like this:

  • Sending BlackBerry Handheld to Wireless Network
  • Wireless Network to RIM Relay
  • RIM Relay to Receiving BlackBerry's Wireless Network
  • Wireless Network to Receiving BlackBerry Handheld

What's interesting is that BlackBerry Messenger works the PIN protocol and nobody's ever asked if that was secure.

So as you see, the message only travels between the BlackBerry handheld to wireless carrier and RIM relay; so in that respect it is way more secure than regular old unencrypted email. Now, if you are involved in err...  activities that government agencies may be interested in you need to listen up. Be aware that for the data that flows to and from your device via PIN messaging, if served with a warrant RIM will provide the plain text of your PIN messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air.

To be clear on regarding PIN spoofing, it has never happened to date. This is a worst case scenario and though it is not likely to ever happen, it is worth noting that the vague possibility does exist. As for the security of PIN encryption as mentioned in the previous paragraph all BlackBerry devices use the exact same key to decrypt these PIN-to-PIN messages. This key is created by RIM and used on all BlackBerry's so it stands to reason that RIM can decrypt these messages at the NOC/Relay. Again to be clear, RIM is not reading your PIN messages out of boredom. But in the situation when a warrant from a law enforcement agency presents itself they could. 

If there is a business you are involved with and want to communicate freely with your business associates, you need a BES (BlackBerry Enterprise Server - see this article for basics on what a BES is). That is the only way to encrypt the message before it leaves your BlackBerry handheld. A side note, it is possible to deploy PGP encryption on the BlackBerry, but that is a whole different discussion I'm not getting into today.

Another feature that the BES offers is Peer-to-Peer messaging encryption (Peer-to-peer is another name for PIN-to-PIN). This sets a unique encryption key all BlackBerrys in that organization use when sending and recieving PIN-to-PIN messages. This key is not available to RIM so your messages will be private within your closed BES community.

Another thing to note for those of you out there working for "the man" and you're on a BES, the BES admin can enable PIN logging. That would mean that all your PIN messages are tracked and saved in the BES logs, in plain text. This was an enhancement of BES 4.1 which allows the BES admin to log all incoming and outgoing: phone calls, SMS & PIN. By default this option is always off on the BES and is not normally deployed as the log files get massive quite fast if the organization is of large size. Financial and legal firms generally do enable this feature for regulatory reasons.

In the pre-BES 4.1 days it was not possible to track these messages on the BES. There was one case back in the day at large Canadian financial institution in Toronto where two portfolio managers bolted in the middle of the night and took a bunch of clients with them. All of their communications were done VIA PIN messages. The company was able to retrieve all the back and forth PIN messages simply because one of the traders was just plain stupid. He had a automatic daily backup of his BlackBerry handheld enabled on desktop manager and even though he did a handheld wipe on the BlackBerry device before he left, they simply connected the BlackBerry back to his computer and restored from the previous day's backup. Like I said, stupid.

Bottom line, if you're not on a BES treat your BlackBerry like it is Facebook and assume nothing is private. If you are on a BES and send and receive email within your company it is secure, all other communications can be seen by others.

Conclusion, PIN-to-PIN messages are scrambled, not encrypted.

For source reference visit:

34 comments

Deyrkroz

Maybe a stupid question but oh well..
So is the BBM not secure? or is the PIN to PIN not secure?

gyrferret

BBM works by sending a message from one blackberry (with its own PIN) to another blackberry (with its own PIN). So it is PIN to PIN messaging.

ORIGINQuest

BBM is basically the medium in which all of your "PIN contacts" and messages are grouped together and managed. BBM is basically a stylized IM version of PIN to PIN.
Both are secure from common hackers and snoops, though as the article states, if the guv wants it, the guv gonna get it...

md12

Can BES log the text of gchats?

Craig Johnston

md12.

The BES cannot log it, it can only log phone logs, SMS, and PIN-PIN messages.

However there are companies out there that sell third party software that does log all kinds of things on your BlackBerry, like email in the GMail app, etc.

However you'd know if it was pushed down to your device. You'd see it in the apps list.

These third party apps normally work in conjunction with a server back at your company that records what is logged on your BlackBerry.

wndrshwzn

come on devs, make an app that can encrypt pin to pin and bbm then.

BekNazar

Check out my CyphrTxt in the store here.
It encrypts PIN and email msgs plus a few more things...

wndrshwzn

come on devs, make an app that can encrypt pin to pin and bbm then.

R1cowl

"What's interesting is that BlackBerry Messenger works the PIN protocol and nobody's ever asked if that was secure. " I asked and it was discussed on one of the podcasts. I don't remember which one.

baltee

I notice that you didn't re-post the previous comments. They were worth a good chuckle! Yes this is one of the most highly debated mis-informed pieces of blackberry messaging.

jshuford

Be advised that there is a definite weakness in the processing of these messages...The Relay!

By default the blackberry server will log into a csv the following fields:

"Name.ID,"PIN","Email Address","Type of Message","To","Cc","Bcc","From","Subject","Body","Send/Received Date","Server Log Date","Overall Message Status","Command","UID"

With a file name such as "PINLog_20070927.csv" with one log being created per day.

During the manufacturing process, Research In Motion® (RIM®) loads a common peer-to-peer encryption key onto BlackBerry devices. Although the BlackBerry device uses the peer-to-peer encryption key with Triple DES to encrypt PIN messages, every BlackBerry device can decrypt every PIN message that it receives because every BlackBerry device stores the same peer-to-peer encryption key. PIN message encryption does not prevent a BlackBerry device other than the intended recipient from decrypting the PIN message. Therefore, consider PIN messages as scrambled—but not encrypted—messages.

Craig Johnston

jshuford.

The BES has this disabled by default. The only logging on by default is call logs. SMS and PIN-PIN are off unless the BES admin enables them.

jshuford

As I said...The Relay is the weakness.

jeffmeden

So basically, the messages are not encrypted in a meaningful way, but we can "trust" that our carriers can properly handle the messages as they move from the handset to RIM and back again.

One question, are the RIM servers really directly attached to each carrier's network without *any* internet transit in between?

belfastdispatcher

So let me get this straight, pin to pin is scrambled then decrypted and they could be intercepted and read by a spoof/cloned blackberry that has to be registered with RIM and surely they must have alarm bells to ring as that is yet to happen. So how is that not secure? Not secure from the government maybe as nothing really is but I fail to see what the problem is.

sweetlittlehugs

is there anyway to block someone? I keep getting pin messages from someone I don't know telling me to download bbm.

Scarlett

I just retired from State Governement in an IT Security position. If they want to know what you are up to they can and will find out. State Government as you know is very "political" therefore one side is always looking to get the other side. As a side note, don't forget the obvious, anything you send to anyone is never 100% secure when they can copy the conversation and resend it.

EGerhardt

True it is theoretically possible to intercept BBMs, but its worth remembering that anyone who is doing so without a warrant or your permission (and if its from BIS probably your carrier and RIMs too) is breaking the law.

As someone above pointed out, to directly intercept BBMs would require some very fancy work, since they would have to not only have a blackberry that had your pin, it would have to be registered to the carrier and on RIMs network. I doubt that the system would be happy sending BBMs to two hand sets and even if it DID do that with cloned pins, it would definitely start alarm bells ringing.

What I'm saying is that anything is possible, but the carriers, RIM and BES admins are all there to detect it send the cops on over. IIRC illegal wiretapping is a federal matter, and tbh if you are that paranoid you shouldn't be trusting your super secret plans to the airwaves anyway. Since someone could snatch your unlocked BB out of your hand, or string you up with piano wire to extract the unlock code, you can't call ANYTHING secure if you assume people will break the law to read what you have rambled into BBM.

Basically, its not worth the effort or potential punishment to snatch BBMs out of the air when it'd be easier to slip someone a few bucks and just read the damn thing.

stanberry9700

Maybe off topic but if we are talking about security...

Is it safe to do internet banking or other financial activities on the blackberry? Or is it safe to a certain point also like PIN-to-PIN messaging?

sweetlittlehugs

Online banking is a secure connection because the sites themselves provide the security.

Boldboy

Very interesting article thanks for that.

On another point; Pin messaging and BBM have been free in Europe and North Africa (o2) for me and my colleagues these past few years. Is it the same your side of the pond?

Supa_Fly1

BTW, that large Canadian financial institution was CIBC right on King & Bay street. Yeah it did a large shake up in the papers like Financial Post/Globe & Mail, and Toronto Star for about 1 week. It was blown out of proportion because a few top financial investor agents recruited others ~ that were mistreated & pretty much ignored & underpaid ~ and started their OWN financial investing company. The messages where done via PIN to PIN or BBM or both. I HIGHLY doubt the situation was found out that 1 employee was saving PIN messages db to his desktop at work ~ these guys are NOT stupid. Also CIBC was using a BETA of BES 4.1 roughly 6-8mths BEFORE it was released and during that whole uprising.

PIN to PINs ARE secure! If you doubt this then you NEED to consider the following:
* Has ANYONE without internal RIM infrastructure tools been able to decrypt a PIN/Email from data sent to/from a BlackBerry.
* Has ANYONE been able to piggy back the IP of one phone's data transmission over TCP/IP off a provider data connection (its IP) to another phone [Essentially getting data from 1 smartphone to the wireless networks GGSN or similar ip gateway infrastructure to another] ?!?!?! Again without provider or RIM's tools? And been able to do so WITHOUT being charged on either phones/smartphones BILL?
* Has anyone ever been able to get YOUR data without unlocking your BB or from encrypted backups?

^ if the host of this thread cannot answer any of these without proof or legitimize his post without an official RIM BlackBerry BES Admin certification; then I cannot believe any truth to the doubt of the PIN to PIN being unsecure.

All the above information is known by heavy users of long time in the industry and those that have worked on a BES server even with Jr. Admin priviledges (such as myself) from BES 4.0 to 4.1 SP1/2/3/4/5. Also I'm sure many of us know a few ppl that work at RIM supporting BES Administrators on various server setups.

I'm up to see this being cracked in order to force RIM to make changes to improve security; or cause more competition in the industry. The sad part is so many mobile users are getting comfortable using their PayPal/Credit Cards for payments on their smartphones without any thought to the security behind the transactions. In this day with global economic issues still abound its frightening that this is happening.

pieroxy#CB

Your assertion that PIN to PIN is safe seems to be based upon the fact that there has been no report of anyone having broken it. Is there anything else to your point?

I mean, if BlackBerry states that they will serve the content of your PIN2PIN conversations upon being served a warrant, then they must be able to read it, right? So it MUST be not secure.

If anything, your post confirms the fact that no one has any clue and so it might or might not be secure.

Branta

Simple common sense should tell you there can be a gap between what has been proved to be already achieved, and what is possible but with unknown status. It doesn't need a qualification in network security to know that the best hacks remain undetected.

 However there is a big problem for illegal snoopers in a physically distibuted data network. The only place the data can be found reliably is inside RIM's NOC or the core phases of the cellular system. These are not easy to access without legal authority but as others have pointed out, if your government wants your traffic they will turn up with a warrant. If that doesn't work they will hold you in a small windowless room until you give the nice man what he wants.

 

br14

Or at least, it's as secure as any other public messaging protocol.

And doesn't BBM use XMPP over wireless. I guess it's possible PIN messaging might be using XMPP.

All security is relative. Nothing is entirely secure, but the fact is that among publicly available smart phones the BlackBerry wins any security contest hands down which is why the US President is a BlackBerry user.

BES users of course have even higher levels of security.

For the ordinary person sending personal messages to a friend BlackBerry security is good enough.

As for online banking, most banks use the usual SSL over HTTPS to manage their secure connections. So it's at least as secure as your desktop browser.

Check out Mike Laziridis public statements if you're concerned. When he started RIM, the first people he hired were cryptographers. He knew from the outset that only secure data transmission would be acceptable to corporations. The BlackBerry operating system is therefore built on a secure core.

pieroxy#CB

Your safe may be perfectly secure. If the key is on the desk next to it, your security level as a whole is nil. Even though your safe is perfectly secure.

If is the same for cryptography. Triple DES does a great job at that, but if the key is public knowledge, your encryption system is barely more secure than a Base 64 encoding.

sushilover63

Now I'm confused guys, I thought you had to get someones PIN in order to add them to your list of contacts and use the BBM feature, so are these two terms used interchangeably? Also if you use the BBM feature with overseas friends are those messages free ? I know big red charges for overseas Texting but BBM do those fall under a different category?

seo services

what a nice way to promote the product. cracberry idols? hahaha, it made me laugh, peace!

geonap

why is everyone always afraid of the government snooping? have we forgot what the corporations will do to get access to us ?

i'm more afraid of regular people knowing what im saying than the government.

curiousity and conspiracy, it's 2010.. the government is the last thing you need to worry about, really.

although there are always some freaks inside the alphabet boys offices who use and abuse for fun.. it doesn't mean it's the "government."

glnz

I have my blackberry through my company and use it to receive and send my work emails (which also appear on my office Outlook), with my email address being in the format [my name]@[my company].com.

My wife has her own blackberry phone on her personal cell phone contract. If she sends me a PIN to PIN message, can my company read it?

Thanks.

bbpacket

"Another feature that the BES offers is Peer-to-Peer messaging encryption (Peer-to-peer is another name for PIN-to-PIN). This sets a unique encryption key all BlackBerrys in that organization use when sending and recieving PIN-to-PIN messages. This key is not available to RIM so your messages will be private within your closed BES community."

Focusing on the last sentence of quoted paragraph above... If I'm right, wireless distribution of unique encryption key to all BB devices is done through the RIM and GSM operator, so they both can intercept it and use for decryption (if symetric encryption used, of course), don't they?

Note: I'm fresh newbie in the BB environment, so if I'm wrong in my speculations, please don't burn me up! :-)

lop01

But you can encrypt and sign your pin to pin communication with AES 256, this is fully provided on all blackberries.

You should allow the installation of the Blackberry S/MIME support package ( available in every os installation ) , install certificates for you and your buddies and voila you have the encrypt and sign option for the pin to pin messaging using AES 256.

With this you have end to end encryption with your own keys.
The memory cleaning of the blackberry is then always on and will wipe the encrypted messages in memory on the device after 5 minutes by default

If you are fully paranoid you can generate your own certificates and even your own CA certificate with OpenSSL.

if not You can get free certificates from startcom.

some snapshots of an installed blackberry :
http://dl.dropbox.com/u/19915512/encrypt.JPG
http://dl.dropbox.com/u/19915512/s_mime.JPG

BTW it works also with BIS

BB_Loyal

Sorry of this is not quite on topic, (but I tried to read the above and I'm not that technically advanced) ; I had an email sent to me (font colour red)

"From:Default."
'Received using: Peer to Peer"
To "You".
Title of the email is:
"New App - Contact Manager - Helps you easily managing your contact list."
I have a BB 9900 7.1
It did not state my name in the header of the email... I have not forwarded this message yet to my other email address in case it wipes out more detailed header info.
I was just curious as to who may have sent this to me and whether it is harmful to my device and data or not? -
If it were Blackberry writing to me, I would assume that the English grammar would be more professionally written (in the title and body of the message - it reads as if a non native English person has written the message and also uses some slang.)
Crackberry would not allow me to post the link from the email into this post as it thought my message may be spam. - However, I have not clicked on this link via my phone. I was not sure if it was safe or not?

I have not accessed the Blackberry World app for over 6 months and even then didn't download anything so I am confused as to why I have got this message now and who has sent it to me?

(I'm just about to erase all of my data because the phone has been intermittently freezing many time a day. People say they have called me, but the phone didn't ring... (Profile is set to loud and the highest ring volume.)
None of my friend's calls have been recorded on the phone log as being 'Missed' and I've been told that some people have sent me texts but I have not received some...However some other calls and texts have managed to come through...
The email and these other faults/issues may not be connected and may just be a co-incidence.)

Again my apologies if this has been written in the wrong area of your site but I did not know where to post it.
Any suggestions or advice is very much appreciated.
Many thanks! :)