PIN Message Flow

** 18 Jun 2010 Update: We posted this article a few days ago (for a few minutes it was live) but we took it down temporarily after some comments were added by community members questioning it. We wanted to double check and follow up with the supporting data; after some additional research we have verified the information in this post is correct. If you have any questions on it, leave it in the comments and we'll do our best to address them. **

If I had a nickel every time I've been asked the question "Is PIN-to-PIN secure?" then I could quit my day job and write for CrackBerry full time. In my day job this has come up constantly from all types of BlackBerry users. It's a very good question... it seems secure, doesn't it?

The simple answer to this question is YES & NO. PIN-to-PIN is encrypted using Triple Data Encryption Standard (Triple DES). PIN-to-PIN security is very controversial topic. For sure, it's far more secure than regular email because the "internet tubes" are not part of the message path the way they would be in an email message. In the case of PIN-to-PIN the message flow looks like this:

  • Sending BlackBerry Handheld to Wireless Network
  • Wireless Network to RIM Relay
  • RIM Relay to Receiving BlackBerry's Wireless Network
  • Wireless Network to Receiving BlackBerry Handheld

What's interesting is that BlackBerry Messenger works the PIN protocol and nobody's ever asked if that was secure.

So as you see, the message only travels between the BlackBerry handheld to wireless carrier and RIM relay; so in that respect it is way more secure than regular old unencrypted email. Now, if you are involved in err...  activities that government agencies may be interested in you need to listen up. Be aware that for the data that flows to and from your device via PIN messaging, if served with a warrant RIM will provide the plain text of your PIN messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air.

To be clear on regarding PIN spoofing, it has never happened to date. This is a worst case scenario and though it is not likely to ever happen, it is worth noting that the vague possibility does exist. As for the security of PIN encryption as mentioned in the previous paragraph all BlackBerry devices use the exact same key to decrypt these PIN-to-PIN messages. This key is created by RIM and used on all BlackBerry's so it stands to reason that RIM can decrypt these messages at the NOC/Relay. Again to be clear, RIM is not reading your PIN messages out of boredom. But in the situation when a warrant from a law enforcement agency presents itself they could. 

If there is a business you are involved with and want to communicate freely with your business associates, you need a BES (BlackBerry Enterprise Server - see this article for basics on what a BES is). That is the only way to encrypt the message before it leaves your BlackBerry handheld. A side note, it is possible to deploy PGP encryption on the BlackBerry, but that is a whole different discussion I'm not getting into today.

Another feature that the BES offers is Peer-to-Peer messaging encryption (Peer-to-peer is another name for PIN-to-PIN). This sets a unique encryption key all BlackBerrys in that organization use when sending and recieving PIN-to-PIN messages. This key is not available to RIM so your messages will be private within your closed BES community.

Another thing to note for those of you out there working for "the man" and you're on a BES, the BES admin can enable PIN logging. That would mean that all your PIN messages are tracked and saved in the BES logs, in plain text. This was an enhancement of BES 4.1 which allows the BES admin to log all incoming and outgoing: phone calls, SMS & PIN. By default this option is always off on the BES and is not normally deployed as the log files get massive quite fast if the organization is of large size. Financial and legal firms generally do enable this feature for regulatory reasons.

In the pre-BES 4.1 days it was not possible to track these messages on the BES. There was one case back in the day at large Canadian financial institution in Toronto where two portfolio managers bolted in the middle of the night and took a bunch of clients with them. All of their communications were done VIA PIN messages. The company was able to retrieve all the back and forth PIN messages simply because one of the traders was just plain stupid. He had a automatic daily backup of his BlackBerry handheld enabled on desktop manager and even though he did a handheld wipe on the BlackBerry device before he left, they simply connected the BlackBerry back to his computer and restored from the previous day's backup. Like I said, stupid.

Bottom line, if you're not on a BES treat your BlackBerry like it is Facebook and assume nothing is private. If you are on a BES and send and receive email within your company it is secure, all other communications can be seen by others.

Conclusion, PIN-to-PIN messages are scrambled, not encrypted.

For source reference visit: