Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canadian Police Have Had BlackBerry's Global Decryption Key Since 2010 (vice.com)

Posted by msmash on from the how-secure-is-BlackBerry? dept.

Justin Ling and Jordan Pearson, reporting for Vice News: A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010. The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators. According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn't disclose exactly where the key -- effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another -- came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record. Motherboard has published another article in which it details how Canadian police intercept and read encrypted BlackBerry messages. "BlackBerry to Canadian court: Please don't reveal the fact that we backdoored our encryption," privacy and security activist Christopher Soghoian wittily summarizes the report. "Canadian gov: If you use Blackberry consumer encryption, you're a "dead chicken".

62 comments

  1. This will be good for the US housing market by mi · · Score: 0, Flamebait

    The US housing prices firmed up after TFA came out, as millions of progressives decided to cancel their plans to move to Canada after all...

    --
    In Soviet Washington the swamp drains you.
    1. Re:This will be good for the US housing market by fustakrakich · · Score: 1

      Well they're not going to take their BlackBerrys with them if they do go. iPhone users are safe though...

      --
      “He’s not deformed, he’s just drunk!”
  2. I thought this was common knowledge? by guruevi · · Score: 4, Insightful

    Back in the day (and one of the many reasons RIM went down the tubes) was because they have global decryption keys for both BES and BIS. It's right there in the specifications and marketing of the Blackberry communications.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:I thought this was common knowledge? by ArmoredDragon · · Score: 1, Troll

      I think the question at this point is either:

      Will Obama finally get a new phone?

      Or

      Will Obama be the good citizen that he wants everybody else to be and forever hold on to a phone that is backdoored?

    2. Re:I thought this was common knowledge? by Carewolf · · Score: 4, Informative

      No, they only had the keys for the consumer parts, which is the same problem all messaging services that doesn't allow you to run your own server has.

      In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.

    3. Re:I thought this was common knowledge? by meet+the+squirrel · · Score: 0, Insightful

      Read between the lines on the articles about the Blackberry. They already replaced the general key with one controlled by his handlers in the NSA.

    4. Re:I thought this was common knowledge? by guruevi · · Score: 2

      Read the spec. BES encryption keys (on your own server) get published to the Blackberry device the first time it connects (when it is by definition unaware of what your BES keys are) encrypted with the Blackberry Global Key. That is if there are no other back doors in the encryption (since the standard is closed source, you never really can be sure). They eventually (this was news about a decade ago) gave in to India and gave their government access to all systems in India, why do you think the US can't do something similar?

      If your government (or anyone else for that matter) has or obtains the Global Key, they could read your server's key when it is pushed to the device given it has traveled through or been recorded by a government-friendly ISP/wireless provider. Given that the keys are created for servers, not per user, they only have to be able to obtain (or trick) 1 push communication to decrypt everything else.

      Given that AT&T stores data at least from the 1980's onwards, it is likely that if a government wanted, they could retroactively obtain the data, decrypt the key and use that for any other data obtained through warrantless searches.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    5. Re:I thought this was common knowledge? by MightyMartian · · Score: 1

      You wouldn't know it if you listened to the BB stock pumpers who frequent many online forums. They're constantly talking about BB's incredible security as opposed to Apple and Android.

      Just one more nail in the coffin.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    6. Re:I thought this was common knowledge? by Anonymous Coward · · Score: 0

      Who cares. Those Republicans did much worse things.

    7. Re:I thought this was common knowledge? by Anonymous Coward · · Score: 0

      That's actually not true at all. This story is about BBM messages which are scrambled, not encrypted.

    8. Re:I thought this was common knowledge? by Anonymous Coward · · Score: 0

      This is factually incorrect. BlackBerry can't see anything on a BES server and doesn't have the key.

      The global key relates to the encryption on free BBM/PIN messages. The encrypted/pay version uses a one-time pad so it's pretty damn secure.

      Also, these messages travel on BlackBerry's private network, not the open Internet, so it's not so trivial to get them even if you have the global key.

    9. Re:I thought this was common knowledge? by unrtst · · Score: 1

      In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.

      Correct me if I'm wrong, but it sounds like this would just limit the scope of the issue. The key would still be a shared key for all your users, right? If so, that's not a fix at all.

    10. Re: I thought this was common knowledge? by Anonymous Coward · · Score: 0

      The server's private key isn't transmitted to device, so that's BS #1. #2, they never gave the key to the Indians, they setup an office to handle legal/warrant requests served on Indian citizens as per Indian law, same as other providers.

      You have an ulterior motive.

    11. Re:I thought this was common knowledge? by Anonymous Coward · · Score: 0

      Yeah, not news. Time to get an iPhone SE! :)

    12. Re:I thought this was common knowledge? by guruevi · · Score: 1

      Read the BlackBerry website (it's linked through the story). All messages, even on the 'enterprise' version are "scrambled", the enterprise version simply uses a different key to "scramble"; in other support documents they point out that "scrambled" does not mean encrypted.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    13. Re: I thought this was common knowledge? by guruevi · · Score: 1

      A) That's not how BES "encryption" works. Even RIM has gotten off the notion of calling it "encryption" and are now calling it "scrambling".
      B) It is well known that not just India but a host of other countries have access to the keys. The Mounties are the least scary police agency in the world.
      C) There was a paper about 10 years ago that explained how to 'crack' the BB "encryption" scheme.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  3. And the Democrat President and Sec of State... by Anonymous Coward · · Score: 0

    used one of those damn things despite orders against using them.

    1. Re: And the Democrat President and Sec of State... by Anonymous Coward · · Score: 0, Funny

      Oh please. Why would someone attack Hillary's BlackBerry when she was attempting to use a desktop OS as a mail server?

    2. Re: And the Democrat President and Sec of State... by Anonymous Coward · · Score: 0, Informative

      I see the rulers of /. Are still conservatives. They endangered the country, but Powell and Rice did more.

    3. Re: And the Democrat President and Sec of State... by Anonymous Coward · · Score: 0

      What the fuck was redundant about that?! His goddamn thing capitalized the "A"! He should turn it off! Damn! What a bunch of assholes around here!

    4. Re: And the Democrat President and Sec of State... by ChunderDownunder · · Score: 1

      The mail server was for personal use only and never intended for general rollout.

      Just wait until she gets to the oval office. HillaryMail will assign a free universal email account to every US citizen

      big_h_47@mail.whitehouse.gov

  4. Big Whoop by wkwilley2 · · Score: 5, Funny

    This effects at most like what.....3 people?

    --
    Have you ever fallen asleep at the keybhanusdiog?
    1. Re:Big Whoop by Anonymous Coward · · Score: 1

      affects, it doesn't bring about people...

    2. Re:Big Whoop by Anonymous Coward · · Score: 0

      Only 2 now. Wanted to get the Priv because my phone is getting too old and I don't like onscreen keyboards.

      I have an iPhone 5s from work but it is a pretty bad experience using one in a business environment ... no notification/reminder LED ... WTF?.
      Simple apps like RSS readers want me to upgrade to "pro" or view this or that add ... it's a fucking RSS reader. Something some write three weeks into CS101.

      What happened to people writing software for them selfs and releasing it while they where at it?
      Did those people ever exist or is the Apple user base too small for "crafted with love programs" to exist?

      Android ... obsolete by the time you come home after purchasing the phone ..... The phone market sucks.

    3. Re:Big Whoop by Anonymous Coward · · Score: 0

      No one writes in Objective C. There are no "crafted" programs on iPhone. I can code in 20 langauges and all the apps I coded for my iPhone/iPad are HTML5 websites with a mobile UI toolkit. /shrug

    4. Re:Big Whoop by Anonymous Coward · · Score: 0

      It affects Alice, Bob, and Carol. Don't dismiss the impact they have.

  5. Are you so simple? by Taco+Cowboy · · Score: 1

    ... Well they're not going to take their BlackBerrys with them if they do go. iPhone users are safe though ...

    No wonder TPTB has such an easy time having total control over you guys

    If you still think that TPTB got the keys to only the Blackberries I have couple of really nice bridges to sell ya!

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Are you so simple? by Anonymous Coward · · Score: 0

      Given that there's no proof of what you're claiming, I'll just say you're full of shit.

    2. Re:Are you so simple? by fustakrakich · · Score: 1

      Forgot the smiley... Sorry

      --
      “He’s not deformed, he’s just drunk!”
    3. Re: Are you so simple? by therealkevinkretz · · Score: 1

      So you think it's a stretch to assume that if BB would share the key with the Canadian Feds for a murder case, they would also do so for the US Feds for terrorism/the children/WOD/Snowden/etc/etc/etc? Please

  6. And this is why I don't own a Blackberry by Anonymous Coward · · Score: 0

    I was in the market for a Blackberry Passport. Exactly what someone like me who does a lot of business forums/tickets/email needs (tactical buttons ftw.)
    But their privacy/security snafus have removed them completely from my list. I use a dumbphone. I can't wait for RIM to go bankrupt. They deserve it for shooting themselves in the foot so many times.

    1. Re:And this is why I don't own a Blackberry by nazsco · · Score: 1

      just buy the Priv.

      despite the name, ignore all the "privacy" stuff, and just use regular android that it ships with.

      it is as bad as any android phablet from samsung or google, but has a physical keyboard with a touchpad sensor on each key! (so i hope eventually we get Swype-style input overthe physical keyboard)

      of course, for now, since it is a shitty as any current smart phone, sometimes the virtual keyboard eats up the screen even with the hardware one open...

  7. Re: And the Democrat President and Sec of State.. by Anonymous Coward · · Score: 0

    Despite your Republican attacks, you still have nothing on her.

  8. This is about... by mlauzon · · Score: 1

    BBOS, and not Android which is what RIM -- yes I still call them that -- uses now!

    --
    Michael
    http://s1.sfgame.us/index.php?rec=58163
    1. Re:This is about... by Anonymous Coward · · Score: 0

      No, it's about BBM, a cross platform messaging app available on BB, Android, and iOS.

  9. Down with RCMP by Anonymous Coward · · Score: 0

    Somebody has to say it "Dudley Do Wrong"

  10. Re: That's because BlackBerry is for LUDDITES! by Anonymous Coward · · Score: 0

    Apparently the consensus is: yours are too

  11. Sharing is Caring by Anonymous Coward · · Score: 0

    Also Key to note that canada has an open intelligence sharing relationship with the UK, AUS, NZ,US which means everyone had access to Blackberry messages too!

  12. Long rumoured by Anonymous Coward · · Score: 0

    Plenty of abject ignorance in the comments on this article. Members of Echelon have had the keys to the BB system since at least late 2009 which means it is likely most alphabet agencies in the echelon countries have had access in a similar time frame. Oh an I am absolutely positively certain that nobody in Echelon has access to encrypted data on the latest iPhones so feel free and clear using that as your communications hardware. After all, didn't the US government just tell everyone how safe their iPhones are?

  13. But does it work on iPhones? by Anonymous Coward · · Score: 0

    That's the only real thing that matters ;)

  14. Re: And the Democrat President and Sec of State. by Anonymous Coward · · Score: 0

    The FBI does however.

  15. Reminds Me of the Song... by Mikkeles · · Score: 1

    "By By Blackberry"

    --
    Great minds think alike; fools seldom differ.
  16. POTUS Device by Anonymous Coward · · Score: 0

    What about Obama's Blackberry?

  17. Summary and story have it wrong by acoustix · · Score: 1

    The story specifically talks about PIN to PIN messaging using BBM. That is one SERVICE, not an entire DEVICE. So, they're able to decrypt a consumer communication, but nothing on the actual device or any other communications that BES is responsible for.

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson
  18. Schadenfreude by Anonymous Coward · · Score: 0

    Were they obligated by law to backdoor their encryption? Or did they take this upon themselves? I have never been so pleased by a company's demise. And serve Canada right for thinking it can both abuse customers and get their business. Let this be a lesson to the US.

  19. 2010? Thats before BB10 was released by ControlsGeek · · Score: 1

    This story is talking about BB7 Operating system from back in the day before the current BB10 OS was released and is specifically talking about Pin to Pin communications on Blackberry Messenger for non BES (Blackberry Enterprise Server) corporate customers.

  20. Re:2010? Thats before BB10 was released by Anonymous Coward · · Score: 0

    This story is talking about BB7 Operating system from back in the day before the current BB10 OS was released and is specifically talking about Pin to Pin communications on Blackberry Messenger for non BES (Blackberry Enterprise Server) corporate customers.

    I wouldn't care if it affected everything on BlackBerry 10 too because it's the only usable phone that is currently for sale.
    My android is a bag of crap and trying to get stuff done on the iphone, well you may as well just slam your face into the screen repeatedly.
    If my BlackBerry dies I'm going to buy a cheap pay as you go flip phone. It's amazing how with every technology, the shittiest versions are always what becomes popular.

  21. Re: That's because BlackBerry is for LUDDITES! by Anonymous Coward · · Score: 0

    And yours. It's stupid all the way down...

  22. This is not an issue by Anonymous Coward · · Score: 0

    ... because the landfill has had my BlackBerry since long before 2010