Canadian Police Have Had BlackBerry's Global Decryption Key Since 2010 (vice.com)

← Back to Stories (view on slashdot.org)

Canadian Police Have Had BlackBerry's Global Decryption Key Since 2010 (vice.com)

Posted by msmash on Thursday April 14, 2016 @04:40AM from the how-secure-is-BlackBerry? dept.

Justin Ling and Jordan Pearson, reporting for Vice News: A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010. The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators. According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn't disclose exactly where the key -- effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another -- came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record. Motherboard has published another article in which it details how Canadian police intercept and read encrypted BlackBerry messages. "BlackBerry to Canadian court: Please don't reveal the fact that we backdoored our encryption," privacy and security activist Christopher Soghoian wittily summarizes the report. "Canadian gov: If you use Blackberry consumer encryption, you're a "dead chicken".

20 of 62 comments (clear)

Min score:

Reason:

Sort:

I thought this was common knowledge? by guruevi · 2016-04-14 04:44 · Score: 4, Insightful

Back in the day (and one of the many reasons RIM went down the tubes) was because they have global decryption keys for both BES and BIS. It's right there in the specifications and marketing of the Blackberry communications.

--
Custom electronics and digital signage for your business: www.evcircuits.com
1. Re:I thought this was common knowledge? by ArmoredDragon · 2016-04-14 04:46 · Score: 1, Troll
  
  I think the question at this point is either:
  Will Obama finally get a new phone?
  Or
  Will Obama be the good citizen that he wants everybody else to be and forever hold on to a phone that is backdoored?
2. Re:I thought this was common knowledge? by Carewolf · 2016-04-14 04:50 · Score: 4, Informative
  
  No, they only had the keys for the consumer parts, which is the same problem all messaging services that doesn't allow you to run your own server has.
  In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.
3. Re:I thought this was common knowledge? by guruevi · 2016-04-14 05:02 · Score: 2
  
  Read the spec. BES encryption keys (on your own server) get published to the Blackberry device the first time it connects (when it is by definition unaware of what your BES keys are) encrypted with the Blackberry Global Key. That is if there are no other back doors in the encryption (since the standard is closed source, you never really can be sure). They eventually (this was news about a decade ago) gave in to India and gave their government access to all systems in India, why do you think the US can't do something similar?
  If your government (or anyone else for that matter) has or obtains the Global Key, they could read your server's key when it is pushed to the device given it has traveled through or been recorded by a government-friendly ISP/wireless provider. Given that the keys are created for servers, not per user, they only have to be able to obtain (or trick) 1 push communication to decrypt everything else.
  Given that AT&T stores data at least from the 1980's onwards, it is likely that if a government wanted, they could retroactively obtain the data, decrypt the key and use that for any other data obtained through warrantless searches.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
4. Re:I thought this was common knowledge? by MightyMartian · 2016-04-14 05:07 · Score: 1
  
  You wouldn't know it if you listened to the BB stock pumpers who frequent many online forums. They're constantly talking about BB's incredible security as opposed to Apple and Android.
  Just one more nail in the coffin.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
5. Re:I thought this was common knowledge? by unrtst · 2016-04-14 05:48 · Score: 1
  
  In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.
  Correct me if I'm wrong, but it sounds like this would just limit the scope of the issue. The key would still be a shared key for all your users, right? If so, that's not a fix at all.
6. Re:I thought this was common knowledge? by guruevi · 2016-04-14 12:44 · Score: 1
  
  Read the BlackBerry website (it's linked through the story). All messages, even on the 'enterprise' version are "scrambled", the enterprise version simply uses a different key to "scramble"; in other support documents they point out that "scrambled" does not mean encrypted.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
7. Re: I thought this was common knowledge? by guruevi · 2016-04-14 12:58 · Score: 1
  
  A) That's not how BES "encryption" works. Even RIM has gotten off the notion of calling it "encryption" and are now calling it "scrambling".
  B) It is well known that not just India but a host of other countries have access to the keys. The Mounties are the least scary police agency in the world.
  C) There was a paper about 10 years ago that explained how to 'crack' the BB "encryption" scheme.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
Re:This will be good for the US housing market by fustakrakich · 2016-04-14 04:52 · Score: 1

Well they're not going to take their BlackBerrys with them if they do go. iPhone users are safe though...

--
“He’s not deformed, he’s just drunk!”
Big Whoop by wkwilley2 · 2016-04-14 05:03 · Score: 5, Funny

This effects at most like what.....3 people?

--
Have you ever fallen asleep at the keybhanusdiog?
1. Re:Big Whoop by Anonymous Coward · 2016-04-14 05:37 · Score: 1
  
  affects, it doesn't bring about people...
Are you so simple? by Taco+Cowboy · 2016-04-14 05:17 · Score: 1

... Well they're not going to take their BlackBerrys with them if they do go. iPhone users are safe though ...

No wonder TPTB has such an easy time having total control over you guys
If you still think that TPTB got the keys to only the Blackberries I have couple of really nice bridges to sell ya!

--
Muchas Gracias, Señor Edward Snowden !
1. Re:Are you so simple? by fustakrakich · 2016-04-14 06:09 · Score: 1
  
  Forgot the smiley... Sorry
  
  --
  “He’s not deformed, he’s just drunk!”
2. Re: Are you so simple? by therealkevinkretz · 2016-04-14 21:13 · Score: 1
  
  So you think it's a stretch to assume that if BB would share the key with the Canadian Feds for a murder case, they would also do so for the US Feds for terrorism/the children/WOD/Snowden/etc/etc/etc? Please
This is about... by mlauzon · 2016-04-14 05:26 · Score: 1

BBOS, and not Android which is what RIM -- yes I still call them that -- uses now!

--
Michael
http://s1.sfgame.us/index.php?rec=58163
Reminds Me of the Song... by Mikkeles · 2016-04-14 09:17 · Score: 1

"By By Blackberry"

--
Great minds think alike; fools seldom differ.
Summary and story have it wrong by acoustix · 2016-04-14 10:11 · Score: 1

The story specifically talks about PIN to PIN messaging using BBM. That is one SERVICE, not an entire DEVICE. So, they're able to decrypt a consumer communication, but nothing on the actual device or any other communications that BES is responsible for.

--
"A plan fiendishly clever in its intricacies"- Homer Simpson
Re: And the Democrat President and Sec of State... by ChunderDownunder · 2016-04-14 10:27 · Score: 1

The mail server was for personal use only and never intended for general rollout.
Just wait until she gets to the oval office. HillaryMail will assign a free universal email account to every US citizen
big_h_47@mail.whitehouse.gov
Re:And this is why I don't own a Blackberry by nazsco · 2016-04-14 12:49 · Score: 1

just buy the Priv.
despite the name, ignore all the "privacy" stuff, and just use regular android that it ships with.
it is as bad as any android phablet from samsung or google, but has a physical keyboard with a touchpad sensor on each key! (so i hope eventually we get Swype-style input overthe physical keyboard)
of course, for now, since it is a shitty as any current smart phone, sometimes the virtual keyboard eats up the screen even with the hardware one open...
2010? Thats before BB10 was released by ControlsGeek · 2016-04-14 15:44 · Score: 1

This story is talking about BB7 Operating system from back in the day before the current BB10 OS was released and is specifically talking about Pin to Pin communications on Blackberry Messenger for non BES (Blackberry Enterprise Server) corporate customers.