http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security
By Vito Pilieci
ottawacitizen.com
June 12, 2014
BlackBerry Ltd. has long held that its BlackBerry devices are among the
most secure in the world, but it turns out the platform isn’t as
bulletproof as many had been led to believe.
On Thursday, Royal Canadian Mounted Police revealed the results of Project
Clemenza, which it began in 2010. During the course of its investigation,
the federal police force says, it intercepted more than a million private
messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to
identify suspects in a series of violent crimes that included arson,
forcible confinement and drug trafficking.
Personal Identification Number (PIN)-to-PIN messages are not the company’s
popular BlackBerry Messenger service (BBM,) which the company still
contends is ironclad when it comes to keeping messages secure. PIN-to-PIN
allows BlackBerry users to send email directly to one another, keeping it
from going out into the Internet where it could be spied on by prying
eyes.
PIN-to-PIN messages are encrypted with what is known as Triple Data
Encryption Standard (DES) encryption technology, which is among the best
in the world. However, BlackBerry devices use what is known as a global
cryptographic key to decode all of the messages sent to its devices. By
faking, or “spoofing”, the PIN of the receiving BlackBerry device and
utilizing the global cryptographic key, all messages sent to that device
can be viewed by an eavesdropper.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
