Griffin Boyce: > Jacob Appelbaum <ja...@appelbaum.net> wrote: > >> When people ask how secure BBIM is - I suppose we can now cite RIM's >> official documentation on the topic - without a BES server, it's >> encrypted with a key that is embedded in all handsets. >> > > This was critical in the London Riots case back in 2011. As most people > on this list know, building in the ability to decrypt *some* users means > that they can decrypt *all* users. Which is basically what happened [1]. > > Surely someone has already extracted this Triple DES 168-bit key, right? > > > Yep, though you may not even need it if you use another Blackberry device > (and not, say, a laptop). A Blackberry device can spoof the PIN of another > and read all of its messages. It's been a bit of a controversial topic for > a few years now, as you might imagine. > > BBM is perhaps *slightly* more secure than plain email or SMS, but users > aren't protected in case of government interest or vindictive exes.
This document outlines the entire problem very well: http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html What an embarrassing joke. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
