Thursday, April 4, 2013

CNET "Apple's iMessage encryption trips up feds' surveillance"

They cite a blog post from last August by Matthew Green

I follow Green's blog and can recommend it to anyone that is seriously interested in cryptography and/or data privacy.

Blackberry's BBM (Blackberry Messenger) has long been secure as well, though I believe in recent years government pressure has forced some changes in that.

For more on BBM see

For general info on Blackberry security see

Note there are differences between BES (Enterprise Blackberry) and BIS (Consumer Blackberry), but (AFAIK) in general that doesn't matter for BBM.

According to it seems that BBM on BIS lacks higher level security options just like email:

"“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” Public Safety Canada official stated in the memo. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”"

"It should be noted that Public Safety Canada has failed to take into account the fact that organizations have the ability to change the encryption key to a unique one, ensuring that only BlackBerry devices using the same BES network can communicate with each other. There are also several ways to encode BBM messages such as S/MIME, which adds another layer of security."

No comments:

Post a Comment