Saturday, November 22, 2014

Arrests show that even messages between BlackBerrys can be intercepted

TORONTO — Touted as one of the most secure ways to communicate, BlackBerry smartphones have been put in the spotlight after several police investigations said they were able to track criminals who used the device’s encrypted technology.
The latest case was revealed Thursday after Quebec police and RCMP officers said that more than one million instant messages sent through BlackBerrys helped gather evidence on two alleged organized crime groups.

This isn’t the first time police have said the supposedly uncrackable BlackBerry technology helped them capture an alleged crime ring, and it raises questions about whether BlackBerry messages are truly as secure as the company claims.
“It’s a problem in the way that BlackBerry has marketed some of its services to the consumer market,” said Christopher Parsons, a fellow at the University of Toronto’s Citizen Lab, which specializes on how privacy is affected by digital surveillance.
“It’s a very difficult security posture and probably one that most users ... don’t fully understand.”
Parsons said many BlackBerry owners assume incorrectly that their smartphones meet the same standards as BlackBerrys used by major corporations and the U.S. government, even though they’re not operating on the same high-level security servers that have come to define the company’s advantage over its competitors.
The RCMP said Thursday that 33 people were rounded up in Montreal, Quebec City, Laval and Gatineau, after investigators used a technique to intercept more than one million private PIN to PIN messages.
The company has traditionally encouraged its users to consider PIN to PIN messages as “scrambled” rather than “encrypted.”
The RCMP would not say whether BlackBerry co-operated in the case and representatives for BlackBerry said they were unable to address “an ongoing police investigation.”
On BlackBerry’s website the company states that it will access personal information of its users in some cases, including in response to court orders, warrants and “other lawful requests or legal processes.”
Last year, a task force in Los Angeles intercepted BBM instant messages that helped uncover an organization that allegedly distributed cocaine across the U.S. and in Europe, according to a report in the Los Angeles Times.
In 2011, BlackBerry said it would co-operate with a police investigation into how BBM was used by some protestors to organize the London riots, saying that it co operates with authorities and complies with U.K. legislation.
Independent technology analyst Carmi Levy said in many of these cases it shouldn’t come as a surprise that data was intercepted.
“Law enforcement simply got a warrant and then obtained the keys to view encrypted traffic and then proceeded with their case,” Levy said.
“This does not call the fundamental security of PIN messaging into question. They were handed the keys to the front door. For anyone who thinks this exhibits a vulnerability in BlackBerry’s core technology, this is not the case.”
BlackBerry plans to launch a more advanced security service called BBM Protected for its business customers this summer.
The company describes the technology as “a way for enterprise employees to speak safely and securely both inside and outside of the workplace” with an “unprecedented level of end-to-end security.”
BlackBerry will also charge a premium price for its customers to use the service.
Follow (at)dj—friend on Twitter

More stories