In a BlackBerry, PIN-to-PIN messaging uses Triple Data Encryption Standard (Triple DES). It is relatively more secure than regular unencrypted e-mail. – File photo
In a BlackBerry, PIN-to-PIN messaging uses Triple Data Encryption Standard (Triple DES). It is relatively more secure than regular unencrypted e-mail. – File photo

A little disclaimer to pacify the wrath (that I may face) of BlackBerry lovers: The idea behind this article is not to denounce or to find faults with the BlackBerry OS. If anything, I believe it to be one of the most secure mobile operating systems in the world. Instead, it is an effort to talk about how the integrity of communications originating from a BlackBerry device can be compromised. The ‘memo’ crisis in the country (hint: an ambassador, a businessman, and the media) makes the argument more interesting, as a claim is being made that BBM (BlackBerry Messenger) messages might be forged or spoofed, while the authorship of those text messages is yet to be confirmed.

Well, let’s not get carried away and just start off with the basics. In a BlackBerry, PIN-to-PIN messaging uses Triple Data Encryption Standard (Triple DES). It is relatively more secure than regular unencrypted e-mail, because the messages are not exactly travelling over the internet; rather, they are routed via the path described below:

  • A BBM PIN-to-PIN message sent by a user is sent to the cellular service provider’s network.
  • The cellular service provider then forwards the message to the Research in Motion (RIM) relay station in Canada.
  • The RIM relay station then relays the message to the receiving BlackBerry’s cellular service provider.
  • The (receiving) cellular service provider then transmits the message to the intended recipient.
The Achilles’ heel of BBM is that while PIN-to-PIN messages are encrypted using Triple DES, RIM adds a global cryptographic “key”, which is shared between every BlackBerry device manufactured. This automatically allows a situation (in theory, at least) where, if the messages can be intercepted at the cellular service provider’s network and the hacker party manages to spoof the intended recipient’s PIN, any BlackBerry device can be used to decrypt all PIN-to-PIN messages sent by any other BlackBerry device.While this has never happened as yet, or at least has not been brought to our attention, the scenario lies entirely within the realm of possibility.

The same key, used by all BlackBerry devices to be able to decrypt PIN-to-PIN messages, can be used by RIM at their relay station to decrypt any user’s messages. Again, this is not to suggest that RIM is in the business of reading their users’ content. However, if legally put to the task, RIM can provide decrypted PIN-to-PIN messages in clear-text to law enforcement authorities.

In addition to the above mentioned methods, commercial software is available in the market that can be:

  • deployed on your BlackBerry device by a non-authorised user or
  • remotely deployed by either state agencies or the network service provider on their behalf.
These software essentially act as key loggers on your BlackBerry, copying and transmitting all sorts of information that you view and have access to your smartphone. Furthermore, a BBM’s data can only be removed by carefully going through the list of applications/services installed on the device or by hard-resetting it.

If, as a business, you choose to keep the message exchange between you and your employees secure, you will need to install a BlackBerry Enterprise Server (BES) at your premises. That is the only way to enhance the security of the message before it leaves your BlackBerry handheld. While it is also possible to deploy Pretty Good Privacy (PGP) encryption on the BlackBerry, it exceeds the scope of this article.

However, it should be understood that if you are not using BES, you should not consider PIN-to-PIN messages as ‘secure’ and/or encrypted. The messages are only scrambled to the point where a normal third party cannot view them.

Now, coming down to the argument being presented in the current political fiasco, it’s understood that privacy advocates will come down hard on RIM to keep it from invading the privacy of the involved users. At the same time, we should also consider the Britain’s Regulation of Investigatory Powers Act, which carries stringent provisions for protecting user rights, and makes it nearly impossible, without long court battles, to get hold of the data.

Additionally, many people argue that it is entirely possible that BB chat exchanges can be created, distorted or even modified. This, while possible, remains a highly unlikely eventuality, as this would require alteration of data on the cellular service provider’s network, before being fed into the RIM relay station. As for this Memogate scandal, the Pakistani diplomat was staying in the US back then, therefore it would automatically imply a foreign government’s involvement.

If we take a closer look at events in the past, then this might not be the first time that demand for access to exclusive data has been put forward. RIM’s encrypted communications have caused grievances to oppressive regimes in the Middle East as well. Several countries of the region threatened to ban BlackBerry services altogether if RIM didn’t give them access to BB chat exchanges, primarily for “counter-terrorism purposes”. RIM did eventually agree to provide access – and that is probably what will happen in Pakistan’s case as well.

Abdullah Saad is the co-founder of Wccftech.com and is a freelance writer. He wrote this article for the February 2012 edition of Spider Magazine.

Opinion

Editorial

Judiciary’s SOS
Updated 28 Mar, 2024

Judiciary’s SOS

The ball is now in CJP Isa’s court, and he will feel pressure to take action.
Data protection
28 Mar, 2024

Data protection

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent ...
Selling humans
28 Mar, 2024

Selling humans

HUMAN traders feed off economic distress; they peddle promises of a better life to the impoverished who, mired in...
New terror wave
Updated 27 Mar, 2024

New terror wave

The time has come for decisive government action against militancy.
Development costs
27 Mar, 2024

Development costs

A HEFTY escalation of 30pc in the cost of ongoing federal development schemes is one of the many decisions where the...
Aitchison controversy
Updated 27 Mar, 2024

Aitchison controversy

It is hoped that higher authorities realise that politics and nepotism have no place in schools.