Latest in Gear

Image credit:

Canadian police used BlackBerry's key to unlock BBM messages

New report claims over 1 million messages were decrypted over two years.
Chris Velazco, @chrisvelazco
April 14, 2016
Share
Tweet
Share

Sponsored Links

BlackBerry's big selling point is its stance on mobile security, but a report from Vice and Motherboard reveals at least one national police force were able to bypass that security. A cache of documents revealed that Canada's Royal Canadian Mounted Police had the ability to intercept and crack encrypted messages sent through BlackBerry's BBM service. The RCMP's findings in an operation called Project Clemenza led to seven men confessing their roles in a murder conspiracy, but over 1 million messages were captured and unlocked by a server in Ottawa along the way.

The only people immune to that sort of potential snooping were those with BlackBerrys connected to an enterprise server. Corporate BlackBerry servers generate their own encryption keys, but devices that don't use those servers -- that is, all personal BlackBerrys -- rely on an identical peer-to-peer encryption key loaded onto the phone when built. Somewhere along the way, the RCMP obtained that key and used it to unlock BBM messages in transit. And as you might have guessed, the juiciest questions this report raises don't have satisfying answers.

How did the RCMP obtain that global key? No one is sure, though court documents obtained by Vice and Motherboard suggest BlackBerry has a some sort of working relationship with Canada's federal police, at least when it came to intercepting BBM messages. In light of the FBI's recent privacy dust-up with Apple, it's possible the RCMP somehow obtained it with the help of a third party.

Still, the simplest, most logical answer is that BlackBerry gave Canadian authorities the access they wanted. The company, after all, counts multiple national governments among its customers. In fact, while the events of Project Clemenza were unfolding, the Indian government insisted that BlackBerry give officials a lawful way to monitor some of the company's network data in the country. BlackBerry eventually relented, though the access given was limited to email and web traffic and the read-status of BBM messages.

Perhaps more important is whether or not the RCMP still has the key. Unless BlackBerry changed the key at the close of Project Clemenza -- a process Motherboard points out would require handset updates on a massive scale -- the RCMP likely still has the ability to decrypt BBM messages. We've reached out to BlackBerry for its side of the story and the company declined to comment. (We'll update this article if they talk, but you shouldn't hold your breath.)

In this article: bbm, blackberry, canada, encryption, gear, rcmp, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Amazon’s free news app on Fire TV now features local stations

Amazon’s free news app on Fire TV now features local stations

View
Voyager probes detect a new form of cosmic ray burst from the Sun

Voyager probes detect a new form of cosmic ray burst from the Sun

View
Razer reveals Hammerhead Pro earbuds with ANC and THX audio

Razer reveals Hammerhead Pro earbuds with ANC and THX audio

View
The first phone with an under-display camera goes on sale December 21st

The first phone with an under-display camera goes on sale December 21st

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr