Latest in Gear

Image credit:

Canadian police used BlackBerry's key to unlock BBM messages

New report claims over 1 million messages were decrypted over two years.
27 Shares
Share
Tweet
Share
Save

Sponsored Links

BlackBerry's big selling point is its stance on mobile security, but a report from Vice and Motherboard reveals at least one national police force were able to bypass that security. A cache of documents revealed that Canada's Royal Canadian Mounted Police had the ability to intercept and crack encrypted messages sent through BlackBerry's BBM service. The RCMP's findings in an operation called Project Clemenza led to seven men confessing their roles in a murder conspiracy, but over 1 million messages were captured and unlocked by a server in Ottawa along the way.

The only people immune to that sort of potential snooping were those with BlackBerrys connected to an enterprise server. Corporate BlackBerry servers generate their own encryption keys, but devices that don't use those servers -- that is, all personal BlackBerrys -- rely on an identical peer-to-peer encryption key loaded onto the phone when built. Somewhere along the way, the RCMP obtained that key and used it to unlock BBM messages in transit. And as you might have guessed, the juiciest questions this report raises don't have satisfying answers.

How did the RCMP obtain that global key? No one is sure, though court documents obtained by Vice and Motherboard suggest BlackBerry has a some sort of working relationship with Canada's federal police, at least when it came to intercepting BBM messages. In light of the FBI's recent privacy dust-up with Apple, it's possible the RCMP somehow obtained it with the help of a third party.

Still, the simplest, most logical answer is that BlackBerry gave Canadian authorities the access they wanted. The company, after all, counts multiple national governments among its customers. In fact, while the events of Project Clemenza were unfolding, the Indian government insisted that BlackBerry give officials a lawful way to monitor some of the company's network data in the country. BlackBerry eventually relented, though the access given was limited to email and web traffic and the read-status of BBM messages.

Perhaps more important is whether or not the RCMP still has the key. Unless BlackBerry changed the key at the close of Project Clemenza -- a process Motherboard points out would require handset updates on a massive scale -- the RCMP likely still has the ability to decrypt BBM messages. We've reached out to BlackBerry for its side of the story and the company declined to comment. (We'll update this article if they talk, but you shouldn't hold your breath.)

Source: Vice, Motherboard
In this article: bbm, blackberry, canada, encryption, gear, rcmp, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
27 Shares
Share
Tweet
Share
Save

Popular on Engadget

'Red Dead Redemption 2' photo and story modes come to PS4

'Red Dead Redemption 2' photo and story modes come to PS4

View
TiVo's iPhone app finally streams shows using cellular data

TiVo's iPhone app finally streams shows using cellular data

View
'Fortnite' adds lightsabers following Star Wars event

'Fortnite' adds lightsabers following Star Wars event

View
A 'Snow Crash' TV series is coming to HBO Max

A 'Snow Crash' TV series is coming to HBO Max

View
New Orleans declares state of emergency following cyberattack

New Orleans declares state of emergency following cyberattack

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr