Latest in Gear

Image credit:

Canadian police used BlackBerry's key to unlock BBM messages

New report claims over 1 million messages were decrypted over two years.
27 Shares
Share
Tweet
Share
Save

Sponsored Links

BlackBerry's big selling point is its stance on mobile security, but a report from Vice and Motherboard reveals at least one national police force were able to bypass that security. A cache of documents revealed that Canada's Royal Canadian Mounted Police had the ability to intercept and crack encrypted messages sent through BlackBerry's BBM service. The RCMP's findings in an operation called Project Clemenza led to seven men confessing their roles in a murder conspiracy, but over 1 million messages were captured and unlocked by a server in Ottawa along the way.

The only people immune to that sort of potential snooping were those with BlackBerrys connected to an enterprise server. Corporate BlackBerry servers generate their own encryption keys, but devices that don't use those servers -- that is, all personal BlackBerrys -- rely on an identical peer-to-peer encryption key loaded onto the phone when built. Somewhere along the way, the RCMP obtained that key and used it to unlock BBM messages in transit. And as you might have guessed, the juiciest questions this report raises don't have satisfying answers.

How did the RCMP obtain that global key? No one is sure, though court documents obtained by Vice and Motherboard suggest BlackBerry has a some sort of working relationship with Canada's federal police, at least when it came to intercepting BBM messages. In light of the FBI's recent privacy dust-up with Apple, it's possible the RCMP somehow obtained it with the help of a third party.

Still, the simplest, most logical answer is that BlackBerry gave Canadian authorities the access they wanted. The company, after all, counts multiple national governments among its customers. In fact, while the events of Project Clemenza were unfolding, the Indian government insisted that BlackBerry give officials a lawful way to monitor some of the company's network data in the country. BlackBerry eventually relented, though the access given was limited to email and web traffic and the read-status of BBM messages.

Perhaps more important is whether or not the RCMP still has the key. Unless BlackBerry changed the key at the close of Project Clemenza -- a process Motherboard points out would require handset updates on a massive scale -- the RCMP likely still has the ability to decrypt BBM messages. We've reached out to BlackBerry for its side of the story and the company declined to comment. (We'll update this article if they talk, but you shouldn't hold your breath.)

Source: Vice, Motherboard
In this article: bbm, blackberry, canada, encryption, gear, rcmp, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
27 Shares
Share
Tweet
Share
Save

Popular on Engadget

US will reportedly give Huawei another temporary reprieve

US will reportedly give Huawei another temporary reprieve

View
Beto O'Rourke wants to hold internet companies liable for hate speech

Beto O'Rourke wants to hold internet companies liable for hate speech

View
The next Apple Watch may come in titanium and ceramic models

The next Apple Watch may come in titanium and ceramic models

View
Behind the wheel of VW’s electric dune buggy prototype

Behind the wheel of VW’s electric dune buggy prototype

View
The Morning After: The struggles of Formula 1's underdogs

The Morning After: The struggles of Formula 1's underdogs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr