BlackBerry's Global Encryption Key

Last week, there was a big news story about the BlackBerry encryption key. The news was that all BlackBerry devices share a global encryption key, and that the Canadian RCMP has a copy of it. Stupid design, certainly, but it's not news. As the Register points out, this has been repeatedly reported on since 2010.

And note that this only holds for individual users. If your organization uses a BlackBerry Enterprise Server (BES), you have your own unique key.

Posted on April 25, 2016 at 5:54 AM • 30 Comments

Comments

JohntheosApril 25, 2016 6:42 AM

Is the BES key used for all traffic encryption? If so can it not be brute forced?

zApril 25, 2016 7:09 AM

Obama and Hillary Clinton have famously used their own personal Blackberry devices. If they were not using BES, that would make things interesting.

QApril 25, 2016 7:28 AM

@z

Blackberry do offer their BBM Protected* service which they say offers Enterprise grade encryption for BBM messages between iPhone, Android and BlackBerry smartphones.

I've not read their whitepaper but apparently it provides the same 'security' as their BES. Maybe Obama and Clinton were using this? It seems that both sender and recipient would need to purchase a subscription to BBM Protected.

It costs $29.99 and can be purchased directly from Blackberry** although with all the revelations I've heard about the company and their CEO's hideous stance on privacy I wouldn't trust them with my data.

Or maybe they were using customized Blackberry's such as those sold by Ennetcom***?

*http://us.blackberry.com/enterprise/products/bbm-protected.html

**https://store.blackberry.com/direct/Product-Catalogue/BBM-Protected-Annual-Subscription/p/SPA-60299-001

***http://www.theregister.co.uk/2016/04/21/dutch_encrypted_comms_network_busted/

Sami LiedesApril 25, 2016 7:43 AM

So if I understand correctly, this is a symmetric 3DES key. Is the key hard to extract from the device, or why do the articles talk about "Blackberry providing authorities with the key"? Why cannot you just extract the key from your device or alternatively use a Blackberry to decrypt without extracting the key?

ThothApril 25, 2016 8:19 AM

@all
With BES, you may have your own unique key but that does means very little in the light that Blackberry is willing to continually and being feeling ashamed when it comes to betraying customer trust and using only a single encryption key.

The German Government have apparently made deals to purchase some Blackberries for ministries to use. Maybe it's time for the German Government (Angela Merkell et. al.) to drop their Blackberries and switch to something else and probably backtrack on the deal between Secusmart and Blackberry.

For a Security company to do something like this and take such a stance, it's a shame on them. Who knows if Blackberry might have active backdoors as well ?!

At the very least, Blackberry needs to put down in black and white in font size 24 that the keys are escrowed or something along that line :D .

Clive RobinsonApril 25, 2016 8:32 AM

@ Bruce,

If your organization uses a BlackBerry Enterprise Server (BES) , you have your own unique key.

I'm not to sure about that, one of the things prior to the ObamaBerry was that a certain Arab nation wanted access not just to personal users messages but corporate ones as well. Similar stories have been said about India and Blackberry took a massive hit in the UK when the press revealed that the Met Police had been monitoring Blackberry Messaging to find "ring leaders" some of whom were known to have corporate servers during rioting.

There were also stories about what the NSA had "fixed" in the ObamaBerry, but the general impression was it was very little, which appears somewhat surprising all things considered.

Various other stories have also said without much tracable atribution that all blackberry traffic can be monitored.

I've personaly not tried to dig into it to much as the only people I knew that had Blackberries were moving off of them due to various odd charging plans onto iPhones...

TõnisApril 25, 2016 8:55 AM

So much fuss over this one encryption key issue. This has never been a secret. This key has nothing to do with the data at rest on BlackBerry handsets and nothing to do with BlackBerry security in general. The key has to do with communications sent over the BlackBerry Messenger (BBM) instant messaging service. BlackBerry has always stated that BBM instant messages sent by devices not on a BlackBerry Enterprise Server (BES) are not truly encrypted, rather they are something more akin to being "scrambled." This is because of that single encryption key. Apparently this key has been strong enough for ordinary consumers on the BBM service because governments in India and Pakistan have been crying about getting access to that key for years. BlackBerry helped the UK government get access to the rioters' BBM communications when those riots happened, and this was because of that key, and now, there's this big news and fuss about the RCMP having the key.

I'm a BlackBerry 10 user. For me, the real strength when it comes to BlackBerry is in the security of data at rest. Amidst all this drama about Apple, the FBI, and access to the data on iPhones there has been a lot of silence, absolutely nothing about the security of data stored on BlackBerry devices. That's because data stored on a properly configured (complex password, encrypted) BlackBerry handset is secure. I have never been deluded enough to think my BlackBerry (or any other) consumer level communications are secure. It doesn't matter if you're using Google Talk, Yahoo Instant Messenger, or iMessage with the strongest encryption in the world if your communications are ultimately accessible to those companies and governments from the company servers. None of them are like Proton Mail. That's very hard to do as we saw with what Lavasoft had to do to retain its integrity. For truly private communications I would need a BlackBerry Enterprise server. Furthermore, that server would have to be located outside the jurisdiction and beyond physical access of my government. The paid BBM Protected service might be worth looking into if I wanted to take communications to the next level from "scrambled" to encrypted, but I can't imagine that to be any more secure than encrypted messages on Apple's servers as far as access by "Five Eyes" governments is concerned.

For me, data at rest is most important. If the government wants evidence from my phone about texting while driving, or drug dealing, or even murder, it will not get meaningful access to that data if it's stored on a password protected (with strong password) encrypted BlackBerry. And if you look at the laws on illegal content, they're always two part. There's possession, and there's dissemination. Possession is a whole lot easier to prove than dissemination -- just find it on the suspect's device. If you might possess any purported illegal content or contraband, the security of data at rest is most important. If you disseminate it, you probably deserve to get caught, because secure communication is very, very hard.

ThothApril 25, 2016 10:56 AM

@Tõnis
If you want a truely secure data-at-rest or data-in-transit, you are better off relying on a Hardware Security Module built from the ground up as secure and tamper resistant.

Some offerings include MicroSD card configuration containing tamper resistant smart card crypto chip that can be used to encrypt data and in some cases even voice encryption.

Relying on a multi-function smartphone itself to do security is a poor choice. Better to rely on a dedicated security solution which I have mentioned above.

Password encryption does not mean anything if someone can tamper on the hardware or software level.

GrowingUpInTechApril 25, 2016 11:13 AM

This is bad and all, but surveillance needs robust metadata, not so much content.

Do not underestimate the power of Metadata.

Five Eyes PhuckwitsApril 25, 2016 11:34 AM

@Tonis

"Secure comms is really really hard"

Really?

Much like numbers stations that have run for decades over short-wave radio (and still do in various places) with anybody able to pick up the encoded OTP messages, anybody could run a website - as a ruse only of course - stating "Here is today's set of encrypted numbers! Enjoy":

51432 85743 ..... ...... etc

(In reality, use TAILS from random computers for each message.)

The intended recipient of the message using their One Time Pad key would be the only one able to decipher the message, and the spooks would have no idea who it is, short of physical monitoring of whom the sender meets with/has met with and has shared OTPs with (hypothetically of course).

A lot of work for our 'Masters of the Universe' if everybody took up this hobby, despite their delusions of omniscience - for instance, if your OTPs are left under a particular rock in the national park at predetermined intervals or using a trusted courier/s.

In fact, why not regularly dump numbers on Bruce's website using Tor as part of your handle sign-off. Something like: "Urgent! 47295 23956 11103 32019 30193..... I repeat urgent!!!" and the like. Or if you prefer binary - 011100011111111001001 ..........................

Solve the authenticity problem with cipher-texts by having person check Schneier.com at an exact time every week/month etc. If your sender's "I love pink ponies" post to barbie.com doesn't say "Andrew/Skeptical is a NSA plant" at exactly 1 minute past the time you should have received your intended cipher text, then you know the bits have been flipped on your ass.

Rotate your MAC codes to go with each new message e.g. second message is "American Patriot" posting on nsa.gov forums that "Edward Snowden is a traitor" etc.

Maybe you'll get a van parked outside your house soon enough and have spooks doing correlation analysis on your network since you MUST be Jason Bourne after all. If that doesn't attract them like flies to shit, simply run a Tor relay, or better yet - an exit node.

"Mommy, why has the man with mirrored sunglasses been sitting outside in that white van for 2 weeks?" OR "Why is the webcam turning on again?"

LOL

Nothing to see here...April 25, 2016 12:34 PM

NOVEMBER FOXTROT GOLF

17257 30212 86128 93973 97055
24610 49864 51415 67189 99805
23398 38596 38694 67760 80663
17185 26249 28348 29935 56482
23437 45414 76168 81366 81556

ROMEO TANGO ROMEO

42930 51448 57615 79218 98924
22088 86605 86634 88894 91973
43561 44631 63834 81045 98815
15268 17793 65233 71810 92106
22572 23363 38607 67810 88250

ECHO ECHO ECHO

MailmanApril 25, 2016 12:51 PM

So if this global encryption key is for symmetric encryption, which key is then used if one user on a personal Blackberry (managed by Blackberry) exchanges messages with a user on a corporate Blackberry (managed by BES)?

RyanApril 25, 2016 1:24 PM

@Tõnis

If you encrypt a Blackberry and it has a memory card then the encryption key can be cracked trivially because of a flaw in its implementation. The card is put into a computer and the key extracted.

The Blackberry password manager is also insecure - there's a built in backdoor.

You can Google the above if you want more information.

CuriousApril 25, 2016 1:30 PM

I think for using Blackberry, I would like to see some proof of how the global encryption key was implemented, with the software being open source, otherwise, if the global encryption key was merely a backdoor feature, with special program code, I don't see how one should simply trust that an enterprise version wouldn't have an undisclosed backdoor feature to it that perhaps could be circumventing, or depending on a user's own choice of password code.

TõnisApril 25, 2016 7:27 PM

@Thoth, thanks. Good info!

@Five Eyes Phuckwits, see ... I told you that security was hard! You pretty much have to write/create your own, lol.

@Ryan, that vulnerability you mention was on BlackBerry 7 and earlier. It could be easily avoided even back then because there were three options for encrypting the media card, and only one had the vulnerability:

1. "Device Key" (not vulnerable)
2. "Device Password" (vulnerable)
3. "Device Password & Device Key" (not vulnerable)

If a device key was introduced, the media card exploit did not work. Even the Device Password option was not completely vulnerable. It depended on password length/strength. Elcomsoft found the exploit and offered software to brute force the media card since it contained the necessary info. Nevertherless, the Device Password method was useful, because you could swap your media card from one BlackBerry to another and still access your media card files so long as you knew the password used to encrypt the device/card. That option is no longer available on BlackBerry 10 devices. You have to decrypt the card to have meaningful access of the files in another handset.

As for the Password Keeper vulnerability, I remember reading about it and deciding it wasn't applicable. There's a way to synchronize or back up your Password Keeper data to the cloud (which I don't do), and there's a way to back up your Password Keeper data locally on your device, media card, or pc, either in encrypted or unencrypted form. The vulnerability had something to do with brute forcing the backup if an attacker were to gain access to one. It's a non-issue for me. I love BlackBerry's Password Keeper and use it almost every day.

ThothApril 25, 2016 8:21 PM

@Blackberry users et. al.
If you want to try and break away from some possible backdoors from BB stuff, you can consider using a Smartcard-HSM for a commercially supported and "MADE IN GERMANY" (Yea for the Privacy :)) hardware encryption in the form factor of a typical ID-1 size smart card, a USB crypto token or a portable MicroSD embedded with a crypto chip module for you to do your crypto stuff.

If you want a readily maintained Open Source PKIApplet and buy your own smart card to load the PKIApplet for your own consumption, you can find it in the PKIApplet project on Github.

The one backdoor you can't break away though is if Blackberry decides to steal your keystrokes to collect your crypto token PIN codes and then abuse the token PINs to do crypto operations without your notice.

You could avoid PIN code harvesting once the Ledger Blue hardware Personal Security Device with a touchscreen connected to a ST31 smart card chip comes into the market (it is partially open sourced for the portions not requiring NDAs - non-smart card portion).

On top of that, you have to write applications to use the crypto tokens as well but for those willing to go down that extend for personal security, you might be rewarded with a slightly higher level of security for the extra mile you go (by using a hardware token and not relying on BB's implementations).

Links:
- smartcard-hsm.com
- https://github.com/philipWendland/IsoApplet
- ledgerwallet.com/products/9

WaelApril 25, 2016 11:45 PM

@Nothing to see here,

17257 30212 86128 93973 97055...

golf oscar delta delta alfa mike november!
whiskey echo
alfa romeo echo
sierra charlie romeo echo whiskey echo delta!

RyanApril 26, 2016 7:36 AM

@Tõnis

I've got no experience of BB10 but the security firm Elcomsoft said in August 2015:

BlackBerry Password Keeper now makes use of an escrow key. That escrow key is stored in BlackBerry 10 backups alongside the data. Notably, BlackBerry 10 backups are encrypted, and must be decrypted with Elcomsoft Phone Breaker (using the correct BlackBerry ID and password) in order to gain access to Password Keeper data.

http://blog.elcomsoft.com/2015/08/blackberry-password-keeper-backdoor/

Their blog goes into a little more detail about how the older versions of BlackBerry implemented Password Keeper.

Separate software is available for decrypting the BlackBerry phone:

https://www.elcomsoft.com/eppb.html

http://www.cellebrite.com/Pages/blackberry-forensics-physical-extraction-and-decoding-from-blackberry-devices

RyanApril 26, 2016 1:19 PM

@Tõnis

I'll have a read through those links, thanks.

I've not used a BlackBerry for a few years however I'm not inclined to even try their handsets again since Chen has eventually been honest and declared BB10 dead*.

BB10 "will continue to receive updates, but there won't be any new BB10-based devices"**

All the major apps have pulled out of BB10 including WhatsApp (the irony) and it's a dying breed. The company have really lost direction.

The most cringe-worthy interview give by Chen has to be when he tries to explain their foray into Android devices (it's halfway down the page and only lasts 2:57*). He doesn't even know how to use the phone and doesn't know what 'Priv' stood for amongst his other on-air fuck ups. At US$699 I'm not surprised it's a flop.

I can't think of any good reasons why somebody would pay $699 for a glorified Android made by a company who is anti-privacy particularly when they could buy a cheaper, better, more modern and compatible Android from other manufacturers.

* http://appleinsider.com/articles/16/04/11/blackberry-kills-bb10-will-work-on-mid-range-android-phones-instead

** http://www.theregister.co.uk/2016/04/10/blackberry_boss_mulls_midrange_mobes/

*** http://www.androidauthority.com/blackberry-ceo-john-chen-showcases-blackberry-priv-644712/

ThothApril 26, 2016 7:14 PM

@Ryan
It's quite sad a boss doesn't know his products but that is not uncommon. Blackberry is attempting to rush into enterprise software business and I wonder if the move to switch to Android devices are a final move to quickly roll out a couple of phones to make the last bucks and quickly close shop on the phone side and fully switch to enterprise MDM business.

Regarding the security features, now almost every phone are equipped with Qualcomm or Exynos chipsets capable of ARM's TrustZone and hardware security features. It is a matter of whether the phone maker wants to enable TEE environment with TrustZone.
This makes it easier for any smartphone maker to throw in security when they feel a phone would be profitable with those.

DavidApril 26, 2016 10:53 PM

"And note that this only holds for a individual users. If your organization uses a BlackBerry Enterprise Server (BES), you have your own unique key."

Here in Indonesia, years ago BB rolled over to the Government demand for access to ALL their traffic, in-country and cross-border. IMO, you can't trust BB. (But then again, who can you trust any more?)

RyanApril 27, 2016 4:21 AM

@Thoth

You may be right about them trying to close their phone business but I don't think they'll be successful in moving towards the enterprise MDM market.

Microsoft Mobile, unpopular with consumers though it is, offer some excellent granular control over their devices. Their business devices (once linked) encrypt by default using a true TPM.

Exchange ActiveSync (which even Google have been forced to adopt to appease their business customers) is standard in the business world and this is supported natively in Microsoft Mobile.

They have the added benefit of being cheap.

Apple on the other hand also offer enterprise MDM through policies or their Configurator software. Apple tend to be the poor relation in business as Windows and Linux have the lion's share of servers. Desktop deployments overwhelmingly run Windows.

Apple are expensive but in some cases are used only via BYOD.

Android - well I shan't even bother. Their software is so insecure, so lacking in MDM capabilities that it isn't a worthy contender of Microsoft or Apple... yet. Time will tell.

For these reasons I can't see an already beleaguered BlackBerry making a dent in the extant enterprise market. And I'm sure Microsoft and Apple will make interoperability as difficult as possible.

@David

I was reading a Wall Street Journal article* a couple of months back and they were saying that BBM is a surprisingly large hit in Indonesia with 55 million users compared to 50 million users for Facebook Messenger and WhatsApp each. (These figures suggest 150 million active messenger users per month).

I don't know why it's so popular: that article was back in February 2016 however. Maybe now that WhatsApp offer default (and unremovable) end-to-end encryption that more people will make the switch especially if they already have it installed to communicate with other contacts.

Whilst some on here might not entirely trust WhatsApp at least it seems that they're not going to succumb to any demands to provide a master key (which, if the design is implemented as specified, would be impossible).

I'd like to know if the Indonesian people know about their government possessing the master key?

http://blogs.wsj.com/digits/2016/02/29/why-blackberry-is-a-hit-in-indonesia/

ThothApril 27, 2016 5:35 AM

@Ryan
One of the more "secure" Android with MDM capability is the Samsung phones via the KNOX platform. If you ever use a Samsung phone with KNOX equipped, you can apply MDM management regardless if you are using the free MyKNOX for personal stuff or enterprise KNOX. Of course if you are using a personal MyKNOX, you are your own administrator.

Sadly most other Android phone do not attempt hard enough to implement security save for one of two until Google pushes down mandatory security upgrades which may not even arrives.

TõnisApril 27, 2016 5:00 PM

1. BlackBerry's BES can handle BYOD all day long and works with iOS and android (maybe even Windows phone but I don't remember).

2. BlackBerry recently acquired Good Technology (https://en.wikipedia.org/wiki/Good_Technology)

3. BBM is cross-platform (BlackBerry, iPhone, android phones, Windows phones)

4. Why would anyone trust NSA collaborator facebook's Whatsapp no matter how strong the encryption?

Bumble BeeApril 28, 2016 9:35 AM

The RCMP has a key, you say?

Oh, great. The stable boy shoveled it out with the horse manure, the flies picked it up, and now everyone (anyone who matters anyway) has a copy of the key.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.