One popular feature of Research In Motion’s BlackBerry communication devices is PIN messaging – a communication protocol involving fewer steps and servers than email.
Interestingly, the Communication Security Establishment (Canada’s codebreakers) has guidance online about the security of BlackBerries in general and PIN messages specifically. They draw particular attention to the very limited protection generated by the encryption system used for PIN messages:
PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the “BlackBerry Solution Security Technical Overview” document published by RIM specifically advises users to “consider PIN messages as scrambled, not encrypted”.
The document identifies other vulnerabilities, such as the potential bypassing of spam filtering and the risk that a BlackBerry that has been passed along to a new user will receive a sensitive PIN not intended for them.
The document goes on to say: “Due to the aforementioned security issues, GC departments should refrain from using PIN-to-PIN messaging and the disabling of his functionality”.
While that is probably good advice, I doubt many departments will be sacrificing this popular feature. That is probably welcome news for anyone who is intercepting these messages. As mentioned before, British Embassies and High Commissions have been conducting signals intelligence interception against friendly countries since the second world war. No doubt, other embassies in Ottawa are actively monitoring traffic between BlackBerries.
The same may well be true for more sophisticated private companies, hoping to get some inside information on upcoming policies and regulations.
So anybody with a Blackberry can encrypt as many messages as they want using this one key? Shouldn’t it be possible to eventually learn what the key is?
Chosen-plaintext attack
From Wikipedia, the free encyclopedia
A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the attack is to gain some further information which reduces the security of the encryption scheme. In the worst case, a chosen-plaintext attack could reveal the scheme’s secret key.
This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an attacker could persuade a human cryptographer to encrypt large amounts of plaintexts of the attacker’s choosing. Modern cryptography, on the other hand, is implemented in software or hardware and is used for a diverse range of applications; for many cases, a chosen-plaintext attack is often very feasible. Chosen-plaintext attacks become extremely important in the context of public key cryptography, where the encryption key is public and attackers can encrypt any plaintext they choose.
Any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against known-plaintext and ciphertext-only attacks; this is a conservative approach to security.
I think chosen-plaintext attacks can be quite potent. That said, Triple-DES is a well-regarded encryption protocol.
I can’t guess what sort of resources would be necessary to determine the BlackBerry PIN key using this method. If anyone could do it, it would be an organization like the NSA. That said, it would probably be easier to convince RIM to give them the key, or simply steal it.
Where did you see such blue frogs?
Sorry for the silly question. As a beginner of Blackberry’s user, actually, I have a very basical question on my mind as the “new guys” of this handheld. Im wondering, if my Blackberry was lost, sold, or been used by other user, will the PIN be able to be kept, such as if we have our simcards…we cankeep the simcard, but not the PIN, and this is always giving me a trouble when I gave my BB to my cousin and my friend keep sending me BBM and my cousin keep receiving it…
The PIN is tied to the actual BlackBerry device. If you give the device to someone else, they will inherit your PIN address.
BlackBerry messages are widely thought to be tightly encrypted. But that is the case only for BlackBerrys tied to corporate networks. The security on BlackBerrys sold to individuals is no tighter than for normal phones, according to Richard Clayton of the University of Cambridge; and copies of the messages sent on them should still exist.