The Blackberry Security Story

With the Emirates and others banning Blackberry and the "ever changing smartphone market share story, I was hoping someone will say something right about Blackberry. Instead we get mistakes by pretty good people like Tom Meritt, Bruce Schneier, and Steve Gibson and mindless dribble by fanboys. I'll try to set the record straight. Apart from whatever defects the platform has, Blackberry is the safest way to communicate. Period. In order to crack a Blackberry malware has to be installed in the device. No other communication system is as safe. Yes, the NSA may have a back door (doubt it, but it is possible), but do you really care about that? Think about it. The confusion from the different ways to communicate with a Blackberry, the different levels of security, and RIM unwillingness to really explain things. People talk about VPN, SSL, but none of that is the important thing about Blackberry. They use extensive public/private key cryptography, with modern, known cyphers, and local security in the device to a level that is bothersome to the user. If you are surfing the web or sending email, the message is encrypted to the Blackberry service. There it has to be put in plain text in order to send the request to the internet. It may be that some countries are bothered by the traffic going to foreign lands (Canada in this case) or with Blackberry clear unwillingness to provide this information that they do have. Email or web surfing is not secure (not even wil SSL! ). But what I think is more likely is that those countries are mad that the Blackberry messenger (and PIN messages) are encrypted from device to device and not even RIM has access to that info. The way it works is as follows: In order to communicate with another Blackberry user you ask for their PIN number, this number identifies the user (thru its hardware), by providing this number to Blackberry you get that users public key, you, then, send a message (messenger or PIN message, those are two different things, messenger is a chat, PIN is like a text only email) encrypted in the public key that can only be decoded with the users private key, which only exists in the users device. This is secure, nobody has access to it, except through your device. That's the story. If your device software is not compromised, the probability of someone eavesdropping is null. The fact that so many countries make banal arguments against Blackberries (including the fear that the NSA has access to Blackberry communications), to me, indicates that this story is right and the spread of Blackberry worries these people, because they won't be able to spy on you. The fact that the tech news industry has failed to understand this talks about the sad state of knowledge in the world. I use two phones: A Blackberry, because I am security conscious, and an Android, because it's fun.

Comments



 
Name

Email

URL


Remember me?

Comments


Verification code
Verification code