Blackberries insecure?
Steven M. Bellovin
smb at cs.columbia.edu
Wed Jun 20 23:41:20 EDT 2007
According to the AP (which is quoting Le Monde), "French government
defense experts have advised officials in France's corridors of power
to stop using BlackBerry, reportedly to avoid snooping by U.S.
intelligence agencies."
That's a bit puzzling. My understanding is that email is encrypted
from the organization's (Exchange?) server to the receiving Blackberry,
and that it's not in the clear while in transit or on RIM's servers.
In fact, I found this text on Blackberry's site:
Private encryption keys are generated in a secure, two-way
authenticated environment and are assigned to each BlackBerry
device user. Each secret key is stored only in the user's secure
regenerated by the user wirelessly.
Data sent to the BlackBerry device is encrypted by the
BlackBerry Enterprise Server using the private key retrieved
from the user's mailbox. The encrypted information travels
securely across the network to the device where it is decrypted
with the key stored there.
Data remains encrypted in transit and is never decrypted outside
of the corporate firewall.
Of course, we all know there are ways that keys can be leaked.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list