Pages

17 January 2016

Dutch Police Can Reportedly Break Encrypted Emails Sent on BlackBerrys

Dutch police claim they can read encrypted emails sent on BlackBerrys
Rob Price, Business Insider,  January 13, 2016
BlackBerry’s are famed for their security — even President Obama uses one.
But police in the Netherlands allege that they are able to intercept and decrypt emails sent on some PGP BlackBerry phones — a type of BlackBerry that comes with PGP encryption software pre-installed by third-party vendors.
“We are capable of obtaining encrypted data from BlackBerry PGP devices,” a spokesperson for the Netherlands Forensic Institute (NFI) said to Motherboard.
The police unit declined to provide any more information, saying that by doing so, “we would provide criminals with exactly the information they would need in order to eventually get around our research method. We would like to prevent that and therefore have been very reserved with our explanation towards the press.”

Motherboard’s report was based on an earlier story from the Dutch site Crime News. The site apparently got hold of documents from the NFI, which say that the crack was able to open 279 of 325 encrypted emails it was tried on. Law enforcement apparently needs physical access to the phone for it to work.
BlackBerry is telling news outlets that it needs more information about the alleged crack. “We are confident that Blackberry provides the world’s most secure communications platform to government, military and enterprise customers,” it said in a statement.
“However, we can’t comment on this claim as we don’t have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have details on the nature of the communications that are claimed to have been decrypted.”

Tech news site The Register is speculating that the alleged crack is down to a problem with the third-party vendors. You can buy BlackBerrys with PGP pre-installed, and it might be that it was incorrectly installed — leading to an exploitable vulnerability.
If that’s the case, then the third-party vendors have screwed up and BlackBerry isn’t to blame, and its core software hasn’t necessarily been compromised.
Whatever the answer, Obama can probably breathe easy — he uses a custom BlackBerry with a host of secure features developed with the help of the NSA.

No comments:

Post a Comment