BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-30-2009, 01:55 PM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Aug 2007
Model: Many
PIN: N/A
Carrier: Rogers/Bell
Posts: 16
Post Thanks: 0
Thanked 2 Times in 1 Post
Default Blackberry Messenger security

Please Login to Remove!

Can anyone confirm whether there is actually end-to-end encryption with Blackberry Messenger, or if these messages are clear text at any point? My powers that be want confirmation on the security of this communication. We currently use a BES and PGP for endpoint encryption of staff emails, but they would like the delivery reports, etc. available in messenger.

Where do I find this confirmation?

We dropped our T2 support after just one year, for obvious reasons to anyone who subscribed to it, and now have to guess at simple questions like this...

(rant - Of course, we could never trust the tech at T2, as answers fell out of their mouths willy-nilly, like "Of course your emails are always encrypted" when I asked them about emailing other organizations! What bollocks!)
Offline  
Old 08-30-2009, 02:06 PM   #2 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Yes, BlackBerry Messenger is scrambled from end-to-end as it uses PIN messaging as its transport. All traffic is over RIM's infrastructure exclusively, and never leaves it.
All BlackBerry devices share a common encryption key which is used for this purpose.

Additionally, if on a BES, you can also add a peer-to-peer encryption key for an additional layer of encryption. However, doing so will create an environment where your BES users will only be able to use PIN messaging and BlackBerry Messenger with other users on the same BES.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org

Last edited by penguin3107 : 08-30-2009 at 02:21 PM.
Offline  
Old 08-30-2009, 02:08 PM   #3 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

This may not provide the exact answer you're looking for...but here is how to disable encryption

KB13016 - How To disable PIN encryption on the BlackBerry Enterprise Server - Port3101.org : Your BES Connection
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 08-30-2009, 04:28 PM   #4 (permalink)
BlackBerry Extraordinaire
 
kirrinjones's Avatar
 
Join Date: Apr 2006
Location: Jamaica
Model: 9000
OS: 5.0.0.610
PIN: 208E7C41
Carrier: LIME, Jamaica
Posts: 1,533
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Wirelessly posted

I have peer-to-peer encryption on my BES and I'm still able to communicate with other bbm outside my BES.
__________________
-----------------------------------------------------
Website - http://kirrinjones.wordpress.com
Twitter - http://www.twitter.com/kirrinjones
Offline  
Old 08-30-2009, 05:25 PM   #5 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by kirrinjones View Post
Wirelessly posted

I have peer-to-peer encryption on my BES and I'm still able to communicate with other bbm outside my BES.
No, you don't.
That's impossible.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 08-30-2009, 05:36 PM   #6 (permalink)
BlackBerry Extraordinaire
 
kirrinjones's Avatar
 
Join Date: Apr 2006
Location: Jamaica
Model: 9000
OS: 5.0.0.610
PIN: 208E7C41
Carrier: LIME, Jamaica
Posts: 1,533
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Wirelessly posted

Hmmmm, I will have to double check on this when I get in tomorrow.

I do remember, there was an occassion when we could not communicate with other bbm and after speaking with RIM I found out that my peer-to-peer key was corrupt, once they helped me sort that out, all was well. But I will double check tomorrow.
__________________
-----------------------------------------------------
Website - http://kirrinjones.wordpress.com
Twitter - http://www.twitter.com/kirrinjones
Offline  
Old 08-30-2009, 05:43 PM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
besadmin23's Avatar
 
Join Date: Nov 2005
Model: Bold
Carrier: AT&T
Posts: 234
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by slahm View Post
(rant - Of course, we could never trust the tech at T2, as answers fell out of their mouths willy-nilly, like "Of course your emails are always encrypted" when I asked them about emailing other organizations! What bollocks!)
slahm, no offense but what did you think they might say. "Well, no not really. About 27% of the time the messages aren't encrypted." ???

The answer actually IS "Of course your emails are always encrypted!!"

Emailing another organization from your BB has no more or less to do with whether a message is encrypted than emailing someone inside your company. Period.

Your BlackBerry establishes a secure tunnel between itself and the BES at your company all via the internet, essentially just like any vpn connection does more or less. (lets not debate the intricacies). If you trust the BB to send a message to a co-worker, you trust it to send to ANY email address in the world.

When you compose and "send" a message from your bb. The email doesn't travel from your device over the cellular data network and route directly to the othercompany.com mailserver... NO, It encrypts and securely sends the constructed message with the address of who you sent it to over the cellular data network to YOUR companies BES, which decrypts the contents based on the ever changing encrypting keys that are passed and verified between said BES and BB. THEN your BES communicates internally to your Exchange or Notes account on your behalf using elevated permissions granted by your companies IT and Security Administrator, which then sends the message via your companies outbound mail transport of your company mail server, JUST as if you sent it from your email client sitting at your desk on your intranet at work...

The BlackBerry let go of the message LONG ago. In fact, as soon as it encrypted then sent it over the cellular network to the destination, it doesn't care anymore. If your companies BES doesn't "know" how to decrypt the message coming to it from your BB or ANY device for that matter... it just tosses the packets aside. End of story.

In many ways, messages you send from your BB are MORE secure than messages sent from your desk client, in that while the BB and BES have anything to do with it, the message is encrypted with AES or Triple DES encryption.

See BlackBerry - Enterprise Solution Architecture

Sorry for the rant, but thought it needed a little defending. And for what it's worth I have been very pleased for years with the same T2 support you had.
Offline  
Old 08-30-2009, 09:14 PM   #8 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by besadmin23 View Post
...
In many ways, messages you send from your BB are MORE secure than messages sent from your desk client, in that while the BB and BES have anything to do with it, the message is encrypted with AES or Triple DES encryption...
let's not feed the crazies any ideas...
Offline  
Old 08-31-2009, 09:35 AM   #9 (permalink)
Talking BlackBerry Encyclopedia
 
besadmin23's Avatar
 
Join Date: Nov 2005
Model: Bold
Carrier: AT&T
Posts: 234
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

ok ok, sorry bout the soap box...
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.