September 24th, 2008
India's government: At last, we've cracked Blackberry's encryption
Following India’s threat to shut down the Blackberry network in the country unless Research in Motion allows the government to snoop on Blackberry users made earlier this year, the country seems to have found a more pragmatic solution, and in a surprising move has publicly announced that they have finally managed to crack Blackberry’s encryption :
“The government has decrypted the data on Research In Motion’s (RIM) BlackBerry networks. The department of telecommunication (DoT), Intelligence Bureau and security agency National Technical Research Organisation (NTRO) have done tests on service providers such as Bharti Airtel, BPL Mobile, Reliance Communications and Vodafone-Essar networks for interception of Internet messages from BlackBerry to non-BlackBerry devices.
Initially, there were difficulties in cracking the same on Vodafone-Essar network but that has also been solved. This means that the e-mail messages sent on Internet through your BlackBerry sets would no longer be exclusive and government would be able to track them.”
They either need to decompress, or emphasize on the fact that their efforts cannot affect BlackBerry Enterprise Service users.
The government’s “decompression tests” seems not to be affecting enterprise Blackberry solutions, but now that it’s becoming clear that they’re requiring all local telecoms to “make technical changes in their services to make them compatible for decompression”, the tests indicate that the government is on purposely weakening the security of transmitted data across the country.
Taking into consideration the multi-layered end-to-end encryption that a Blackberry user can archive, India’s claims to be able to eavesdrop Internet traffic of BlackBerry Internet Service, but naturally still unable to crack BlackBerry Enterprise Service’s end-to-end AES or Triple DES, doesn’t really count as cracking Blackberry’s encryption.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
