The Blackberry has long enjoyed the reputation of being the securest communication platform in the world, with its seemingly impregnable defenses making it immensely popular within the corporate and government sector. It was pretty much an obvious choice of phone for anyone who preferred security over entertainment. Contrary to the popular myth, the Blackberry is not as fool-proof as it is professed to be. It is in fact plagued by a handful of security issues that the company had been doing a pretty good job of keeping under the covers over the years, though they are no longer a secret.
The vulnerability of Blackberry to spyware
If you’ve ever come across the products of companies such as StealthGenie, Mobistealth or mSpy, then you may already have a very good idea about the crack in Blackberry’s fortress. The availability of monitoring apps especially designed to spy on Blackberry communications and activity goes to prove that the device is anything but impenetrable.
Find out what's happening in New Lenoxfor free with the latest updates from Patch.
Downloading and installing third-party apps, including potentially harmful apps such as those designed for spying purposes, Blackberry phone is far more convenient on the Blackberry than it is on an iPhone or Android, which offer at least some sort of resistance in their non-jailbroken and unrooted form.
To install spyware on a Blackberry phone, all one needs to do is to get physical access to the target device, launch the browser, put in the URL of the page from where the app is to be downloaded, download the app, install it, and that is about it.
Find out what's happening in New Lenoxfor free with the latest updates from Patch.
Blackberry lets the situation grow even direr by allowing apps to hide their icons, a privilege that is naturally abused by developers of malicious and monitoring apps.
Even if the spy app is not stealth, the probability of an average user stumbling across it is not that high and drops even lower if the app is installed on the device via computer instead of the phone browser.
Secure but not secure enough
Monitoing apps for blackberry have made the hole in the security protocol that the company has in place pretty evident, but that is not the only threat that the users are susceptible to.
The 2013 mass surveillance disclosures included the revelation that America’s National Security Agency (NSA) and its British counterpart, the General Communications Headquarters (GCHQ), had been tapping into the Blackberry communications, mainly text messages and email system, since 2009. Rather than using a spyware to carry out their snooping, the agencies identified and exploited the security loopholes that most Blackberry users remain oblivious to.
For long, it has been believed that all Blackberry communications are encrypted. That, however, has proven to be more of a myth than a fact. Yes, the communication between the device and the server is encrypted, but once the communication goes beyond the server, it is neither encrypted, nor safe from interception, thus creating a window of opportunity for a snoop to capture and read the data.
The Blackberry Messenger (BBM) and PIN-to-PIN communication, on the other hand, is not encrypted at any stage, contrary to the popular belief. It is in fact scrambled using a cryptographic key, which is identical for all the Blackberry devices in the world. Simply rerouting the BBM or PIN-to-PIN communication to another device can make them readable on that device.
The Business Enterprise Server (BES) is flaunted as the pinnacle of security by Blackberry. Using a unique, organization-specific cryptographic key to encrypt data that flows between the Blackberry device and the server, typically located in the organization itself and managed by its IT team, does offer extensive security, but is it thick enough to keep the likes of NSA out? Unfortunately, it’s not, or at least that’s what the leaked NSA documents suggest, with an email of a Mexican government agency acting as proof.
Blackberry may have erred in certain aspects while designing and implanting the security protocols for its devices, but it would be rather unfair to overlook or undermine its commitment to creating a secure environment for its users to communicate in. There are not many stones that it has left unturned in its pursuit of a perfect security system.
