Canadian Law Enforcement Can Intercept, Decrypt Blackberry Messages

from the so-much-for-the-one-thing-Blackberry-used-to-have-going-for-it... dept

Blackberry's CEO, John Chen, didn't care for the fact that Apple was "locking" law enforcement out of its devices by providing customers with default encryption. As he saw it, Apple was placing profits ahead of Mom, Apple pie and American-made motorcars.

For years, government officials have pleaded to the technology industry for help yet have been met with disdain. In fact, one of the world's most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would "substantially tarnish the brand" of the company. We are indeed in a dark place when companies put their reputations above the greater good.

Chen refused to "extend privacy to criminals." How he had any way of knowing who was or wasn't a criminal at the point of sale was not detailed in his rant.

Then news surfaced that Dutch law enforcement could bypass Blackberry encryption with seeming impunity. At that point, Blackberry became defensive about its new stature as the least secure smartphone option. It claimed in a blog post that its stock phones were not open books for the world's law enforcement agencies. Despite promising earlier that the company would not aid criminals in keeping their secrets from law enforcement, Blackberry heatedly claimed its devices were secure as ever -- even in the hands of criminals.

[T]here are no backdoors in any BlackBerry devices, and BlackBerry does not store and therefore cannot share BlackBerry device passwords with law enforcement or anyone else.

Ah, but there is a backdoor. A big one. And it's on the opposite side of the "house." Motherboard is reporting that the Royal Canadian Mounted Police are able to access unencrypted communications thanks to the Blackberry's built-in "feature."

Imagine for a moment that everybody's front door has the same key. Now imagine that the police have a copy of that key, and can saunter into your living room to poke around your belongings while you're out, and without your knowledge.

By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada's federal police force, intercepted and decrypted "over one million" BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

Citizen Lab privacy expert Christopher Parsons backs up Motherboard's analogy. [emphasis in the original]

In addition to routing and compressing data traffic, RIM's service offerings also include a measure of security in excess of the practices adopted by their competitors. BBM, as an example, is encrypted. However, it is encrypted using a global key. RIM has written that,

"The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives."

This means that RIM can decrypt consumers' messages that are encrypted with the global key. Consumer devices include all RIM offerings that are not integrated with a BlackBerry Enterprise Server (BES). The BES lets administrators change the encryption key, which prevents RIM from using the global decryption key to get at the plaintext of BES-secured communication.

Blackberry may be technically correct when it asserts it has no access to user passwords. But that hardly matters when it holds the key that can decrypt any BBM communications that pass through its service (with the exception of administrator-level business accounts). This single key's access to unencrypted communications is likely what allowed (and possibly still allows) the RCMP to obtain plaintext messages.

According to the documents obtained by Motherboard, the RCMP appears to be using some sort of Stingray-but-for-BBM technology to intercept and decrypt messages.

[The RCMP maintains a server in Ottawa that "simulates a mobile device that receives a message intended for [the rightful recipient]." In an affidavit, RCMP sergeant Patrick Boismenu states that the server "performs the decryption of the message using the appropriate decryption key." The RCMP calls this the "BlackBerry interception and processing system."

By inserting itself into the middle of communications, the RCMP can intercept the messages. Access to the Golden Key ensures they can be read. The conclusion reached by both the defense team and the judge presiding over the case? The RCMP has Blackberry's global encryption key.

The defence in the case surmised that the RCMP must have used the "correct global encryption key," since any attempt to apply a key other than BlackBerry's own global encryption key would have resulted in a garbled mess. According to the judge, "all parties"—including the Crown—agree that "the RCMP would have had the correct global key when it decrypted messages during its investigation."

Unfortunately, there aren't many more details. Many of the documents related to this case remain under seal and the RCMP certainly isn't going to discuss its interception/decryption secrets if it doesn't have to. It could very well be that it demanded (and obtained) the key from Blackberry, much in the way the FBI demanded Lavabit's SSL key. If so, Blackberry was far more cooperative than Lavabit, which chose to shut down the service rather than allow the government to have total access. (And it has been hinted by the DOJ that this sort of request may be headed Apple's way if it continues to fight its All Writs orders.)

Somewhat ironically, the RCMP acknowledged in court that outing a cellphone provider as Junior G-Men would probably tarnish Blackberry's reputation -- basically the same thing Blackberry CEO John Chen claimed was the height of Apple impudence

RCMP inspector Mark Flynn testified in a heavily redacted transcript that BlackBerry "facilitated the interception process," however, Flynn also stated that facilitation could mean mere information sharing or a physical action to aid interception.

Flynn further testified that revealing the key would jeopardize the RCMP's working relationship with BlackBerry, and harm BlackBerry itself, since "it is not a good marketing thing to say we work with the police."

The question now is whether the RCMP still has this level of access. To cut off the RCMP, Blackberry would have needed to alter the global decryption key -- something that would have required "a massive update... on [a] per-handset basis," according to Citizen Lab's Christopher Parsons. And if Canada's law enforcement has it (or had it), odds are law enforcement agencies in other countries had similar access. Investigators may not be keen to expose techniques in court or in released documents, but they're usually pretty good about sharing this info with like-minded law enforcement agencies.

Filed Under: blackberry, canada, encryption, interception, law enforcement, master key, rcmp
Companies: blackberry

Intel Confirms HDCP Master Key Is Out

from the oops dept

We were among the many folks who wrote about the supposed leak of the HDCP master key this week, leading to an interesting discussion in the comments -- including a comment from a big time DRM supporter (he's even written a book about DRM) who scolded us for getting the whole story wrong, insisting that there was no such thing as a master key and that Hollywood never would have agreed to HDCP if there were such a thing. This struck me and some others as odd, as many of us have followed the discussions on HDCP, and I tended to believe Ed Felten's explanation of how HDCP works, which indicated that there was, in fact, a master key. That was from a few years ago, but Felten also just posted another explanation about how HDCP works, and it still seems to involve a master key.

And, now, Intel is apparently confirming that the leak is, in fact, the master key. So, at this point, I'm going to have to assume that the DRM expert and the scolding were wrong, and that there is, in fact, a master key... and it's been leaked. Good thing the FCC gave the MPAA the okay to break your TV and DVR to release movies that would be "protected" by HDCP, huh? As Michael Weinberg points out, the FCC has now broken a bunch of TVs for nothing:

Today, it looks like HDCP -- the DRM that the MPAA insisted was required to allow them to securely distribute movies prior to DVD release -- has been broken.  As a result, anyone who is motivated can make an exact digital copy of a "protected" high definition movie.  Since all it takes is one motivated individual to make that first copy, this DRM (like every type of DRM before it) now serves absolutely no purpose but to inconvenience legitimate customers.

In May, I wrote that "Studios are asking the public to trade the use of any analog inputs on their devices for more magic beans."  The FCC accepted that trade.  At the time, it looked like those magic beans at least pretended to have some powers to slow down copying.  Today they have been revealed for what they really are -- worthless.

Nice work, FCC.

Filed Under: cracked, drm, hdcp, master key
Companies: intel