Federal Workers Warned About BlackBerry Security Issues

by Istvan Fekete on February 27, 2013

Reports have already emphasized Android’s vulnerability to malware — security researchers have found a way to bypass the iPhone’s passcode lock. In other words, two down; so what comes next? Yes, you guessed right: It turns out that the “most secure mobile platform,” BlackBerry, has its share of security flaws too.

The federal department overseeing cyber-security issued a warning to its workers, urging them to think twice before sending a BlackBerry message, suggesting that the device believed to be the world’s most secure is more vulnerable than users may believe.

Public Safety Canada has published a one-page policy memo that emphasizing that PIN-to-PIN messages sent from one BlackBerry device to another are “the most vulnerable method of communicating on BlackBerry.”

As a result, using PIN-to-PIN messaging isn’t suitable for exchanging sensitive messages, because classified information could be inadvertently leaked, or the user could inadvertently download malware that could compromise their phone.

Interestingly though, the report also highlights the popularity of PIN-to-PIN messages: They are used by the police, and since roughly two-thirds of federal government mobile users in Canada use a BlackBerry device (due to its status of being the most secure mobile platform), PIN-to-PIN messages and emails are the most common tool used to communicate between devices.

The issue — as emphasized by Public Safety Canada — is that the PIN (Personal Identification Number) is an electronic address specific to a device. The PIN isn’t assigned to a user, but to a device; so, if the user turns in the phone, the PIN stays with the device. Therefore, “the government may expose information to compromise” if it decides to reuse it, due to the simple fact that any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.

“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” the memo reads.

Simply put, the message could end up being read by the wrong person. Furthermore, there is also a threat that sending messages outside government firewalls and security filters could lead to a user opening a virus attached to a PIN message.

“PIN-to-PIN messaging bypasses all corporate e-mail security filters, and thus users may become vulnerable to viruses and malware code as well as spam messages if their PIN becomes known to unauthorized third parties,” the memo warns.

The number of BlackBerry devices issued by the government has reached 90,000 in just a year, rising by 14.5%. The cost to maintain and use these devices domestically is more than $2 million per month.

Written by: Istvan Fekete. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: