BlackBerry is probably the first mobile vendor that implemented end-to-end encryption to protect communications of its users. Now an embarrassing report published by Vice News revealed that BlackBerry has shared a master Key to crack BlackBerry Messenger encryption with the Canadian Law enforcement.
According to the report, the Royal Canadian Mounted Police (RCMP) received a global decryption key for BlackBerry mobile devices since 2010, according to a new report from Vice News published yesterday.
“A high-level surveillance probe of Montreal’s criminal underworld shows that Canada’s federal policing agency has had a global encryption key for BlackBerry devices since 2010.” reports the Vice News.
According to the report, the Canadian police used the global encryption key for BlackBerry to decrypt over 1 Million messages sent through the BlackBerry Messenger(BBM) service by suspects in a two-year long criminal investigation.
The investigation was coded Operation Clemenza.
“The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators.” continues the Vice News.
“According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe.”
The report confirms that the company used the same global encryption key to protect all its customers, even when the devices use by private companies used encryption keys generated by their servers.
The circumstance is disconcerting because it implies that the Canadian police had the opportunity to spy on government and business clients using BlackBerry devices.
Both BlackBerry and the Royal Canadian Mounted Police fought against the order to provide details about their cooperation.
It is still not clear how the Canadian authorities obtained the global encryption key, neither if they are still in possession of the keys.
It is easy to speculate that the company gave the keys to the Royal Canadian Mounted Police.
The Vice News reported a statement of the RCMP included in one of the document it analyzed that confirmed the Canadia Government had obtained “the key that would unlock the doors of all the houses of the people who use the provider’s services, and that, without their knowledge.”
It seems that BlackBerry changed its global encryption key after the conclusion of the “Project Clemenza.”
Let’s wait for an official comment from the company.
(Security Affairs – Surveillance, global encryption key)