Canadian backdoor.

/Canadian backdoor.

Tl;dr, Canadian police have a “master key” that allows them to decrypt all BlackBerry communications. Good thing no-one uses BlackBerrys, huh?

I remember raising something like this as an issue back in circa 2006 when people actually did use BlackBerrys, and we were doing a security assessment over whether or not to deploy them. I was only a grad at the time, so obviously “knew nothing”, and the idea was universally derided.

Well. Who’s laughing now, huh?

Ten years isn’t too long to wait. Hah!

Incidentally, one of the reasons BlackBerry was revolutionary/controversial Back In The Day is that it was the first mobile service that routed comms through a central server that was controlled by the phone manufacturer, not the company or the telco. I never figured out why they architected it this way; it was just email, and competing products (i.e. whatever Windows Phone was called back then), didn’t do it. They just had a bog-standard email client on the phone, that you could plug back into your corporate Exchange server.

I think BlackBerry touted that its method was more “secure”–if I recall correctly, you had to have specialized BlackBerry appliances in your gateway to beam traffic back to Canada before routing it to your users–but that always seemed like a solution in search of a problem, to me.

2016-09-01T09:13:11+00:00 5th September, 2016|Tags: infosec, privacy|Comments Off on Canadian backdoor.