Fraunhofer SIT certifies BlackBerry security
Two years ago, the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt presented the first results of a study commissioned by Research in Motion (RIM). Now the certification and the accompanying research report are available. Fraunhofer SIT has reconfirmed that no hidden functions or backdoors were found, and neither RIM nor any third parties have access to the data within the architecture.
The certification, which is valid until the end of 2010, is valuable as a marketing tool. A close look at the report is especially recommended for companies that already use BlackBerry smartphones. Starting on page 23, for example, SIT suggests a number of measures that increase the architecture’s security and were applied in the certified configuration. Some of these measures include using a firewall to separate the attachment service from other parts of the enterprise server, using AES instead of 3DES, and not saving master encryption keys on the message server.
SIT also lists the remaining risks, in particular those related to the underlying Windows server, complete access to all exchange accounts, and protection of the configuration database.
Fraunhofer may not be a household name, but one of its products certainly is. Fraunhofer SIT is a part of the same Fraunhofer Society as Fraunhofer IIS – the electronics research institute which created the MP3 format for digital music.