Times of India reports alleged BlackBerry decryption
A report headlined "Govt cracks BlackBerry code" in Monday's Times of India is feeding rumours that the Indian government is able to listen in on all BlackBerry traffic. Closer reading of the article reveals that this relates to unencrypted messages only.
The critical sentence reads, "The test is being conducted wholly for non-enterprise solutions". BlackBerry vendor Research in Motion (RIM) offers two different solutions – the unencrypted BlackBerry Internet Service (BIS) and the BlackBerry Enterprise Service (BES), which is used by businesses. In the case of BIS, the service regularly queries up to ten email addresses via POP3 or IMAP4 and passes the emails to the BlackBerry device using a proprietary compression protocol. It also delivers emails from handhelds to the relevant mail server using SMTP.
In contrast, BES involves company mail servers, which communicate using Exchange, Groupwise or Domino, on company networks behind firewalls. This makes use of a single key for each device registered on the server, with which emails are end-to-end encrypted. The key is generated when the device is activated and is known to the server and the individual handheld only.
The decryption claim relates to listening in on unencrypted BIS traffic only. Since these messages are forwarded unencrypted outside the BIS anyway, it hardly represents a breakthrough by the Indian security services.