Wednesday, August 10, 2011

London riots and the BlackBerry Messenger connection

A safer London?

Let me characterize the current threat environment as we see it and the challenges we face in understanding and getting in front of the threat:
Reports monitored from sources in London indicate that preliminary investigations by London Police into riots in parts of the city showed that young adults had been using BlackBerry Messenger (BBM) extensively to coordinate the riots.
BlackBerry Messenger (BBM) appears to be the favoured method of planning the unrest that has swept across north London since Saturday evening. Unlike text messaging or Twitter, BBM is a free, private social network where almost all messages are encrypted when they leave the sender's phone – meaning that many messages are untraceable by the authorities.
BlackBerry devices, cheaper and more widespread than iOS or Android smartphones, are owned by more than a third of British teens, according to a study. BBM — an instant message service for BlackBerry owners — is free, instantly available, one-to-many, and the authorities can’t immediately trace it. BBM users must exchange PIN numbers, which keeps their conversations private.
BBM conversations are encrypted as the traffic never leaves the BlackBerry infrastructure.
BBM offers delivery and read notifications.
BBM can be set up for internal use only on BES enabled handhelds. (Added security.)
BBM doesn't require an "account" to be set up on some public service somewhere which could possibly become compromised.
BBM can be audited by BES administrators which makes it more attractive than public IM clients in secured environments.
You can easily send pictures, files, audio, contact info, etc. over BBM.
BBM is pre-loaded on all BlackBerry devices.
BBM is "always on" and doesn't use as much battery power to run as third-party IM clients.
BBM has proven to be quite stable and is not the cause of memory leaks that plague other third-party apps.
You can easily change your BBM handle at will without your contacts needing to re-add you to their contact list.
BBM conversations and contact lists can be backed up locally to media card, or remotely via email. (With BBM 5)
BlackBerry Messenger gives BlackBerry users a quick, easy way to send instant messages to each other using their PIN codes. It's free and, unlike with e-mail, users can carry on several conversations at the same time. They also can chat with a group, see contacts' availability, send files and track message status.

With most instant messaging services, you download software that becomes the client on your computer or smartphone. That client connects to the provider's server, using a proprietary protocol for communication. Once you've logged on, the client sends the server your connection information (IP address), your computer port number and the names of everyone on your contact list.
The server creates a temporary file with connection information for you and your contacts. Then the server determines which contacts are logged on and sends that information to your client, as well as letting the contacts know you're available. After that, the server is no longer involved, and all communication is between your client and that of your message recipient.
With BlackBerry Messenger, however, the server stays involved as it would if you were sending e-mails.
what you'll need to use BlackBerry Messenger:
  • A Java-based BlackBerry
  • A BlackBerry Internet plan, or data plan, so you can send and receive PIN messages through Research in Motion's servers
  • Your PIN code -- to find it, go to "Options," then "Status" and finally "PIN"
  • Blackberry Messenger software -- if it's not already on your BlackBerry
The Indian government’s internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult - especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups.
 RIM has said the security architecture for its enterprise customers is based on a symmetric key system whereby the customers create their own key and only they possess the copy of the encryption.
RIM says the security architecture for customers was designed to exclude RIM or any third party from reading encrypted information under any circumstances.
The BlackBerry Enterprise Solution is designed so that data remains encrypted (in other words, it is not decrypted) at all points between the BlackBerry device and the BlackBerry Enterprise Server. Only the BlackBerry Enterprise Server and the BlackBerry device can access the data that they send between them. Thus, third-parties, including service providers, cannot access potentially sensitive organization information in a decrypted format..
 It can be easily integrated into I.E.Ds and you'll understand the threats you'll probably face in the field.

No comments: