U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Canadian law enforcement obtained BlackBerry Global encryption Key

A report published by the VICE News confirmed that the Canadian law enforcement obtained the BlackBerry encryption Key under the investigation Op Clemenza. BlackBerry is probably the first mobile vendor that implemented end-to-end encryption to protect communications of its users. Now an embarrassing report published by Vice News revealed that BlackBerry has shared a master Key to […]

Canadian law enforcement obtained BlackBerry Global encryption Key

A report published by the VICE News confirmed that the Canadian law enforcement obtained the BlackBerry encryption Key under the investigation Op Clemenza.

BlackBerry is probably the first mobile vendor that implemented end-to-end encryption to protect communications of its users. Now an embarrassing report published by Vice News revealed that BlackBerry has shared a master Key to crack BlackBerry Messenger encryption with the Canadian Law enforcement.

According to the report, the Royal Canadian Mounted Police (RCMP) received a global decryption key for BlackBerry mobile devices since 2010, according to a new report from Vice News published yesterday.

“A high-level surveillance probe of Montreal’s criminal underworld shows that Canada’s federal policing agency has had a global encryption key for BlackBerry devices since 2010.” reports the Vice News.

blackberry

According to the report, the Canadian police used the global encryption key for BlackBerry to decrypt over 1 Million messages sent through the BlackBerry Messenger(BBM) service by suspects in a two-year long criminal investigation.

The investigation was coded Operation Clemenza.

“The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators.” continues the Vice News.

“According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe.”

The report confirms that the company used the same global encryption key to protect all its customers, even when the devices use by private companies used encryption keys generated by their servers.

The circumstance is disconcerting because it implies that the Canadian police had the opportunity to spy on government and business clients using BlackBerry devices.

Both BlackBerry and the Royal Canadian Mounted Police fought against the order to provide details about their cooperation.

It is still not clear how the Canadian authorities obtained the global encryption key, neither if they are still in possession of the keys.

It is easy to speculate that the company gave the keys to the Royal Canadian Mounted Police.

The Vice News reported a statement of the RCMP included in one of the document it analyzed that confirmed the Canadia Government had obtained “the key that would unlock the doors of all the houses of the people who use the provider’s services, and that, without their knowledge.

It seems that BlackBerry changed its global encryption key after the conclusion of the “Project Clemenza.

Let’s wait for an official comment from the company.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Surveillance, global encryption key)