Comments on: Govt. decodes Blackberry – all set to snoop http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/ We Heart Startups! Fri, 10 Feb 2012 14:53:02 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Avoid Yahoo/Gmail – Central Govt. to Officials |Technology and Business Startups in India http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/comment-page-1/#comment-90159 Avoid Yahoo/Gmail – Central Govt. to Officials |Technology and Business Startups in India Fri, 05 Dec 2008 10:10:18 +0000 http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/#comment-90159 [...] our govt. fails to keep pace with technology (remember Blackberry blackout?) and instead of upgrading it’s infra, they want to stay happy with mediocre decisions like [...] [...] our govt. fails to keep pace with technology (remember Blackberry blackout?) and instead of upgrading it’s infra, they want to stay happy with mediocre decisions like [...]

]]> By: Weekly Recap - [22nd - 28th sep] |Technology and Business Startups in India http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/comment-page-1/#comment-87151 Weekly Recap - [22nd - 28th sep] |Technology and Business Startups in India Mon, 29 Sep 2008 03:37:29 +0000 http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/#comment-87151 [...] Govt. decodes Blackberry - all set to snoop [...] [...] Govt. decodes Blackberry – all set to snoop [...]

]]> By: Vivek http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/comment-page-1/#comment-86819 Vivek Mon, 22 Sep 2008 05:38:00 +0000 http://www.pluggd.in/indian-telecom-industry/blackberry-india-government-decodes-2743/#comment-86819 The Blackberry enterprise version (BES) is, I believe impossible to crack without keys from the enterprise. There are probably not many enterprise customers in India. So, this story is about the internet service. In the internet versio, the consumer emails sent via BB is served by local ISPs using a server provided by Blackberry called Blackberry Internet Service (BIS). This might communicate back with the RIM servers in Canada. There are three possibilities. 1) RIM has probably just disabled encryption for their Indian accounts (accounts signed up via Reliance, Airtel, etc). The way they would do this is to disable encryption out of the BIS. I hope this is not the case because it would seriously compromise privacy. 2) RIM has provided the government with their private keys and also disabled advanced key exchange algorithms like Ephemeral Diffie Hellman. 3) The BIS security infrastructure is weak anyway and can be compromised. For example, the RIM servers can be made to negotiate a weak or null cipher. I doubt this would be the case. The ET story you linked to talks a lot about decompression. I dont know the context in which that is relevant. It is trivial to decompress. The Blackberry enterprise version (BES) is, I believe impossible to crack without keys from the enterprise. There are probably not many enterprise customers in India.

So, this story is about the internet service.

In the internet versio, the consumer emails sent via BB is served by local ISPs using a server provided by Blackberry called Blackberry Internet Service (BIS). This might communicate back with the RIM servers in Canada.

There are three possibilities.

1) RIM has probably just disabled encryption for their Indian accounts (accounts signed up via Reliance, Airtel, etc). The way they would do this is to disable encryption out of the BIS. I hope this is not the case because it would seriously compromise privacy.

2) RIM has provided the government with their private keys and also disabled advanced key exchange algorithms like Ephemeral Diffie Hellman.

3) The BIS security infrastructure is weak anyway and can be compromised. For example, the RIM servers can be made to negotiate a weak or null cipher. I doubt this would be the case.

The ET story you linked to talks a lot about decompression. I dont know the context in which that is relevant. It is trivial to decompress.

]]>