It was probably the fact that the BBM messages do not travel over the internet was making me feel 'secure' about it, or was it the fact that BBM only works on a BlackBerry Devices and my belief that BlackBerry devices are secure by design. Not Sure...but somehow I thought it was the safest IM App avaiable.
I fired my browser and landed on Google. I couldn’t find many articles about the security of messages communicated over BBM. I couldn’t even find any notes on the BBM architecture. I will just summarize what I was able to understand from many different pages.
Blackberry Messenger is a skin on top of the basic PIN to PIN messaging which has been there on these devices for long. A “PIN” is a hardware address, similar to a MAC address, and is unique to every BlackBerry device. A “PIN” however is not an authentication password nor is it a user identifier. It is the method by which the BlackBerry device is identified to the RIM relay for the purpose of finding the device within the global wireless service providers’ networks.
Alice sends a message to Bob. The target address for this message would be the PIN of Bob's Blackberry Device. The message is received by her service provider which sends the message to the RIM Relay Server. The RIM relay identifies Bob’s BlackBerry device by its PIN and forwards the message directly to Bob’s wireless service provider. These messages do not travel thru the internet or the Blackberry Enterprise Server and hence are faster than email communication. It is ideal for communication in Emergencies, or when your Emails Server/BES etc are not functional. I am sure this raises the question about compliance, auditing, content security etc. These messages bypass all the onion skins of security and land on the devices directly. Unless specifically configured on the BES thru an IT Policy, these messages are not logged on the BES. This has prompted certain enterprises to disable PIN to PIN messages on their corporate BB devices.
Now, one would assume that since RIM has been serious about security, they would have made the transmission secure by encrypting it. Well they did! All PIN to PIN messages are encrypted with Triple DES. Excellent!! Not exactly all RIM devices are loaded with a common peer-to-peer (same) encryption key which is used for encrypting the PIN to PIN messages. This would mean that every blackberry device can decrypt any PIN message that it receives because every BlackBerry device stores the same peer-to-peer encryption key. RIM advises users in one of the security guides to “consider PIN messages as scrambled, not encrypted”. It would mean that if I were to sniff the traffic coming to your device I could potentially decrypt the PIN messages and see them. The probability of such a threat actually happening is very rare but technically possible.
As I mentioned earlier the PIN is a number burnt on to the device and is permanent. This highlights another potential vulnerability. Bob's device is wiped and assigned to Dave. The device would still retain the same PIN and will continue to receive PIN messages addressed to that PIN. Alice would be unaware of the fact that her messages intended to Bob are being delivered to Dave.
Let us consider another situation. Chuck steals Bob’s device. Chuck could actually impersonate Bob and elicit information from Alice. Alice would think that she is communicating with Bob and unsuspectingly share information. She is in fact communicating with the PIN of Bob’s device which is now with Chuck.
If PIN can be spoofed it could be another potential threat to the security of messages exchanged using P2P. I was not able to find any information on how to do it. The forums seems to suggest that it’s not possible.
Lesson learnt:
Be careful when sharing sensitive information over BBM/PIN Messages because:-
- PIN-to-PIN messages are encrypted using an encryption key which is accessible to everyone.
- The messages you send are to an address which is tied to a device and not a person.
- Big Boss might be watching. If PIN-to-PIN messages are configured to be logged on the BES server, all BBM/PIN Messages would be logged in Clear Text Log files on the BES Server.
