http://technology.timesonline.co.uk/tol/news/tech_and_web/article1962449.ece By Jonathan Richards Times Online June 20, 2007 RIM, the BlackBerry maker, has dismissed French concerns that foreign agencies could intercept comunications sent via the portable-email device to spy on government business. RIMs defence of its devices came after reports that senior civil servants in France had been asked to stop using the devices because messages sent via BlackBerry pass through servers in the US and UK, and could, therefore, theoretically be intercepted. The Canadian company said it would take as long to crack the encryption used by BlackBerry "as it would for the sun to burn out - billions of years," adding that the network had already been approved for use by NATO, as well as a number of governments, including the UK. According to a report in Le Monde newspaper, French ministerial workers have been banned from using BlackBerrys because of fears held by the General Secretariat for National Defence (SGDN), which is responsible for national security in France. Today RIM issued a strong defense of its network, claiming that the security it used - known as AES 256 protection - was "the strongest commercial cryptography available to any vendor in the world". The security was "on a par" with that which protected workers when they connected to their corporate network from home, or which banks and websites used to secure online transactions, the company said. "Every message that is sent via a BlackBerry is broken up into 2Kb 'packets of information', each of which is given a 256-bit key by the BlackBerry server," Scott Totzke, vice-president of global security at RIM, told Times Online. "That means to release the contents of a 10Kb e-mail, a person would have to crack 5 separate keys, and each one would take about as long as it would for the sun to burn out - billion of years." Mr Totzke admitted that BlackBerry had yet to gain official approval for use by government employees in France, but that he hoped such approval would be granted next month. Both UK and US authorities have already approved the devices for carrying non-restricted Government communications under two separate schemes known as CAPS and FIPS, which set out minimum security standards, he said. Paul Cronin, who tests the security of corporate networks at Pentura, a security firm, said that while no network was 100 per cent secure, BlackBerry security was on the whole very good, which is why so many banks use them. Mr Cronin said that a minor vulnerability had been demonstrated by a hacker last year, where by downloading a certain game, BlackBerry users made information available for outside view, but that as long as companies had appropriate policies in place for the devices use, there was no risk. In a statement, RIM said it was committed to working with and supporting the needs of both corporate and government customers within France, including protecting data from attack and unauthorised access. Alain Juillet, head of economic intelligence for the French government, was quoted in the Le Monde report as saying that there was a real risk of interception on the BlackBerry network. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun Jun 24 2007 - 23:20:59 PDT