[ISN] RIM to France: BlackBerry is safe

From: InfoSec News (alerts@private)
Date: Sun Jun 24 2007 - 23:06:46 PDT


http://technology.timesonline.co.uk/tol/news/tech_and_web/article1962449.ece

By Jonathan Richards
Times Online
June 20, 2007

RIM, the BlackBerry maker, has dismissed French concerns that foreign 
agencies could intercept comunications sent via the portable-email 
device to spy on government business.

RIMs defence of its devices came after reports that senior civil 
servants in France had been asked to stop using the devices because 
messages sent via BlackBerry pass through servers in the US and UK, and 
could, therefore, theoretically be intercepted.

The Canadian company said it would take as long to crack the encryption 
used by BlackBerry "as it would for the sun to burn out - billions of 
years," adding that the network had already been approved for use by 
NATO, as well as a number of governments, including the UK.

According to a report in Le Monde newspaper, French ministerial workers 
have been banned from using BlackBerrys because of fears held by the 
General Secretariat for National Defence (SGDN), which is responsible 
for national security in France.

Today RIM issued a strong defense of its network, claiming that the 
security it used - known as AES 256 protection - was "the strongest 
commercial cryptography available to any vendor in the world".

The security was "on a par" with that which protected workers when they 
connected to their corporate network from home, or which banks and 
websites used to secure online transactions, the company said.

"Every message that is sent via a BlackBerry is broken up into 2Kb 
'packets of information', each of which is given a 256-bit key by the 
BlackBerry server," Scott Totzke, vice-president of global security at 
RIM, told Times Online. "That means to release the contents of a 10Kb 
e-mail, a person would have to crack 5 separate keys, and each one would 
take about as long as it would for the sun to burn out - billion of 
years."

Mr Totzke admitted that BlackBerry had yet to gain official approval for 
use by government employees in France, but that he hoped such approval 
would be granted next month.

Both UK and US authorities have already approved the devices for 
carrying non-restricted Government communications under two separate 
schemes known as CAPS and FIPS, which set out minimum security 
standards, he said.

Paul Cronin, who tests the security of corporate networks at Pentura, a 
security firm, said that while no network was 100 per cent secure, 
BlackBerry security was on the whole very good, which is why so many 
banks use them.

Mr Cronin said that a minor vulnerability had been demonstrated by a 
hacker last year, where by downloading a certain game, BlackBerry users 
made information available for outside view, but that as long as 
companies had appropriate policies in place for the devices use, there 
was no risk.

In a statement, RIM said it was committed to working with and supporting 
the needs of both corporate and government customers within France, 
including protecting data from attack and unauthorised access.

Alain Juillet, head of economic intelligence for the French government, 
was quoted in the Le Monde report as saying that there was a real risk 
of interception on the BlackBerry network.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 24 2007 - 23:20:59 PDT