OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[ISN] RIM to France: BlackBerry is safe

From: InfoSec News (alertsinfosecnews.org)
Date: Mon Jun 25 2007 - 01:06:46 CDT

http://technology.timesonline.co.uk/tol/news/tech_and_web/article1962449.ece

By Jonathan Richards
Times Online
June 20, 2007

RIM, the BlackBerry maker, has dismissed French concerns that foreign
agencies could intercept comunications sent via the portable-email
device to spy on government business.

RIMs defence of its devices came after reports that senior civil
servants in France had been asked to stop using the devices because
messages sent via BlackBerry pass through servers in the US and UK, and
could, therefore, theoretically be intercepted.

The Canadian company said it would take as long to crack the encryption
used by BlackBerry "as it would for the sun to burn out - billions of
years," adding that the network had already been approved for use by
NATO, as well as a number of governments, including the UK.

According to a report in Le Monde newspaper, French ministerial workers
have been banned from using BlackBerrys because of fears held by the
General Secretariat for National Defence (SGDN), which is responsible
for national security in France.

Today RIM issued a strong defense of its network, claiming that the
security it used - known as AES 256 protection - was "the strongest
commercial cryptography available to any vendor in the world".

The security was "on a par" with that which protected workers when they
connected to their corporate network from home, or which banks and
websites used to secure online transactions, the company said.

"Every message that is sent via a BlackBerry is broken up into 2Kb
'packets of information', each of which is given a 256-bit key by the
BlackBerry server," Scott Totzke, vice-president of global security at
RIM, told Times Online. "That means to release the contents of a 10Kb
e-mail, a person would have to crack 5 separate keys, and each one would
take about as long as it would for the sun to burn out - billion of
years."

Mr Totzke admitted that BlackBerry had yet to gain official approval for
use by government employees in France, but that he hoped such approval
would be granted next month.

Both UK and US authorities have already approved the devices for
carrying non-restricted Government communications under two separate
schemes known as CAPS and FIPS, which set out minimum security
standards, he said.

Paul Cronin, who tests the security of corporate networks at Pentura, a
security firm, said that while no network was 100 per cent secure,
BlackBerry security was on the whole very good, which is why so many
banks use them.

Mr Cronin said that a minor vulnerability had been demonstrated by a
hacker last year, where by downloading a certain game, BlackBerry users
made information available for outside view, but that as long as
companies had appropriate policies in place for the devices use, there
was no risk.

In a statement, RIM said it was committed to working with and supporting
the needs of both corporate and government customers within France,
including protecting data from attack and unauthorised access.

Alain Juillet, head of economic intelligence for the French government,
was quoted in the Le Monde report as saying that there was a real risk
of interception on the BlackBerry network.

_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com