According to Canada.com, a memo by the Canadian federal department charged with overseeing cyber-security has warned that PIN to PIN messaging on BlackBerry is not secure.
“Although PIN-to-PIN messages are encrypted, the key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” the memo reads. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”
“PIN-to-PIN messaging bypasses all corporate e-mail security filters, and thus users may become vulnerable to viruses and malware code as well as spam messages if their PIN becomes known to unauthorized third parties,” the memo warns.
While this all may be true, the memo was meant for internal communication designed to ensure employees use their communication technology in accordance with the CIO’s security policies and required practices. But, the memo has obviously been spun as a derogatory issue by the mass media.
These “best practices” are hardly new. The Canadian government selects the forms of communications and the levels of security and it follows best practice of regularly communicating those practices internally, the case with the aforementioned memo.
In the event employees would use PIN to PIN messaging, the use of message encoding options like S/MIME to secure or encrypt PIN messages can be done. This is just one of many communication tools employees can use, but can be easily be blocked if the CIO’s elect to change using BlackBerry Enterprise Server or BlackBerry Enterprise Service 10 to offer more security.
We reached out the BlackBerry for this official statement on the matter:
“BlackBerry is the gold standard when it comes to security, which is why it’s preferred by governments worldwide. BlackBerry offers scalable security options for business and governments that allow organizations to customize their level of security. As with any form of mobile communications over a network, we encourage customers to exercise common sense approaches when communicating with people they do not know and storing sensitive information.”