I just wanted to provide some more detail to my previous explanation of what communications are encrypted on a BlackBerry. This issue has caused quite a bit of confusion recently so I thought I would clear it up specifically for BlackBerry Messenger and PIN messages.
BlackBerry Messenger and PIN to PIN messages are NOT encrypted. They are scrambled using a global cryptographic key which EVERY BlackBerry in the world uses. BES administrators have the option to encrypt the body of PIN messages (but not the PIN itself) using a organization specific encryption key but that limits users to only be able to send PIN messages within the organization so it is usually not done. It is possible to use the S/MIME Package RIM sells to encrypt PIN to PIN messages but that gets complicated and is really only done by Government organizations.
There are a couple of problems with PIN to PIN messaging that is also the basis of BlackBerry messenger that you should know about. The Communications Security Establishment in Canada was kind enough to detail some of these issues:
- As said before PIN to PIN messages by default are NOT encrypted they are scrambled using a cryptographic key
- If an wireless carrier or government manages to reroute your PIN message to any other BlackBerry in the world by changing the header then it will be readable on that device
- Devices cannot be reused by another person since messages for that PIN will continue to come to the device for the original owner. Think of it this way. If you sell your BlackBerry the new owner will get your PIN messages. The sender would also have no idea that this is the case.
- You have no idea if the person sending you that PIN message has not sold their device or had it stolen by another person who is impersonating them.
- Even if an organization uses their BES with a organization specific PIN key the PIN number is still not encrypted and sent in the clear. That means a snoop could see who is sending messages back and forth.