Click to Skip Ad
Closing in...

Canadian government warns BBM PIN-to-PIN messaging is ‘most vulnerable method of communicating on a BlackBerry’

Updated Feb 27th, 2013 10:38AM EST
BlackBerry Messenger Security

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Canadian government agency Public Safety Canada, which is tasked with overseeing cyber-security across all federal departments, has issued a memo warning government workers that communicating using BlackBerry Messenger PIN-to-PIN messaging is “the most vulnerable method of communicating on a BlackBerry.” Canada’s Postmedia News obtained the memo this week, which repeatedly advises workers to avoid sending PIN-to-PIN messages on their BlackBerry (BBRY) phones.

BlackBerry did not immediately have a statement available.

UPDATE: A BlackBerry spokesperson provided BGR with the following statement via email: “BlackBerry communications remain the most secure, preferred mobile communications used by governments worldwide. In fact, BlackBerry uniquely offers scalable, customizable security options for businesses and governments which allow them to apply their desired level of security.”

According to the memo, PIN-to-PIN messages sent via BlackBerry Messenger could be intercepted and read by any BlackBerry user anywhere in the world. Because of this, the memo states that the service isn’t “suitable for exchanging sensitive messages.”

“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” Public Safety Canada official stated in the memo. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”

It should be noted that Public Safety Canada has failed to take into account the fact that organizations have the ability to change the encryption key to a unique one, ensuring that only BlackBerry devices using the same BES network can communicate with each other. There are also several ways to encode BBM messages such as S/MIME, which adds another layer of security.

This isn’t a new position for the Canadian government, which has warned workers of PIN-to-PIN security issues for nearly a decade. The timing of this new warning couldn’t be worse, however, as rival offerings from Apple (AAPL) and Google (GOOG) continue to gain momentum in enterprise and government environments.

Postmedia News states that nearly two-thirds of federal employees with government-issued mobile devices currently use BlackBerry phones.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.