Canadian government agency Public Safety Canada, which is tasked with overseeing cyber-security across all federal departments, has issued a memo warning government workers that communicating using BlackBerry Messenger PIN-to-PIN messaging is “the most vulnerable method of communicating on a BlackBerry.” Canada’s Postmedia News obtained the memo this week, which repeatedly advises workers to avoid sending PIN-to-PIN messages on their BlackBerry (BBRY) phones.
BlackBerry did not immediately have a statement available.
UPDATE: A BlackBerry spokesperson provided BGR with the following statement via email: “BlackBerry communications remain the most secure, preferred mobile communications used by governments worldwide. In fact, BlackBerry uniquely offers scalable, customizable security options for businesses and governments which allow them to apply their desired level of security.”
According to the memo, PIN-to-PIN messages sent via BlackBerry Messenger could be intercepted and read by any BlackBerry user anywhere in the world. Because of this, the memo states that the service isn’t “suitable for exchanging sensitive messages.”
“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” Public Safety Canada official stated in the memo. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”
It should be noted that Public Safety Canada has failed to take into account the fact that organizations have the ability to change the encryption key to a unique one, ensuring that only BlackBerry devices using the same BES network can communicate with each other. There are also several ways to encode BBM messages such as S/MIME, which adds another layer of security.
This isn’t a new position for the Canadian government, which has warned workers of PIN-to-PIN security issues for nearly a decade. The timing of this new warning couldn’t be worse, however, as rival offerings from Apple (AAPL) and Google (GOOG) continue to gain momentum in enterprise and government environments.
Postmedia News states that nearly two-thirds of federal employees with government-issued mobile devices currently use BlackBerry phones.