BlackBerry has a reputation for producing hack-proof or ultra-secure mobile devices, and the company’s newest BlackBerry Priv continues to provide the caliber of security that many have come to know and love (according to the Canadian manufacturer). At the same time, however, you may not know it, but consumer BlackBerry smartphones are not the only kinds BlackBerry sells.
Consumer desires for privacy and security are one thing, but governments and corporations need tighter security for obvious reasons. For this crowd, BlackBerry makes what are called Pretty Good Privacy-encrypted, or PGP-encrypted smartphones to ensure that sensitive data is protected. The company provides content protection by default for all BlackBerry smartphones, but for governments, corporations, and enterprises, BlackBerry (as does Samsung with its KNOX data) takes security and data encryption more seriously. Yes, there are levels of encryption, and few consumer devices feature the top data encryption that can exist in the world.
So, you’d think with these PGP-encrypted BlackBerry smartphones that companies, corporations, and national governments would have protection, right? Well, they do have some sort of defense – but they aren’t entirely hack-proof. That’s the latest from the Netherlands Forensic Institute (NFI). The corporation is responsible for working with law enforcement regarding criminal cases and the attainment of criminal documents and mobile data in the event that a crime has been committed and someone in particular is the main suspect. NFI press officer Tuscha Essed told Motherboard that “We are capable of obtaining encrypted data from BlackBerry PGP devices.” The NFI provided documents showing the same last year to Dutch blog Crime News when the institute showed encrypted emails that could be accessed and read alongside of deleted messages that could be easily recovered. And we’re talking about BlackBerry’s own devices here – not the BlackBerry Priv that runs Android.
PGP-encrypted BlackBerry devices are advertised as having more security than consumer devices: “We use PGP encoding as protocol for sending and receiving messages,” says TopPGP, while GhostPGP says that PGP-encryption “offers the only proven, time-tested means of communicating securely in total anonymity with PGP-encrypted email.”
BlackBerry responded to the claim from the NFI, stating that it could not say whether or not the claim was true because it did not have access to any BlackBerry device in question (nor could it verify the claim because it would need the actual BlackBerry device in which PGP encryption was broken for evaluation). What it does show, however, is that even BlackBerry devices are not immune from hackers and attacks, and that even encrypted devices are still vulnerable. For those who believe we are as close to a hack-proof device or world as we’ve ever been, this case involving one of the world’s most hack-proof devices serves as a potent reminder.