Jump to content

Banning Blackberries

GostHacked
 Share

Recommended Posts

GostHacked Grand Master

GostHacked

Posted
Posted

http://www.bbc.co.uk/news/technology-10878253

"This is prompted by the increase of security issues that have been found with the telecommunications networks in Lebanon," Imad Hoballah, the chair of the country's Telecommunications Regulatory Authority told French news agency AFP.

First it was the UAE, then Saudi Arabia, and now Lebanon is looking at banning the Blackberry. Main issue being the secure safe encryption of data transmission which those governments cannot access without consulting with RIM. The other issue is that the data stored/processed by the Blackberry Enterprise servers is located in Canada.

If there are security risks, it could be due to stuff like this :

http://news.bbc.co.uk/2/hi/technology/8161190.stm

The update was prompted by a text from UAE telecoms firm Etisalat, suggesting it would improve performance.

Instead, the update resulted in crashes or drastically reduced battery life.

Blackberry maker Research in Motion (RIM) said in a statement the update was not authorised, developed, or tested by RIM.

I guess this in a way tells you how secure the RIM infrastructure really is. I mean they should have already known that RIM encrypts and stores the data here in Canada, so you gotta wonder why all this opposition is just starting. From the reports there are over 400,000 in use in the UAE and over 700,000 in Saudi Arabia. So those concerns should have been brought up when the Blackberries were introduced to their markets. The articles state that it seems only RIM is being singled out here when other smartphone makers operate in a similar fashion of encrypting and storing data out of country.

I expect more countries like Saudi Arabia and the UAE to ban the Blackberry and possibly other smartphones as well if they don't get the access to monitor the phones.

Link to comment
Share on other sites
nicky10013 Grand Master

nicky10013

Posted
Posted

http://www.bbc.co.uk/news/technology-10878253

First it was the UAE, then Saudi Arabia, and now Lebanon is looking at banning the Blackberry. Main issue being the secure safe encryption of data transmission which those governments cannot access without consulting with RIM. The other issue is that the data stored/processed by the Blackberry Enterprise servers is located in Canada.

If there are security risks, it could be due to stuff like this :

http://news.bbc.co.uk/2/hi/technology/8161190.stm

I guess this in a way tells you how secure the RIM infrastructure really is. I mean they should have already known that RIM encrypts and stores the data here in Canada, so you gotta wonder why all this opposition is just starting. From the reports there are over 400,000 in use in the UAE and over 700,000 in Saudi Arabia. So those concerns should have been brought up when the Blackberries were introduced to their markets. The articles state that it seems only RIM is being singled out here when other smartphone makers operate in a similar fashion of encrypting and storing data out of country.

I expect more countries like Saudi Arabia and the UAE to ban the Blackberry and possibly other smartphones as well if they don't get the access to monitor the phones.

This isn't about security, it's about censorship. "Secuirty" to these countries means not being able to monitor private traffic. If they can't get access to the data, then how will they track down and crush dissident movements?

Link to comment
Share on other sites
Wild Bill Grand Master

Wild Bill

Posted
Posted (edited)

I expect more countries like Saudi Arabia and the UAE to ban the Blackberry and possibly other smartphones as well if they don't get the access to monitor the phones.

Maybe not. Even a state like Saudi Arabia would have a hard time dealing with 700,000 angry Blackberry users who have just been cut off!

I suspect it may simply be a power play by a totalitarian government that doesn't really understand the technology in the first place. They probably believe that there has always been a backdoor key to decrypt msgs and all they have to do is to put pressure on RIM to give it to them!

RIM is telling the truth that there is no such key, or at least, none that RIM has! Who knows if Uncle Sam has put enough brains on the problem to crack the encryption themselves? Saudi Arabia may have spies that have told their masters that this is the case. The Saudis likely don't have access to the type of high tech resources to crack the encryption themselves so again, it's easier to assume they can just get it from RIM!

I think they'll lose on this one. RIM is likely being honest that they have no such key and wouldn't give it to a government anyway! If the Saudis or the UAE want to shut RIM out and face the heat from all those pissed-off users then we'll see how it works out!

Edited by Wild Bill
Link to comment
Share on other sites
kimmy Grand Master

kimmy

Posted
Posted

Thought police. Very nice.

In the context, very understandable, IMO.

I'm all for people having the right to speak freely.

However, I'm also in favor of law enforcement officials being able to conduct reasonable investigation of individuals they believe are a threat to society. In some situations, I think wiretapping and other forms of monitoring are entirely warranted.

In a place like Canada, those situations are (I expect) pretty few and far between. In a place like Dubai, things would probably much more complicated. I would expect that Dubai itself is quite offensive to the fanatical kooks in the region, and I have heard that UAE police have foiled a number of terror plots.

-k

Link to comment
Share on other sites
dre Grand Master

dre

Posted
Posted
Who knows if Uncle Sam has put enough brains on the problem to crack the encryption themselves?

Thats sorta the beauty of key encryption algorithms... they can only be cracked by brute force and it takes an EXTREMELY long time to do it... many many years for each session.

Link to comment
Share on other sites
Wild Bill Grand Master

Wild Bill

Posted
Posted

Thats sorta the beauty of key encryption algorithms... they can only be cracked by brute force and it takes an EXTREMELY long time to do it... many many years for each session.

Yeah, but it helps if you're the country with all the toys! That could cut the job from decades to days.

How many Cray computers is Saudi Arabia likely to have at their disposal to crack the RIM encryption?

Link to comment
Share on other sites
dre Grand Master

dre

Posted
Posted

Yeah, but it helps if you're the country with all the toys! That could cut the job from decades to days.

How many Cray computers is Saudi Arabia likely to have at their disposal to crack the RIM encryption?

The problem is that the toys Uncle Sam has are woefully inadequate.

Lets look at a 128 bit encryption algorithm...

They keyspace is rougly 1^38 meaning that theres about 10000000000000000000000000000000000000000 possible combinations.

What that means is that if you had a computer that could iterate through 1 TRILLION attempts per second (such a computer does not even exist yet), then it would still take that computer 1 000 000 000 000 YEARS to break the key.

Since we have distributed computing now, its possible that "Uncle Sam" could get a few hundred million computers working on the crack at the same time... But supposing you could get all these computers testing a hundred trillion or even a quadrillion keys per second, it would still take MANY THOUSANDS OF YEARS to break the key.

And once computing power reaches the point where a certain key size is vulnerable then they will simply make the keyspace bigger.

The biggest key thats ever been cracked so far is a 64 bit RC5 key... thats the world record... it took 5 years to crack during a massive distributed attack (millions of computers).

http://www.distributed.net/RC5

But as you increase the size of the keyspace the encryption gets stronger on an exponential scale... So 128 bit encryption isnt TWO times as strong as 64 bit encryption, its 4.3 billion times stronger.

Link to comment
Share on other sites
Bonam Grand Master

Bonam

Posted
Posted

The problem is that the toys Uncle Sam has are woefully inadequate.

Lets look at a 128 bit encryption algorithm...

They keyspace is rougly 1^38 meaning that theres about 10000000000000000000000000000000000000000 possible combinations.

What that means is that if you had a computer that could iterate through 1 TRILLION attempts per second (such a computer does not even exist yet), then it would still take that computer 1 000 000 000 000 YEARS to break the key.

Since we have distributed computing now, its possible that "Uncle Sam" could get a few hundred million computers working on the crack at the same time... But supposing you could get all these computers testing a hundred trillion or even a quadrillion keys per second, it would still take MANY THOUSANDS OF YEARS to break the key.

And once computing power reaches the point where a certain key size is vulnerable then they will simply make the keyspace bigger.

The biggest key thats ever been cracked so far is a 64 bit RC5 key... thats the world record... it took 5 years to crack during a massive distributed attack (millions of computers).

http://www.distributed.net/RC5

But as you increase the size of the keyspace the encryption gets stronger on an exponential scale... So 128 bit encryption isnt TWO times as strong as 64 bit encryption, its 4.3 billion times stronger.

This is all true, but there are better ways to hack into secure communications than trying every possibly key randomly. The brute force method is rarely/never employed in actual hacking.

Link to comment
Share on other sites
dre Grand Master

dre

Posted
Posted

This is all true, but there are better ways to hack into secure communications than trying every possibly key randomly. The brute force method is rarely/never employed in actual hacking.

But the brute force method is the only way to electronically hack public / private key encryption. The only other possibility would be to expose a bug in the basic algorithm, but all the common standards have been extremely well tested.

The other options revolve around modifying the actual device or the the client that manages encryption, but that means you have to have electronic or physical access to the phone in question which kinda renders the whole point moot.

This is exactly why governments are afraid of encrypted communications. Its also why their attempts to monitor peoples information are ultimately doomed to fail.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Tell a friend

    Love Repolitics.com - Political Discussion Forums? Tell a friend!

  • Member Statistics

    • Total Members
      10,736
    • Most Online
      1,403
    Harley oscar
    Newest Member
    Harley oscar
    Joined

  • Recent Achievements

    • Week One Done
      NakedHunterBiden
      NakedHunterBiden earned a badge
      Week One Done
    • Conversation Starter
      User
      User earned a badge
      Conversation Starter
    • Rising Star
      User
      User went up a rank
      Rising Star
    • Week One Done
      JA in NL
      JA in NL earned a badge
      Week One Done
    • Reacting Well
      haiduk
      haiduk earned a badge
      Reacting Well

  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...