A law enforcement team in the Netherlands have revealed that emails sent encrypted on BlackBerry devices can be read on the devices despite the use of the encryption technology, PGP, on BlackBerry devices.

A team of forensic investigators from the Netherlands Forensic Institute (NFI), noted that through the use of certain software, a forensic technology, they were able to recover deleted messages and read encrypted emails on these devices that utilised PGP software.  These BlackBerry devices are custom and security-focused BlackBerry devices that include an encrypted email feature.

The Dutch team have claimed that they were able to recover 325 emails from the device and furthermore managed to decrypt 279 of those encrypted emails.

A lot has been noted with regards to the PGP technology recently, also known as Pretty Good Privacy.  PGP is an older technology, released in 1991, and with the rapid evolution of all things tech a 25-year-old technology leaves many wondering if it will still suffice.  A modern and current solution is now crucial and a revelation such as this one, discovered by the NFI, is further proof that this is certainly necessary.

These PGP-encrypted BlackBerry models are sold on the footing that they are suitable for communicating sensitive information in a manner that other devices may not be capable of achieving.  Governments, military and organisations use them to secure sensitive communications.

BlackBerry have said “‎We are confident that BlackBerry provides the world’s most secure communications platform to government, military and enterprise customers”.

It is unclear as to the technique that was utilised to decrypt the communication on these PGP secured devices, however the discovery has shown that these encrypted email communications, on these devices, are not impassable after all.

BlackBerry however have dismissed claims that this decryption has occurred and the company have stated the following,

If such an information recovery did happen, access to this information from a BlackBerry device could be due to factors unrelated to how the BlackBerry device was designed, such as user consent, an insecure third-party application, or deficient security behaviour or the user”.  

BlackBerry has also said that they continue to be focused on privacy and security and asserted that there are no backdoors in any of their devices.

It is crucial, now more than ever, that a secure encryption solution be utilised, one that is transparent and compatible on the variety of platforms and devices.  The solution must offer a method of key management that is both automated and transparent.  Essentially the technology should be current to ensure the best level of security and as technology evolves, the solution should evolve with it to ensure it remains up-to-date.

The Register

https://www.theregister.com/2016/01/13/blackbery_pgp_riddle/

SC Magazine

https://www.scmagazine.com/brief/architecture/we-can-read-encrypted-emails-on-blackberry-devices-dutch-team-says