Results 1 to 7 of 7

In my company we turn on journalling on our Exchange server to trap all in/outbound ... Server Admins forum

  1. #1
    slemmer's Avatar
    slemmer no está en línea Stack level 1
    Join Date
    Sep 2008
    PIN/ID
    206E69D8
    Posts
    14

    Question PIN security

    Advertisement



    In my company we turn on journalling on our Exchange server to trap all in/outbound messages for litigation search purposes. My IT manager disabled PIN messaging on the blackberries except for the execs because he said it was a security issue with respect to PIN messages since they cannot be traced. My CEO thinks otherwise since he says SMS messages can be traced. Is there any truth to PIN or SMS messages? Is PIN messaging secure between two parties?

  2. #2
    KalebsDad78's Avatar
    KalebsDad78 no está en línea Device Pro
    Join Date
    Jun 2006
    PIN/ID
    Just Ask
    Posts
    2,044
    PIN messaging is Blackberry to Blackberry with no logging by RIM or the carrier. The BES can log the messages but I have never heard of a security issue involving PIN messages.

    Now SMS is logged by the carrier so that could be subpoenaed. Once you end a Blackberry Messenger conversation on the device, the conversation is gone and cannot be retrieved.
    New User? - Read the NEW USERS GUIDE

  3. #3
    slemmer's Avatar
    slemmer no está en línea Stack level 1
    Join Date
    Sep 2008
    PIN/ID
    206E69D8
    Posts
    14
    Since the BES logs the messages can they be retrieved/searched with a built-in or external utility?

  4. #4
    knottyrope's Avatar
    knottyrope no está en línea Stack Professional
    Join Date
    Aug 2007
    PIN/ID
    ask
    Posts
    124
    external yes, they are just text files.
    Obi-Wan Kenobi says "Use the search Luke", and Yoda says "RTFM, you should"
    Torch 9800 on BES 4.1.7 MR3, SQL 2005, Exch 03 with 250 hopeless users

    http://twitter.com/#!/knottyrope

  5. #5
    wellsm's Avatar
    wellsm no está en línea Stack level 2
    Join Date
    Mar 2008
    Posts
    40
    A few quick security notes.

    PIN messages travel like this:
    device1 -> carrier1 -> RIM -> carrier2 -> device2

    RIM says they do not log PIN messages, but I can't find a reference to that. The instructor in BES advanced class said so, but I want to find it in print.

    PIN messages are scrambled, not encrypted.
    PIN message scrambling


    During the manufacturing process, Research In Motion® (RIM®) loads a common peer-to-peer encryption key onto BlackBerry devices. Although the BlackBerry device uses the peer-to-peer encryption key with Triple DES to encrypt PIN messages, every BlackBerry device can decrypt every PIN message that it receives because every BlackBerry device stores the same peer-to-peer encryption key. PIN message encryption does not prevent a BlackBerry device other than the intended recipient from decrypting the PIN message. Therefore, consider PIN messages as scrambled—but not encrypted—messages.


    You can limit the number of BlackBerry devices that can decrypt your organization’s PIN messages by generating a new peer-to-peer encryption key known only to BlackBerry devices in your corporation. A BlackBerry device with a corporate peer-to-peer encryption key can send and receive PIN messages with other BlackBerry devices on your corporate network with the same peer-to-peer encryption key. These PIN messages use corporate scrambling instead of the original global scrambling.


    You should generate a new corporate peer-to-peer encryption key if you know the current key is compromised. You can update and resend the peer-to-peer encryption key for users in the BlackBerry Manager.
    Also, through IT policy you can have devices report back with PIN messages to the server for logging. This happens during the wireless backup cycle (every 15 minutes, iirc.) The user may delete messages before that cycle and they will not be logged. (Actually need to test this one, but I know this is true for call logs which are similarly transmitted

    The logs are stored as .csv files on the BES, and are readable by Notepad or Excel, among other utils.

  6. #6
    slemmer's Avatar
    slemmer no está en línea Stack level 1
    Join Date
    Sep 2008
    PIN/ID
    206E69D8
    Posts
    14
    Interesting, yet on another post one member commented that when composing a PIN there is an option field above the To: filed that offers encoding options: Encrypt, Plain Text, Sign, and Sign and Encrypt with "default" as the default setting whatever that may be.

  7. #7
    RCode's Avatar
    RCode no está en línea Stack level 3
    Join Date
    Mar 2007
    PIN/ID
    304F0A29
    Posts
    139
    I have my BES setup so the users can only send PIN messages to each other. They cannot send them to BB's outside of the Organizations BES. You can receive from outside, just not send out. People complain about it all the time, but what can you do.

    We've tried turning the logs on, and it just collects a lot of crap, and conversations that people wouldn't want recorded.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •