BlackBerry Ltd (NASDAQ:BBRY) posted a blog post today about BBM security. This blog post could be BlackBerry’s response to the latest report by Electronic Frontier Foundation (EFF) claiming that BlackBerry Ltd (NASDAQ:BBRY)’s messaging systems not only fell short of EFF’s expectations but also ranked below Apple Inc. (NASDAQ:AAPL).
Security and privacy top priority
In the blog post, Jeff Gadway, head of product and brand marketing for BBM said that security and privacy are top priority when it comes to enterprise messaging solutions. BlackBerry Ltd (NASDAQ:BBRY) provides products and services that are designed to make mobile workers more productive while at the same time meeting their enterprise need for security and control.
BBM ensures contacts’ identities
When responding to an invite, customer using BBM can demand the other party to know a security question or phrase. Mr. Gadway said BlackBerry’s secure enterprise messaging application BBM Protected uses an extra step by using an out-of-band secret code that is sent via email, SMS or even exchanged in person, the two participating parties identities is validated. This secret code is used to protect the encryption and signing keys.
The above seems a direct response to EFF’s report showing BlackBerry cannot verify the contacts’ identities.
BBM code audited
BlackBerry said they publish their security designs and has a security research group made up some of the best security experts in the world that actively reviews BBM and BBM Protected. BlackBerry gave the following links to find the security designs for both BBM and BBM Protected:
- For BBM – Published September 2014
- For BBM Protected – Published September 2014
Again, this seems a direct response to EFF’s report criteria if the code is open to independent reviews, if the security design properly documented and if the code has been audited.
Using FIPS 140-2
BlackBerry Ltd (NASDAQ:BBRY) said that BBM Protected is the only messaging client that uses FIPS 140-2 validated cryptography library. It also said that BBM Protected uses Suite B Cryptography which exceeds ‘top secret’ communications required key sizes.