Posted on

Still Secure: Debunking Myths About BlackBerry PGP

PGP, which stands for Pretty Good Privacy, is a widely used method of protecting and authenticating personal and private communication between two parties. The technology works seamlessly on a BlackBerry device, making BlackBerry PGP encryption one of the most reliable forms of secure email communication in the world.

Unfortunately, many myths about the security and reliability of BlackBerry PGP encryption persist. They tend to pop up any time there’s a high-profile story about police claiming they’ve managed to decrypt the private communication of citizens.

We’re here to bust the three biggest myths about BlackBerry PGP encryption:

Myth: Law enforcement agencies have cracked BlackBerry PGP encryption

In reality, it’s virtually impossible to crack encryption. A task like that would take thousands — perhaps even millions — of years to accomplish. You access encrypted data by bypassing or circumventing encryption, not cracking it.

In this case, for communications to be secure from law enforcement, the BlackBerry in question must be paired to a private BlackBerry Enterprise Server (BES). Essentially, a private BES is a private network, where a portion of the encryption key for the device in question is stored on a private server. The device doesn’t contain the entire key, and neither does the server. Data remains encrypted — you can’t access one without the other.

While we have no way of knowing exactly how law enforcement gains access to devices, they likely do it by obtaining passwords from individuals willing to share them, rather than by circumventing the encryption technology itself.

People, rather than technology, tend to be the weakest link in encryption.

Myth: BlackBerry devices are vulnerable to hacking

By not pairing a BlackBerry device with a private BES, it’s true that law enforcement could theoretically access it by physically removing the chips for the device in question and analyzing them forensically, or by using a debugging connection.

To avoid this, users should simply never use PGP encryption on a BlackBerry that isn’t paired to a private BES infrastructure.

In general, 80% of the devices we use every day are already infected with malware. BlackBerry PGP encryption accessed via a reliable provider isolates the use of the phone to just email. None of the other functions of the phone — web browsing, apps, texting, GPS, video, camera or microphone — are available.

This removes the opportunity for someone to use malware to circumvent the encryption.

Myth: Governments can demand access to BlackBerry PGP providers’ servers

Unfortunately, if these servers are located offshore in a politically unstable country, authorities could demand and gain access to a private data center. This is why you need to choose your service very carefully.

Myntex’s servers are managed on-site in Canada and not outsourced to a foreign location. This means we’re able to restrict access and mitigate the corruption issues that come up in other countries.

Ready to offer BlackBerry PGP to your customers? Get in touch.

Posted on

Why Encryption is the Future of Online Communication

It feels like stories of large-scale hacking and security attacks are everywhere.

The U.S. government has formally accused Russia of launching a cyber attack in a bid to harm Democratic nominee Hillary Clinton’s presidential campaign.

In late 2016, Yahoo announced it was the victim of the biggest hacking incident ever. The attack, which actually happened in 2013, affected roughly one billion user accounts and resulted in the theft of email addresses, phone numbers, dates of birth and passwords. Perhaps the most disturbing part of the whole incident: Yahoo users didn’t find out about the breach until three years after it happened.

Email is notoriously insecure. The uncomfortable truth is that if you use email, someone has probably already accessed your private data simply because anyone savvy enough to intercept a message not protected by an encryption key can read it. Whether you’re sending baby photos to family or sensitive client documents to colleagues, this matters.

Encryption as a privacy solution is not new, but it’s been slow to go mainstream. Plenty of us realize the way we choose to communicate is not secure, but lack the resources or know-how to protect ourselves. But that’s starting to change.

Here’s why encryption is the future of online communication.

 

Encrypted messaging apps have arrived

WhatsApp, one of the most popular web messaging apps in the world, now claims to offer  end-to-end encryption as part of their service. Its one billion users don’t have to opt in; the company says messages are automatically encrypted as long as the app is updated.

Facebook, WhatsApp’s parent company, has also rolled out encrypted communications. But in the case of Facebook Messenger, you need to manually switch over to the Secret messages function.

Clearly, the demand for encryption is growing. Unfortunately, it’s still too good to be true. These companies aren’t living up to their encryption claims. In the case of WhatsApp, the company owns the encryption keys, instead of the user, meaning they could unscramble any message simply by changing the encryption key.

Even worse, WhatsApp is now the target of a lawsuit from a German consumer group that alleges the company shares its private user lists with Facebook.

In general, messaging apps with encryption offer a bit of privacy protection, but because they can’t control the devices people use, everyone is still at risk. It’s far more secure to rely on a trusted email encryption provider.

 

Encrypted email is getting easier to use

The public is finally coming around to the notion that email encryption isn’t all that complex for users. And unlike messaging apps, email encryption on a device such as a BlackBerry is actually secure.

Encryption essentially means scrambling a message sent over the internet so that anyone without a password — called an encryption key — is unable to view it. The email looks like gibberish without the encryption key.

Luckily, email users don’t need to create these encryption keys themselves or be particularly tech savvy. They just need to purchase a reliable service that does it for them. In many cases, this simply means purchasing a phone, SIM card and email encryption service from a reputable provider.

The phone user has two encryption keys: a private one that only they know, and a public one that other people need to communicate with them. Sending encrypted email is much like sending regular email, with the addition of the handful of straightforward steps to enter your encryption passwords.

 

We’re waking up to our right to privacy as citizens

We’re becoming increasingly aware that we’re under constant surveillance, often from government, to track our movements and even censor speech. Troubling new legislation enacted late last year in the UK will give law enforcement and intelligence agencies the authority to “conduct online surveillance, hack into devices deemed relevant to investigations, and make technology companies provide access to data about their users.”

Digital communication also crosses many borders, meaning that even if you’re comfortable with the level of surveillance in your own country, you could become the target of a foreign government’s surveillance or hacking tactics.

Even if you have nothing to hide, you still have a right to digital privacy. Email encryption won’t stop your emails from being intercepted, but it will prevent those intercepted emails from being read.

 

Don’t miss out on the opportunity to meet the growing need for email encryption services. Find out more about becoming a reseller.