UAE ban on BlackBerry data a security badge of honor

SAN FRANCISCO, Aug 3, 2010 (AFP) - Security experts said Tuesday that banning BlackBerry data service in the United Arab Emirates smacks of political backlash and could be a testament to how hard it is to snoop on that network.

"The BlackBerry security model is very different from other phones," said Kevin Mahaffey of Lookout mobile security firm.

"It is end-to-end and the encryption is so strong nobody knows how to monitor it."

A user tries out the new Blackberry Torch 9800 smartphone after it was unveiled at a news conference August 3, 2010 in New York City. AFP

Canada-based Research In Motion built its own platform for business customers that encrypts BlackBerry email messages and routes them in a way that keeps the data off limits from even telecom firms that carry the transmissions.

"They have such good security that I think some countries are uncomfortable with the fact that they can't intercept it," said Lookout chief executive John Hering.

While iPhones have been all the rage with smartphones users thrilled by games, social networking, video watching and other casual uses, BlackBerry has remained a favorite for business people craving secure wireless communications.

BlackBerry smartphones can be hard targets for countries that do electronic snooping in the name of national security.

RIM on Tuesday denied allegations it had offered some governments access to customers' data and not others, as it faced a ban in two Gulf States and India.

The UAE has said that BlackBerry services including messenger, web browsing and email will be suspended because they "allow individuals to commit violations" that the country cannot monitor.

People who use BlackBerry handsets as personal smartphones don't enjoy the same protections as companies that contract with RIM to deploy the devices to employees.

BlackBerry security is designed to let business users "transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data," according to RIM.

RIM uses a special layer of coding to shield email as it is routed to the company's servers and then on to intended recipients, according to Mahaffey.

BlackBerry also uses encrypted validation to identify handsets connecting to the network, according to Peter Beardmore of Russia-based computer security firm Kaspersky Lab.

"BlackBerry is a more highly secured device," Beardmore said.

"There are a wide variety of services available through the BlackBerry network that you are going to be hard pressed to find in other services."

Typical smartphones route email through telecom service providers, which can intercept data for governments.

Text messages, voice calls, and Internet browsing activity are up for grabs on all smartphones because telecom service providers can see that activity, said Nicholas Percoco, vice president of SpiderLabs at Trustwave Information Security firm.

Online purchases, banking and other financial dealings should be protected by encryption that is standard practice for such transactions.

Percoco wondered whether the move against BlackBerry in the UAE was political backlash.

Two years ago, RIM charged that an update issued by UAE's largest telecom service provider, Etisalat, was actually spyware, and that it enabled unauthorized access to information stored on users' smartphones.

Microsoft makes ActiveSync software for businesses that can encrypt email sent with iPhone, Android, or Windows smartphones, Percoco noted.

Secure, encrypted connections can be made wirelessly from laptops with the help of VPN software from Cisco. Good Technology sells software to protect messages on mobile phones.

"This whole thing may not be security charged, it may be politically charged," Percoco said.

"From a security standpoint, it doesn't really jibe," he continued. "It looks like basically RIM wouldn't let them put a bugging device in the phone."

Other news