Site Loader

BlackBerry, which has rebranded as a safety firm as its cell handset enterprise fades, bought Cylance, the machine-learning based mostly anti-malware firm, for $1.four billion final week. The transfer is in step with BlackBerry’s public technique to safe endpoint units resembling automobiles, medical units, and important infrastructure, but it surely raises eyebrows within the safety neighborhood, given the corporate’s historical past with encryption backdoors.

The corporate plans to combine Cylance’s anti-malware answer into the BlackBerry Spark platform, “which is on the middle of our technique to make sure information flowing between endpoints (in a automobile, enterprise, or sensible metropolis) is secured, non-public, and trusted,” BlackBerry wrote in a press release.

Deploying Cylance’s well-respected anti-malware service on IoT units is probably a giant win for IoT safety, however CEO John Chen’s stance on “lawful entry” has put him and BlackBerry at odds with a lot of the safety neighborhood — and that will concern organizations planning to make use of the Cylance/Spark product.

On the top of BlackBerry’s recognition as a handset producer, the corporate is believed to have shared its world decryption key for shopper BlackBerry units with the Canadian federal police, the RCMP. In the course of the Apple v. FBI spat a pair years in the past, when the FBI was clamoring for backdoored encryption, Chen was a vocal critic of Apple, and known as for tech corporations to cooperate with legislation enforcement. However in a weblog put up yesterday, Chen mentioned that “BlackBerry’s merchandise do not need backdoors,” whereas reiterating his stance that tech corporations ought to “adjust to affordable lawful entry requests.”

BlackBerry’s black eye

Courtroom paperwork clarify that at the very least as early as 2010 the Canadian federal police had a duplicate of BlackBerry’s world decryption key, put in in each shopper gadget on the manufacturing facility. Whoever possessed a duplicate of that key was capable of decrypt textual content messages despatched between BlackBerry’s shopper handsets. By designing a system with backdoored encryption, not solely did BlackBerry make shopper handset customers weak to the RCMP for “lawful entry”, but in addition weak to any international spies, organized criminals, or terrorists who might need hacked the corporate (or the RCMP) and stolen a duplicate of that decryption key.

(BlackBerry denies giving its world decryption key to the Canadian police however supplied no various clarification of how the important thing got here into the RCMP’s possession.)

Whereas leaving a worldwide decryption key–a.ok.a. a “golden key”–under the doormat for malicious actors to find and use to violate the confidentiality of consumer textual content messages is unhealthy, an identical system deployed for the kinds of IoT units that Cylance helps may have extra severe penalties. Any cooperation with legislation enforcement that creates such a backdoor weakens safety for everybody, specialists informed CSO.

Backdoors could be any methodology that gives entry to encrypted data with out the consumer’s consent. “Backdoors is usually a public security problem when current in remotely accessible, safety-critical programs,” Beau Woods, a Cyber Security Innovation Fellow with the Atlantic Council in Washington, tells CSO. “Technical capabilities are coverage agnostic — they cannot distinguish between what’s permitted and forbidden by legislation.”

Post Author: evansvil

Leave a Reply

Your email address will not be published. Required fields are marked *