updated 06:29 pm EST, Wed February 27, 2013
Nature of protocol could lead to misdirected messages
The Canadian government IT department has warned its workers that the BlackBerry PIN-to-PIN service is unsafe. According to a presentation by Public Safety Canada, messages sent with the service are "the most vulnerable method of communicating on a BlackBerry" making it "not suitable for exchanging sensitive messages." The newly-updated memo, first crafted in 2011, states that "although PIN-to-PIN messages are encrypted, they key used is a global cryptographic 'key' that is common to every BlackBerry device all over the world," and "any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device."
The Personal Identification Number (PIN) on a BlackBerry is unique to the device, and not the user. Given the need to reuse phones or resell devices as surplus , a message intended for a user may inadvertently reach the wrong person, possibly someone outside of governmental service.
Additionally, the memo declares that "PIN-to-PIN messaging bypasses all corporate e-mail security filters, and thus users may become vulnerable to viruses and malware code as well as spam messages if their PIN becomes known to unauthorized third parties." The new BlackBerry 10 OS retains the same communications protocol, and the same inherent flaw.
While the US government has more actual BlackBerry units in operation, the Canadian government has a much higher percentage of users on the platform. Figures place the cost of operating the system in Canada at over $2 million per month.