Operation WhiteBerry
Operation Whiteberry was developed in response to solve multiple problems
found within the wireless data transfer systems of Wireless Application Protocol
(WAP) and Blackberry Mobile Messaging system. Due to the security issues
surrounding these protocols, Operation Whiteberry is built upon to compete
against those industries that promote closed and proprietary solutions such as
RIM’s Blackberry. Instead of reviewing the complete project, the issue of security
that Operation Whiteberry promotes should better help to see the problems that
Blackberry faces.
It would be wise to understand the concept of end-to-end in RIM’s definition
instead of the logical definition. Operation W hiteberry is a project that defines
end-to-end as messaging from the point of origin to the point of destination or
from the blackberry to the intended email address. It is an important “point of
view” difference when related to security. RIM’s definition of end-to-end is
defined as messaging from the point of origin to the point of corporate email
redirection or from the blackberry device to the corporate mail system. Operation
Whiteberry also takes into account the proprietary or closed nature of its
messaging architecture, as this prevents the use of other independent or third
party security mechanisms.
All of these are important points. If the user or customer thinks that the
Blackberry wireless device provides security from the handheld to the receiver of
the email, they are only partially correct. Blackberry was built to be used by other
email servers, thus the security Blackberry provides is from handheld to the point
of decryption at the corporate mail system. After that, the email is sent using the
corporate mail system to the intended receiver, without any encryption, through the
Internet.
Last, Blackberry users have the ability to send electronic messages to other
blackberry users without connecting to the email system. This “direct-connect”
feature does not support full encryption and thus the information being sent and
received wirelessly is more easily accessible. It is important to remove this ability
or add a statement to your wireless policy revealing this information, and that no
confidential or corporate information be passed in this fashion.
During the terrorist attacks of September 11, 2001, while other lines of
communication failed, cell phones, pagers, telephones and such, Blackberry
didn’t. In fact, it has been getting rave reviews for its performance during those
horrible times. Remarkable stories have poured out from Blackberry users that
used the technology to stay in touch of loved ones, evacuate employees, or save
informational assets when no other source of communication was available.
On the day of those attacks, Congressman Robert Ney, R-Ohio used his
Blackberry to communicate with his assistants and family. As a result, he
ordered 435 Blackberry devices for each member of the House so those
representatives could communicate to their assistants and families during
emergencies. As an indirect result reports Congressman Ney, they have become
more productive throughout their normal workload.
If it’s good enough for the government, is it good enough for you? The answer
may be yes, if the correct policies and procedures are in place to maximize the
security benefits that Blackberry provides. The key to any secure environment,
wireless devices included, is to maximize the security features that each device
has available. Following these procedures and policies, as well as auditing users
to make sure these practices are followed should mitigate the risk that wireless
devices apply. Of course, not having these at all would be the optimal choice for
security, but that is not always possible. Wireless devices have an extremely far
distance to travel to be considered secure, but at least The Blackberry by
Research in Motion has been shown to be more secure than most wireless
devices currently in production.