Citing the potential for "political IT attacks", following the ongoing bargaining between RIM and Middle East countries on improving lawful surveillance, Germany's Interior Minister is advising ministers to dump the BlackBerry, and replace it with BSI-certified SiMKo 2 smart phones.
What's so special about the SiMKo 2 device from a security perspective?
First introduced in 2009's CeBIT, the smart phone is exclusively marketed to government agencies, and has been recommended by the Federal Office for Information Security (BSI), for handling Classified – for official use only (VS-NfD security level) data. Following its release, the device was quickly adopted by German ministers, clearly not to extend as recommended for the country's Interior Minister:
BlackBerry's infrastructure is a company-owned closed system. But the access standard must be capable of being set by the government and not by a private company.
From data encryption, standard S/MIME, digital identities through certificates (microSD based hardware tokens), VPN tunneling, what's particularly interesting about the device is that, T-Systems have labeled the camera, bluetooth, GPS and WLAN as potentially unsafe, and has consequently deactivated the interfaces. With all interfaces other than GSM, EDGE and UMTS disabled, and VPN tunneling enforced by default for EDGE and UMTS data transfers, the device clearly aims to offer secure end-to-end data transfers.
Go through related resources on BlackBerry's security features:
- BlackBerry Security Features
- Advanced Security Features for Government
- BlackBerry Enterprise Solution - Security Technical Overview
In 2007, the French cabinet issued a similar ban citing a two-year confidential study into the security of BlackBerry devices. Earlier this year, the French cabinet found an alternative solution, and adopted the TEOREM phone. U.S President Barack Obama, also faced a similar situation when he wanted to keep his BlackBerry, but was given a Sectera Edge device.
What the three devices currently share, though, is a ubiquitous flaw which no OS-hardening process -- unless it kills the core functionality of the device in the face of communication -- can protect against - the end user.