Blackberry—the financially floundering smartphone maker that prides itself on end-to-end encryption—may have finally met its match in the form of the Royal Canadian Mounted Police. Motherboard reports that the RCMP, as part of a criminal investigation, was able to intercept and decrypt more than a million Blackberry messages over the course of two years.
The problem with Blackberry’s security strategy is that every non-corporate phone it manufactures uses a single encryption key. Getting that key makes unscrambling messages from just about any Blackberry device a breeze, and that’s exactly what the RCMP did—though the Mounties have yet to disclose that they have the key or how exactly they got it.
Unlike previous Blackberry decrypts, which required physical access to the phones in order to work, the Mounties set up a server in Ottawa that simulates a message’s intended recipients and then uses that global key to decrypt them. In this instance, the server and key were used to gather evidence about the killing of crime family member Sal “the Ironworker” Montagna in an investigation dubbed Project Clemenza.
Although their investigation has ended, the RCMP can still read messages sent by nearly every Blackberry device. And even Blackberry changes their global encryption key, who’s to say whatever methods the RCMP employed the first time won’t work again? Blackberry, by the looks of it, just ran out of selling points.
We reached out to Blackberry for comment, and we’ll update when it responds.