A change of heart on the smartphone

A few months ago I attended the launch of the Enterprise Server 5.0 from Research in Motion (RIM) for the BlackBerry handset.

It was at this event that I really got a feel for what the company was about for the first time, and as well as learning about the new launch and development, I got an idea of how other journalists are using the device.

I was able to land one of the Bold devices on a loan, and regular readers of our Security Cats blog will know that my first impressions of the BlackBerry were not necessarily negative, but not overly favourable either.

My main gripe was that this was a device I could live without, despite seeing any number of people in pubs, coffee shops and on public transport at any time using their device. So I decided to keep an open mind, and although I do have some fresh discoveries within the emailing ability and App World, my main questions about it came from a security perspective.

Because of this, I got back in touch with the company and got talking to Michael K. Brown, director of product management of BlackBerry security at RIM. I had first met Brown at the InfoSec exhibition in April at London's Earl's Court, where I repeatedly tried to get a free handset, but to no avail.

We are all instructed to be secure with our desktops, and ensure that we have anti-virus settings up to date and to not click on suspicious emails or links, but is this the case with the handheld also? What about the physical security of the device itself, or encryption of the messages you send?

I put some of these questions to Brown. Firstly, I asked him if the BlackBerry offers encryption on email messages that are sent from it? Brown said: “The BlackBerry Enterprise Server communicates with an email server within the firewall and fully encrypts information using either AES-256 or Triple DES standards before sending it to the intended BlackBerry smartphone.

 

“The recipient's BlackBerry smartphone has a corresponding encryption key that enables the information – be it an instant message, email or similar – to be converted back into legible text for the user to read. The latest version of the BlackBerry Enterprise server - v5.0 – which was launched in May this year, continues to use this approach.

 

“For users that connect via the BlackBerry Internet Service they have their data transferred by the network operator who provides a service similar to a SSL connection.”

 

So in terms of the physical security, what does this offer? Brown explained that many of the functions on the BlackBerry have security features built in, such as data erasure and password protection.

 

“It's down to the customer to balance security with usability. Many enterprise customers allow users specify their own password, but the company's IT administrators can set and enforce policies on how many attempts to enter a password can be made, how many characters the password should be. Also if the handset is lost then the IT admin can send a policy to the lost device to lock it and even remotely wipe all of the data on it,” said Brown.

Early this year I met with CellCrypt, whose chief executive Simon Bransfield-Garth, explained that its voice encryption technology software was available for standard mobile phones, while the company supported Nokia Smartphones and Window Mobile devices. At the time he claimed that support for BlackBerry was ‘on the way'.

Brown updated that however, explaining that if extra protection is needed for encrypted voice calls, RIM does have partnerships with companies including Cellcrypt that provides cellular encryption.

Possibly one of the main attractions and incentives of owning a smartphone is the ability to download applications. This is probably where the Apple iPhone takes a market share, as my limited experience of it is that it is a simple phone that you add things to. A basic opinion? Apple refused to participate so I am left to my own presumptions and observations.

So the appeal of the iPhone is the ability to download applications. With security-based applications now becoming available from the likes of RSA, VeriSign and Charismathics launching applications, I asked Brown what the options are for BlackBerry users?

Brown said: “In addition to all the security features that are built into the BlackBerry solution there are security applications from third parties, who include PGP who offer customers additional encryption and with Cellcrypt for voice encryption. RIM also provides a BlackBerry smart card reader and we are working with RSA and VeriSign to develop security-based applications.”

The subject of smartphone applications was also raised by PayPal this week, with its announcement that a PayPal application was being launched for Android that will give easy access to the users account, with direct integration with the contact list, recent history and balance checks.

Eric Duprat from PayPal's mobile team, said: “All your mobile payments are kept safe using the same state-of-the-art technology we use on paypal.com.”

Finally I asked him about physical security, firstly of the handset, which he explained was password protected and something that RIM takes very seriously. Brown claimed that RIM works hard to ensure that the handset is secure, but that security does not get in the way.

The subject of the security of the BlackBerry email servers was also raised, firstly early this week by Simon Ford, international sales director of NCP, who voiced concern over the idea that all emails are stored on their servers, and how this is a problem if a disgruntled employee could get access to them.

Brown responded by claiming that RIM does take security very seriously and as much as the customer does. He also said that the infrastructure goes through rigorous licensing and is certified with the Communications Electronics Security Group (CESG), the UK Government's National Technical Authority for information assurance.

So my time with the BlackBerry Bold comes to an end, and I have to find other things to do on the tube other than run the battery down playing BrickBreaker and Word Mole.

To answer an earlier point about whether or not I could live without a smartphone, the jury is really still out as until I am in a position where I am solely reliant on a handheld device will determine that, but my time with the device has certainly shaped my opinion and I will be sad to see it go.

Sign up to our newsletters