Feeds

Report: BlackBerry BYOD-ware doesn't pass UK.gov security test

But is 'likely' to in future, says GCHQ

Website security in corporate America

Update BlackBerry Balance, the new feature in BB10 aimed at meeting demand for bring-your-own-device regimes, has been found insufficiently secure for that purpose by Britain's Communications Electronics Security Group (CESG).

The CESG, an offshoot of the British signals and electronic intelligence agency GCHQ, describes itself as "the UK Government's National Technical Authority for Information Assurance" and its role means it "protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia."

The Guardian reports a CESG assessment of BlackBerry Balance found it did not satisfy the requirements for "restricted" communications, the basic level of protection recommended for sensitive government information, because data leaked between the supposedly closed BYOD walled garden and the public areas of the phone.

The level beneath "restricted" is "protect", a "sub-national security marking", at which point the UK government asks agencies to apply "best commercial practice" to secure data.

Beyond "restricted" lie "confidential", "secret" and "top secret". Blackberry OS 7.1 was deemed suitable for "restricted" communications last year. Very few ordinary commercial products are certified for levels above Restricted: such information is normally deemed to require the use of special hardware solutions.

The Guardian report says BlackBerry is aware of the problem and intends to re-apply for certification.

Whether or not it succeeds in its attempt to pass the CESG's tests, the news is surely unwelcome for BlackBerry, whose executives are currently circling the globe to talk up the utility and security of the new BB10 operating system.

In Sydney this week CEO Thorsten Heins suggested BlackBerry's strength as a secure carrier of messages makes it an ideal candidate for applications like healthcare in which confidentiality is utterly non-negotiable. Balance also scored a mention as giving BlackBerry the chance to catch the wave of enthusiasm for the concept.

If CESG or other similar agencies around the world find BB10 and Balance are not as secure as their predecessors, that will deny BlackBerry access to a market it may count on as a natural buyer of its products while also damaging its reputation in other markets.

With the Canadian company's financials still less-than-exciting, the resulting dent to its reputation for security would be most unwelcome. ®

Updated to Add

The CESG has issued a statement on the matter, saying:

Discussions with Blackberry are ongoing about the use of the Blackberry 10 platform in government ...

We have a long-standing security partnership with Blackberry, and this gives us confidence that the Blackberry 10 platform is likely to represent a viable solution for UK Government.

Internet Security Threat Report 2014

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee
Father of the worldwide web is extremely peeved over pay-per-packet-type plans
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Turnbull: NBN won't turn your town into Silicon Valley
'People have been brainwashed to believe that their world will be changed forever if they get FTTP'
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.