How Obama’s BlackBerry got secured (2013)
electrospaces.net214 points by lastdong 5 days ago
214 points by lastdong 5 days ago
These days, NSA's Commercial Solutions for Classified program[1] addresses a lot of these sorts of secure mobility use cases.
The underlying design principle behind CSfC is that the CNSA algorithms[2], when properly implemented are good enough to protect information classified up to TOP SECRET on their own. However, there's still a risk of exposure due to broken implementations, active exploitation or operational error.
To mitigate this, CSfC's "capability packages" (reference architectures) typically use two or more cryptographic layers of different provenance to reduce the risk that a vulnerability in one layer could be used to compromise the whole solution. For a VPN for example, they will use two tunnels; an inner tunnel using a solution from one vendor, and an outer tunnel from another.
There are other considerations apart from cryptography. They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability, presumably to mitigate the risk of a cellular baseband exploit being used to compromise a classified handset.
[1] https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...
[2] https://en.wikipedia.org/wiki/Commercial_National_Security_A...
> They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability
Yeah, this makes the most sense, there's no way they'd let a president's phone be connected to commercial networks. Tracking alone would be a huge issue, not to mention the plethora of ss7 abuses that can be done.
s/they’d let/would have let/
According to a recent interview[0], the president has an uncontrolled phone (maybe in addition to other, approved devices).
[0] https://archive.ph/2025.05.07-050707/https://www.theatlantic...
From that linked article: “To this date, she doesn’t even know that I won the Presidency THREE times.”
Holee-shit. Time to start keeping him away from microphones.
Literally an executive order.
“[Christopher] Krebs, through CISA, falsely and baselessly denied that the 2020 election was rigged and stolen, including by inappropriately and categorically dismissing widespread election malfeasance and serious vulnerabilities with voting machines.”
https://www.whitehouse.gov/presidential-actions/2025/04/addr...
Have you not been paying attention? He has said this many times and has even floated running again after this.
Edit: sorry, I meant to post this in reply to selkin’s comment here: https://news.ycombinator.com/item?id=43927123
I believe this has been the case for him and all of his senior staff since the beginning of his first presidency
See for example this from 2017:
> Despite universal warnings from security experts in and out of government, Donald Trump is apparently continuing to use an insecure, off-the-shelf Android phone
http://lieu.house.gov/media-center/in-the-news/congressman-c...
I remember reading news articles on the topic at the time, and finding it egregious how relatively little attention it got, compared to the massive and coordinated ”lock her up” campaign against Hillary Clinton
Tons of hypocrisy that just no one cared about. Ivanka was doing government business on a personal email[1].
[1] https://www.washingtonpost.com/politics/ivanka-trump-used-a-...
It's so strange to me how little information there is on the internet about how the BlackBerry really worked.
Other phone OSes, both modern ones like iOS and Android, as well as ancient ones like Symbian or even the Nokia 3310 firmware, have their internals well described. All I could find about the BlackBerry was that it used some Java-based OS, but no detailed information about its architecture, conventions, file system layouts, security properties or technical capabilities seems to be available. The communications protocols are just as mysterious, especially on the phone-to-server side. I know it required some kind of carrier integration to work, which makes me think it wasn't just a bog-standard connection over TCP/IP, but I have no idea what it actually was.
There's some information in BlackBerry programming books, which can still be found in the "usual places", some old BlackHat presentations, which seem to mostly focus on the enterprise server component, as well as some company history and brief descriptions of the technical choices made in "Losing the Signal", but that's about it. Even Nintendo's OS is understood much more widely, despite Nintendo being much more secretive and litigious.
They shared information with large customers with NDA. They were old school telecom — very tight.
Everything traversed their network. It was a bonkers architecture that would not fly today. The other thing about that obscurity is it enabled all sorts of weird use cases. Because the devices were identified to the BlackBerry network, you could message without user assignment.
It was common for corporate and political people to use them for unaccountable, compartmentalized communications. You could build ad hoc networks of people without there a record of who was who, and periodically reshuffle the devices to add and remove people. It was basically Nextel DirectConnect for texting / “the wire” for corporate people.
> you could message without user assignment
> It was basically Nextel DirectConnect for texting / “the wire” for corporate people
What does "without user assignment" mean here. Not an American and not that familiar with the American telecoms environment of the early 2000s, so while those names ring a bell (no pun intended), I think the comparisons escape me.
Most services are tied to a user account or phone number. PIN messages were associated with a phone. Easy to swap sims and phones to build ad hoc groups.
Nextel was a little different… their walkie talkie function was not tappable. They became the phone of choice for street level dealers among others.
I remember how it needed specific telecom support to work at all, whereas iPhone needed carrier help for a subset of things like APNS. So for most of BlackBerry’s life none of the carriers here supported running one on their network.
I think most corporate blackberries were tied to an enterprise server that tracked everything they did.
Indeed. The FBI made a lot of cases with that. It wasn't unusual for a corporate user to not know that all of the texts, contacts, and numbers called were available centrally.
I assume they are on iMessage as well at some level are they not?
Not to my knowledge.
iMessage keys never leave your device until you back them up to iCloud.
If any party receiving an iMessage uses iCloud backup, it should be available to the US govt one way or another.
Am I correct that parties who don’t use backup are indeed messaging “entirely” privately, barring Harvest Now, Decrypt Later?
iMessage is actually post-quantum prepared - see https://security.apple.com/blog/imessage-pq3/
We used to install the server-side exchange connector on windows small business server. It was an involved process to get working, but pretty reliable.
Also interesting is some comments from former RIM employee, turned woodworking youtuber https://www.youtube.com/watch?v=GLxjXP-XCJA matthias wandel
Quite agree, I find it really sad. The most that is out there was about the BlackBerry Enterprise Server, but the docs were always light on details. And yes that one BlackHat presentation about SRP.
I'd love to know more about the GPRS side of things, how their NOCs were connected to carriers, etc.
> despite Nintendo being much more secretive and litigious
Eh, kind of? Nintendo has never interfered with solely modding your Switch, or the tools to do so, and will not ban you for loading CFW. Install CFW, overclock your Switch, even cheat in offline games, no interference.
Their lines in the sand for years have been changing your profile image to something arbitrary (and possibly NSFW), installing a pirated game, cheating online, or tampering with system logs. That’s when the ban hammer hits; and the tools for doing those get targeted.
They were never particularly competent about it (from the technical side, anyway), but https://wiibrew.org/wiki/Homebrew_Channel#Changelog is a pretty sad/hilarious read.
? There are more private stuff in the world than what's public on the Internet. Naively believing that private parts must be the minor part and basically everything should be already on the WWW is pure arrogance.
Google paid a lot of effort a while back into putting up obsolete as hell 130nm Skywater PDK on the public 'net. I've seen people on social media describing their anxiety from just seeing some industry specific shapes and forms out in the open, despite knowing those files were thoroughly cleared for release and completely fine for anyone to see.
Reading up stuffs on WWW and thinking it should cover most of everything is like placing yourself in clothes of pre-war physicists who thought physics is all figured out like a sunny backyard except there's a tiny black pinhole in the sky called quantum physics that idiots are obsessed with. There's a whole universe(s) behind it.
Some dead linked content in TFA is resurrectable courtesy of archive.org (though I had to dig a bit, which is why I'm sharing):
Dubya's Sectera Edge, a BlackBerry-esque Ultra Secure PDA phone:
https://web.archive.org/web/20120922044930/http://www.gdc4s....
Product eventually deprecated in September, 2015:
https://web.archive.org/web/20150926124453/http://www.gdc4s....
The link finally died with a site redesign in Jan 2016:
https://web.archive.org/web/20160131082757/http://www.gdc4s....
Original (now deceased) link: http://www.gdc4s.com/sectera-edge-(sme-ped)-proddetail.html
P.s. The device was somewhat comically proportioned, with thick antenna and bezels, haha: https://gdmissionsystems.com/-/media/general-dynamics/cyber-...
A teardown and chip analysis would be interesting! Though I imagine these devices aren't easy to come by?
I remember encountering one of these secure gov blackberry setups approximately one decade ago. The contractor who managed it up had some deep institutional knowledge. He was probably going to do that one job for the rest of his career until retirement.
(2013) Discussion at the time (83 points, 32 comments) https://news.ycombinator.com/item?id=6615066
> This would mean the White House Communications Agency has to carry such a secure base station wherever the president goes.
We used to take security so seriously.
The reality is that modern (meaning LTE) public networks are more secure today, than they have been, its also trivial to bring an LTE base station with you now - with the hardware at this point being no more complex than a controller driven wifi network.
Indeed, I have an LTE base station in my office, on perpetual "loan" from T-Mobile for US$25, providing us with LTE service in an area where they have no service. It's roughly the same volume, or a bit less, as our modem/router.
> On March 16, 2016, AP reported that in February 2009, secretary of state Hillary Clinton also wanted a secured BlackBerry like the one used by Obama, but that NSA denied that request. A month later, Clinton began using a private server, located in the basement of her home, to exchange e-mail messages with her top aides through her regular, non-secure BlackBerry. Later it came out that this rather risky solution was also used for sensitive messages.
A good reminder how IT departments need to provide solutions that actually work and are accessible to everyone. If not, "shadow IT" will emerge, rather sooner than later.
And Clinton was Secretary of State, not some low level clerk.
Thank you - I was about to post this. It’s worth noting Comey reopened an email inquiry four days before the election; this was widely seen as the reason for her loss at the time.
Reminder: this was a really big deal to people.
Investigation was closed shortly thereafter; he said in interviews at the time he was unhappy with Bill; I vaguely remember a clandestine meeting at a private jet fbo.
I’ve always imagined there was a little bit of payback from Obama in this story: the Clintons absolutely did not open up resources for Barack in his first term, and it cost him a lot. My head canon is like: “bury hatchet with Clintons for sec state apptment: fine. Deny Hillary a blackberry: very fine.”
A friend who works for the FBI flagged this long ago as the origin story for Clinton's "but her emails!" woes. It's distinctly possible that if the NSA had just secured her Blackberry, there would never have been a president Trump. Funny how small things spiral out.
You might draw many possible lessons from this story, though. One is the lesson you draw, which is that the NSA should have secured her damn Blackberry. The second is that this was really about egos, and Clinton couldn't accept that she was less important, and deserved a less important phone, than Obama, so she went ahead anyway. A third is that if you want to be president someday, you can't cut corners, and you need to use whatever clunky tech the government gives you -- so that one day, you can be the boss, summon the head of the NSA into your office, and humiliate and then fire him in front of his peers. But Clinton didn't have that kind of patience: she had emails to send.
> One is the lesson you draw, which is that the NSA should have secured her damn Blackberry. The second is that this was really about egos, and Clinton couldn't accept that she was less important, and deserved a less important phone, than Obama, so she went ahead anyway.
It could be ego. It could just be the hold of the crackberry. I didn't know many people that were full on in thrall to the Temple of Blackberry, but those few were willing to do what it takes to keep using them (until eventually they gave in and accepted the inevitable loss and usually moved to iPhone)
I had to spend about a week to figure out how to get a Blackberry to send DKIM compliant email before I could turn on DKIM. One of the acceptable alternatives for the CEO was just enabling anyone with a blackberry to send email from our domain.
The President and Secretary of State have less power than you think; they aren't corporate CXOs. They are subject to the laws, and NSA must follow laws made by Congress. That's intentional - the division of power is that Congress makes the rules and the executive branch implements them.
The Secretary of State should have a secure mobile communication device, as should most everyone else in national security positions (and other jobs). It's absurd that they didn't. Just think of the productivity hit and the capability hit - imagine how it interferes with responses to crises.
Who here would tolerate it at their workplace?
> The President and Secretary of State have less power than you think; they aren't corporate CXOs. They are subject to the laws, and NSA must follow laws made by Congress. That's intentional - the division of power is that Congress makes the rules and the executive branch implements them.
Indeed indeed... but sadly, as we're seeing (especially, but not just) with DOGE this keeps on eroding.
A similar thing seems responsible for signalgate. The NSA needs better tech tbh
> It's distinctly possible that if the NSA had just secured her Blackberry, there would never have been a president Trump. Funny how small things spiral out.
She was a neocon warhawk who was shrill and unlikable. There were a lot of reasons she lost. The blackberry was the smallest part of it.
It's also distinctly possible that if the government had enacted appropriate oversight over it's cabinet level secretaries that the illegal configuration would have been detected and remediated before it became an embarrassment.
And the lesson every us pol seems to have learned is "use signal, use protonmail."
They're using Signal to circumvent the Presidential Records act - the US government nowadays has ample ways to officially and quickly communicate with each other, while being in compliance with recordkeeping and national secrets requirements.
Use of Signal has been rife in Washington DC since COVID times.
During COVID they closed many of the secure facilities indefinitely. Building access was on a rotation, so many people couldn’t see or communicate with their counterparts for weeks or months unless their rotation intersected. The government had no plan for how to conduct classified business with their facilities closed for extended periods. It is in this milieu that Signal became established as an alternative way to communicate.
They required almost everyone to work at home without a plan for how that is supposed to work when most people don’t have a SCIF[0] in their house. As bad as it is that the US DoD converged on using Signal, there is an identical issue in many European countries with the pervasive use of WhatsApp for sensitive communication. It is a classic case of shadow IT taking over.
[0] https://en.wikipedia.org/wiki/Sensitive_compartmented_inform...
I hadn't heard that. Do you remember where that story is covered?
It is first-hand knowledge, I was doing quite a bit of government work in Washington DC during COVID. Everything ground to a halt because it was so difficult to connect with people. I use Signal today primarily because of working in Washington DC.
That is what I assumed as well. In both the current and previous admins.
But as more details come out about the current admins use of signal, this appears to not be the case.
They are using a shitty third party patched version of signal specifically designed to archive messages.
Leaving aside the security issues with the version they are using and the lack of public facing policy, the use of a Signal variant that archives chats is a reasonable compromise.
Instead of walling off users, creating a barrier to use and therefore extensive bypassing of the security standards, they have met users where they are and provided them with what the user cannot distinguish from official signal. This allows them to interface internally and externally through signal, preserving records and maintaining a much better level of security than the other options.
This represents a huge breach of trust between external parties and government signal users, but most of the government signal users are probably completely unaware that it's being logged.
My issue is not that they are using Signal. I think it's one of the better options. My issue is that they use a shitty version of it when there should be an in house maintained version for government use.
Well, they're not even using Signal, but a wrapper that's less secure.
https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-...
As a completely random aside the article mentions "This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda." To my knowledge I don't think TLoZ had an item called a "genesis key." It has a "magic key" and the only references I could find for "the genesis key" on Google are a book that was published after the company was founded?
All seems rather cute when these days you can just chat about classified stuff with whoever you like on your presumably unsecured phone.
And then have an unsecured internet line connected to an unsecured computer in your Pentagon office[1]
[1] https://abcnews.go.com/Politics/hegseth-signal-app-connected...
in fairness, since these guys are just doing war crime after war crime, it's a good thing if it leaks
> since these guys are just doing war crime after war crime, it's a good thing if it leaks
Irrelevant. One, we’re no longer in an era of international rules-based order. All the great powers agree on this.
Two, the definition of war crimes has expanded so broadly as to include any collateral damage. This overinclusiveness has rendered the term meaningless, with everyone calling everything they don’t like a war crime.
There will be consequences for this administration. But not because they bombed a terrorist commander.
>Two, the definition of war crimes has expanded so broadly as to include any collateral damage. This overinclusiveness has rendered the term meaningless
Can you provide real examples of actual journalists or governments doing this? Random FB commenters don't know what any words mean, but I haven't seen this to be the case in actual official channels. Asserting that it is meaningless feels like trying to downplay or trivialize real war crimes that are actually happening.
That does unfortunately add the element of incentive to win at all costs to the picture. c.f. PM of Israel.
it's true that the US-axis powers are extremely dangerous and short sighted, but they are also weakening. let's hope for victory over the empire.
Whose victory over the “empire”? I think you will find whatever empire comes next will be worse
which empire? the energy cartels or global finance? The national baton is passed on as cursory reading of Western history over the past few centuries [shows].
let's hope it's reaching its endpoint friend. it seems like the natural country to pick up the baton is China, but they have a sufficiently different economic system that maybe there will be a break in the chain. it depends on the strength, rationality, and solidarity of the CPC.
And now we have our top defense officials using a fork of Signal which sends copies of messages to a third party.
https://www.404media.co/mike-waltz-accidentally-reveals-obsc... http://archive.today/LyWDy
Not only that, but the software also contained login information to the AWS backend archive servers:
https://www.techspot.com/news/107792-hacker-breaches-telemes...
... the third party being run by a foreign 'former' spy whose country was being discussed in those messages.
Literally saw Obama's BlackBerries a week ago at the Crypto Museum! Great museum, worth going to if you're in the DC area and have access to a car.
this website also has some weirdly captivating articles about presidential desk phones in the sidebar.
I'm increasingly of the belief that modern governments have lost all advantage in the space of security hardware and software. They only have OpSec and a monopoly on violence to leverage in order to have an improved security situation over the public sector.
They don't seem to be using that OpSec superiority effectively right now.
I work public-sector in supply chain security and I am terrified that the situation we currently have in the corporate world is actually the best there is.
> I'm increasingly of the belief that modern governments have lost all advantage in the space of security hardware and software.
What do you mean? Lost the advantage as in "commercial solutions are equally good or better" or as in they just don't use the options they have available because they are more cumbersome?
Quite frankly I'm starting to doubt if leaders of nations should be having electronic devices at their disposal. Take away their phones, laptops, social media access, anything online. Everyone would be better of.
In terms of technical abilities: - "commercial solutions are equally good or better"
The way governments can have an advantage is in where and how those services are managed. Events like "signalgate" scare me because it means we are not leveraging that effectively due to bad managers.
Okay? What evidence do you base this on?
Photos of them using Signal on iPhones?
Is that because Signal is as good or because they refuse to listen to anyone telling them to stop using it? Not a serious question, I know it'll be a decade or three before it can be answered from open sources.
But of course I forgot, it wasn't really even Signal they were using...
> they refuse to listen to anyone telling them to stop using it
That's one of the reasons, yes. Their whole MO is "we have power, we are not accountable to anyone, fuck you"
It’s more that they’re morons. Like, Hegseth is not a smart man. Walz, Nunes, Loomer, Noem—these people were chosen for loyalty. Not brains.
Morons with absolute power.
47 wanted Yes men, not expert advisors.
Who cares about laws if you stack the court and they give you complete immunity for actions you, and only you, decide are official or not?
Who cares about competency when your boss will make all decisions for you, regardless of their expertise?
I can only speculate based on publicly available information.
When a was in grad-school, "state level actors" were the boogeyman. You were told to just assume that everything would be compromised to them.
I ended up specializing in p2p systems (distributed hash tables, overlay networks, communication systems) and "State Level Actors" become "in scope" for me. Modern cryptography is focused on the capabilities of hypothetical computers and making radically more computational power required than is reasonable to expect of current human economies. Backdoors in the codebases for encryption is a fun hypothetical, but the level of scrutiny they are under would require a conspiracy beyond any i could imagine to hide.
Eclipse and Sybil attacks were the real threats. Those are Operational attacks, not Signals.
Now that I have spend a decade in the security industry in larger corporations. "State Level Actors" are entirely in the threat model. We don't talk about it explicitly, but these companies stand to loose globally if any one government compromised them. Government funded actors are assumed to be the primary threat. Supply chain attacks like XZ are the ones that scare us, the ones we might have missed. That came from superiority in operations not technical superiority. They actively pay me and a bunch of other people a LOT of money to actively detect and prevent issues like this.
The other side of the argument is a human organizational one. The story of this decade of military spending is outsourcing. Biden's Supply Chain Security EO and the new DoD software procurement requirements are bandaids on gaping wounds.
Even with it's massive defence spending budget, the TLAs couldn't keep up with the industry while also securing all its software. They have 3rd party dependencies too. Assuming that they don't just allways directly outsource.
And why bother? These companies have the entirety of human communications MITMed. Why bother with a complex secret system when a FISA warrant is cheaper and more efficient. PRISM(For attack) and TOR(For defense) stand out as successes of operational attacks. They don't need technological superiority.
I fully expect TLAs maintain an android fork and linux forks, but that is opsec for dependency management, not adding special sauce. The industry simply has more resources and more eyes on the problem than the government could ever afford.
The last part is simple "Brain Drain". The people who are really good at this generally don't want to work for the government and have done too many drugs to ever get clearance. Unless they have a lot of security engineer salaries in classified budgets they also can't afford us. Governments have direct agents that are underpaid and underskilled and they have working relationships with criminal organizations who work deniable offense for them.
Opsec is clearly their leverage-able resource, why not lean into it almost exclusively?
Did anyone check out the crusty old comments on that page?
>He should get a new BB10 BlackBerry
[dead]