Report: RIM Mulls Secured Server Sale

Are Research In Motion’s network of secured servers up for grabs?

While it’s hard to believe that any sale of core technology could mean anything other than a breakup of a company, IBM has offered exactly that sort of deal to RIM, according to a Friday report from Bloomberg.

IBM’s offer was reportedly for RIM’s entire enterprise services business. the Bloomberg report also described it as “informal.” So far, neither RIM nor IBM have provided further comment.

RIM faces several challenges in the marketplace. BlackBerry phone shipments fell 41 percent from a year ago to 7.4 million units during the second quarter, according to a recent report from IDC. That puts RIM’s market share at just about 5 percent in the market, far behind the 68 percent aggregate market share held by OEMs making Android phones, as well as the 17 percent share of the market from Apple’s iPhone.

RIM’s server network, however, could be the company’s crown jewel. The BlackBerry Enterprise Server and a BlackBerry smartphone generate a device transport encryption key using a secure, two-way authenticated protocol. This secret key is stored only in the user’s secure enterprise account and on their BlackBerry smartphone. Because of that, the BlackBerry’s data can move securely through the carrier, the Internet, firewalls and the Blackberry Enterprise Server.

BlackBerry users have the option of encrypting the data either via AES or Triple DES. The data is never decrypted outside the firewall, according to RIM.

Alex Stamos, co-founder and chief technical officer of iSEC Partners, has written a brief analysis of the strengths of RIM’s system, including how RIM’s BES does not secure data with the public certificate authority system that other email systems use, making them less vulnerable to common attacks.

But as Stamos also notes, RIM’s chief weakness has been the fact that it encrypts messages with a shared symmetric key included on each BlackBerry. This key can be turned over to foreign governments, so that they may spy on the electronic communications of their own citizens. “Even if it hadn’t been, most intelligence services would be able to reverse engineer it out of the BlackBerry OS,” Stamos noted. “It is completely possible for adversaries with the ability to sniff the mobile network to read BBM messages. I would expect most first-world and some developing law enforcement agencies already do this regularly.”

In fact, Indian officials said this weekend that they now believe that its government agencies have the technical capability to read messages sent over the BlackBerry network from within India.

So far, RIM has shown little of BlackBerry 10, including any official hardware. Executives have touted features such as a touchscreen interface, which will eliminate the hardware keyboards that still hold the attention and love of some BlackBerry users. The camera interface will also reportedly allow users to go “back in time” and correct portions of the image. In June, however, RIM said it would put off the BlackBerry 10 launch until June 2013, following disappointing earnings during its second calendar quarter.

 

Image credit: RIM