Fraunhofer Institute SIT Certifies BlackBerry Enterprise Solution
Nov 26, 2008
Security analysis of BlackBerry Enterprise Solution successfully completed
Germany: Fraunhofer Institute for Secure Information Technology (Fraunhofer Institute SIT) of Germany and Research In Motion (RIM) (Nasdaq: RIMM; TSX: RIM) today announced the successful completion of an in-depth security analysis performed by Fraunhofer Institute SIT of the BlackBerry® Enterprise Solution for mobile email and data push-services. Fraunhofer Institute SIT confirms the high quality of the security architecture of the BlackBerry Enterprise Solution and the strong data protection services it provides.
Based on the results, the Fraunhofer Institute SIT project team has issued a security certification of the BlackBerry Enterprise Solution for Microsoft® Exchange*. The certificate is based on the functionality, configuration and installation described in certification report 06-104302, which is available at www.sit.fraunhofer.de/testlab/certificates. Fraunhofer Institute SIT also confirmed that no hidden functionality or backdoors were found and that RIM and other third parties do not have access to data within the solution. The Fraunhofer Institute SIT certificate is valid until December 2010.
“With the approved secure key establishment and key exchange protocols in the BlackBerry architecture, the confidentiality and integrity of pushed content is provided and can not be intercepted by any party inside the communication channel,” said Dr. Claudia Eckert, Director of Fraunhofer Institute SIT. “BlackBerry communication provides end-to-end security for the evaluated interactions and services between BlackBerry smartphones and BlackBerry Enterprise Server.”
“RIM continues to set the benchmark for security in mobile communications and the BlackBerry Enterprise Solution is the first push-based solution to undergo this kind of security analysis. We are very pleased with the certification from Fraunhofer Institute SIT, which further reinforces why security conscious organizations and governments around the world have chosen the BlackBerry solution,” said Scott Totzke, Vice President, BlackBerry Security Group at Research In Motion. The BlackBerry Enterprise Solution has also previously received a FIPS 140 validation and a Common Criteria certification in addition to the Fraunhofer Institute SIT certificate.
Background on the security analysis conducted by Fraunhofer Institute SIT on the BlackBerry Enterprise Solution
Research In Motion engaged Fraunhofer Institute SIT to perform a comprehensive in-depth security evaluation of the BlackBerry Enterprise Solution with deep analysis of the solution's components, interfaces, software platform, environment and protocols. For the project RIM provided Fraunhofer Institute SIT with access to in-depth technical information in order to be able to rigorously review the solution.
The analysis was carried out as three major projects:
- The first project analyzed the security of the communication between the major components of the BlackBerry Enterprise Solution – the BlackBerry Enterprise Server, BlackBerry smartphone, and BlackBerry Infrastructure.
- The second project analyzed the security of the communication between the individual components of the BlackBerry Enterprise Server and the processes involved.
- The third project focused on the BlackBerry smartphone and the analysis of relevant physical and logical interfaces to the smartphone and its environment such as the Internet. In addition to the communication content and processes, the project team also evaluated the security of standard applications of the BlackBerry Enterprise Solution such as email attachment viewing, access and integration of corporate data sources, and the usage of the PIM applications.
The security analysis assumed extensive security demands for corporate users. Fraunhofer Institute SIT defined the protection goals, developed the attacking scenarios and performed attacks and manipulation attempts in practice. The tests were conducted in a typical reference installation in the Institute’s testlab with expert IT security knowledge and intimate knowledge of the BlackBerry Enterprise Solution based on design documents provided by Research In Motion.
During its evaluation, Fraunhofer Institute SIT identified many areas of strength and some recommendations to further improve the security design and configuration of the BlackBerry Enterprise Solution. Those improvements have already been implemented by RIM into existing products. For the complete evaluation result and the remaining security considerations, please refer to certification report 06-104302, which is part of the certificate.
* The certificate is based on the reference configuration (BlackBerry Enterprise Server for Microsoft Exchange v4.1.6 (bundle 60), BlackBerry® Pearl™ 8110 smartphone (EDGE), Firmware: v18.104.22.168 (Platform 22.214.171.124) and Cryptographic Kernel: v126.96.36.199c).
About Fraunhofer Institute SIT
Fraunhofer Institute for Secure Information Technology SIT provides scalable IT security in conformance with the needs of the marketplace. The highly qualified staff of over one hundred employees is active in all relevant fields of IT security and forms a broad base of competence for cross-technology development at the highest level of quality. SIT provides services for all branches of industry and numerous successful projects at an international level visibly demonstrate the Institute’s trustworthiness and reliability as a cooperation partner. SIT’s competence and research activities in the field of secure mobile systems are providing partners with a clear knowledge advantage in concept and design of secure radio and telecommunications networks, appropriate interfaces, and secure mobile work environments. In the Test Laboratory SIT scientists use today’s attack tools to evaluate and verify the security of software and web applications, embedded systems, as well as communication processes and infrastructures - based on real-life scenarios that reflect use case specific protection goals.
About Research In Motion (RIM)
Research In Motion is a leading designer, manufacturer and marketer of innovative wireless solutions for the worldwide mobile communications market. Through the development of integrated hardware, software and services that support multiple wireless network standards, RIM provides platforms and solutions for seamless access to time-sensitive information including email, phone, SMS messaging, Internet and intranet-based applications. RIM technology also enables a broad array of third party developers and manufacturers to enhance their products and services with wireless connectivity to data. RIM’s portfolio of award-winning products, services and embedded technologies are used by thousands of organizations around the world and include the BlackBerry® wireless platform, the RIM Wireless Handheld™ product line, software development tools, radio-modems and software/hardware licensing agreements. Founded in 1984 and based in Waterloo, Ontario, RIM operates offices in North America, Europe and Asia Pacific. RIM is listed on the Nasdaq Stock Market (NASDAQ: RIMM) and the Toronto Stock Exchange (TSX: RIM). For more information, visit www.rim.com or www.blackberry.com.
Forward-looking statements in this news release are made pursuant to the "safe harbor" provisions of the United States Private Securities Litigation Reform Act of 1995. When used herein, words such as "intend" and similar expressions are intended to identify forward-looking statements. Forward-looking statements are based on assumptions made by and information available to Research In Motion Limited. Investors are cautioned that such forward-looking statements involve risks and uncertainties. Important factors that could cause actual results to differ materially from those expressed or implied by such forward-looking statements include, without limitation, possible product defects and product liability, risks related to international sales and potential foreign currency exchange fluctuations, the initiation or outcome of litigation, acts or potential acts of terrorism, international conflicts, significant fluctuations of quarterly operating results, changes in Canadian and foreign laws and regulations, continued acceptance of RIM's products, increased levels of competition, technological changes and the successful development of new products, dependence on third-party networks to provide services, dependence on intellectual property rights, and other risks and factors detailed from time to time in RIM's periodic reports filed with the United States Securities and Exchange Commission, and other regulatory authorities. RIM has no intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise.
The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties and trademarks of Research In Motion Limited. RIM, Research In Motion and BlackBerry are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners. RIM assumes no obligations or liability and makes no representation, warranty, endorsement or guarantee in relation to any aspect of any third party products or service.