BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB) has denied allegations that it is using a flawed encryption algorithm in any of its products. However, if the encryption has been selected by the users, the company will support it, said the company in reply to query from the Globe and Mail.
Algorithm in use by U.S and Canadian authorities
The Globe and Mail, on Monday, reported that an encryption algorithm, which has been proven by the security researchers to have a back door that could leave the encryption vulnerable, is still in use by government agencies in the United States and Canada to protect sensitive information. The algorithm dubbed Dual_EC has been in use for more than six years on the Cryptographic Module Validation Program, which is a joint effort by the U.S. National Institute of Standards and Technology and the Communications Security Establishment Canada.
However, around a dozen technology companies are still using the algorithm as the technology has received official approval. The report from NIST says that one of the companies using the algorithm is BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB), who is also the owner of the Mississauga security firm that first patented the ideas behind Dual_EC.
BlackBerry did not accept that the defective algorithm is used in the company’s products. BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB) in a statement to the Globe and Mail said that the company is not using the Dual_EC DRBG algorithm in any of its products. The spokeswoman said that the company is working in close collaboration with certification authorities all over the world to be sure on the security measures taken in all the products. The company is confident on the superiority of its mobile platform for customers and enterprise service technology.
BlackBerry users have the option
On being asked how the details about BlackBerry not using the flawed algorithm contradicts the allegation by CMVP document that reflected BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB) using the faulty Dual_EC encryption in several products; the company replied:
“It is presented in the CMVP documents because [this particular] algorithm is supported within the VPN client and can be made available. However, BlackBerry’s default configuration does not require a VPN”.
It added that if a customer uses a VPN it may include the algorithm, which is not supported by BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB). Adding further, the Canadian company said that customers have the right to decide the configuration and choice of the VPN. It said that Dual EC DRBG is not supported by the BlackBerry encryption schemes for safeguarding the data at rest or in transit using BlackBerry’s proven secure data transport protocols.