April 20, 2013

How Obama's BlackBerry got secured

(Updated: October 31, 2023)

Around January 20, 2009, when Barack Obama took over the office of president of the United States, there was quite a lot of media attention about the fact that he had to give up his BlackBerry, because it was considered to be a security risk.

This caused almost world wide media attention, but the follow-up was less accurately covered and a number of different stories were told. Here we will show that Obama actually kept his beloved BlackBerry, but only after it had been secured by special encryption software and some additional security measures.


President Obama showing his BlackBerry (photo: Reuters)


Obama's predecessor, George W. Bush, also used a BlackBerry during the 2000 presidential campaign, but had to give it up, as well as the use of any e-mail software, upon taking office. Three days earlier, he sent out a final e-mail to 42 friends and family members to inform them that he would no longer correspond electronically.

Eight years later, Barack Obama was also forced to give up his BlackBerry, not only because of concerns that its communications and e-mail could be intercepted, but also because of the Presidential Records Act of 1978. This makes all written White House communications public property and subject to examination under the Freedom of Information Act (FOIA).

However, this time Obama definitely wanted keep using this popular business phone to stay in touch with people outside the White House bubble. Therefore, the Secret Service (USSS), the White House Communications Agency (WHCA) and the National Security Agency (NSA) went looking for a solution.


Obama using his BlackBerry 8830 during the election campaign in 2008
(Photo: Getty Images)


US President Obama using a silver BlackBerry 8830
Nokia E61 or E62, as recognized by someone here


Sectéra Edge

Some media suggested Obama had to change his BlackBerry for the Sectéra Edge, a highly secured PDA, which is produced by General Dynamics for the US military. But the Sectéra Edge is quite big, heavy (340 grams) and bulky and therefore hardly convenient for someone used to a BlackBerry. This solution would also require everyone that Obama would like to communicate with to have the same phone, which is priced between 2650,- and 3350,- USD. Secure communications are only possible if both ends use the same (or compatible) encryption devices.

According to other sources, the Sectéra Edge was only used in addition to Obama's BlackBerry, until a permanent solution was worked out. Reports weren't clear about how exactly these two devices were combined. Probably the Sectéra Edge acted like an encryptor, which was plugged into the BlackBerry, so Obama could keep using this device to make a call or send out an e-mail, which then went through the Sectéra Edge, encrypting it, before going over the telecommunications network.


The Sectéra Edge, manufactured by General Dynamics


Compromise

That latter, temporary solution must have been even more cumbersome, so a compromise was made, in which president Obama could keep using a BlackBerry, but equipped with a software package to encrypt phone calls and text and email messages.

For this purpose, the security agencies choose the SecurVoice application, which was developed by The Genesis Key, in cooperation with engineers from BlackBerry manufacturer Research In Motion (RIM). SecurVoice should not be confused with Secure-Voice.com, nor with SecuVOICE, which is used for securing the smart phone of the German chancellor Merkel.

Update:
Responsible for securing Obama's BlackBerry was Richard "Dickie" George, who served as technical director of the NSA's Information Assurance Directorate (IAD) from 2003 until his retirement in 2011. In 2014 he told CNN that the NSA set up a lab where dozens of experts performed surgery on the president's future BlackBerry for several months. The device was manipulated to weed out potential threats to secure communication and BlackBerry's algorithms were also reviewed. The choice of the smartphone model was eventually the NSA's, not Obama's, George explained.

After the NSA did all the necessary tests and checking to make sure the software met federal standards like FIPS 140-2, the highly secured BlackBerry was delivered to the president somewhere in May or June 2009. He also gave up his old e-mail address and switched to a new one, which is kept secret.

Maybe we can see the new, secured BlackBerry in this picture below, where there are two BlackBerrys lying in front of Obama. The silver one seems to be the BlackBerry 8830, which he already used during the election campaign. The black one, probably a BlackBerry 8900, could then be the new secure one, as we can see the president using this one in later pictures:


President Barack Obama works with Jon Favreau, director of speechwriting, on the Normandy speech
aboard Air Force One enroute to Paris. In front of him are a black and a silver Blackberry.
(White House photo by Pete Souza, June 5, 2009 - click for a bigger picture!)


Detail from the picture above, showing the two BlackBerrys


The secure BlackBerry was not only issued to the president, but also to a small group of people with whom he likes to stay in close contact with. This because, as said, it's only possible to have secure communications if both ends are using the same encryption method. This limited Obama's goal of keeping in touch with the outside world: encryption (still) means exclusion.

The number of people able to message and call the president is probably only between ten and twenty. Included are vice-president Biden, Obama's chief of staff Rahm Emanuel, advisors David Axelrod and Valerie Jarrett, press secretary Robert Gibbs, first lady Michelle Obama, a few other family members, and some personal friends from Chicago.

Update:
On March 16, 2016, AP reported that in February 2009, secretary of state Hillary Clinton also wanted a secured BlackBerry like the one used by Obama, but that NSA denied that request. A month later, Clinton began using a private server, located in the basement of her home, to exchange e-mail messages with her top aides through her regular, non-secure BlackBerry. Later it came out that this rather risky solution was also used for sensitive messages.

On October 30, 2013, Obama's press secretary Jay Carney said that the president will continue to use his (secured) BlackBerry, despite concerns about eavesdropping which came up after it was revealed that NSA intercepted the communications of 35 world leaders.



The Genesis Key

The SecurVoice software for the presidential BlackBerry was developed for a small company called The Genesis Key, Inc., based in Washington DC. This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda.

The software was developed in the previous four years, apparantly for one of the projects of Steve I. Cooper, a former special assistant to the president, senior director for information integration, and CIO (Chief Information Officer) for the Office of Homeland Security. He is now a member of the advisory board of SecurDigital, Inc., a firm founded in October 2009 by Bruce Magown and Steven Garrett to distribute the SecurVoice software applications.

Steven Garrett is a man with a quite surprising background. His Linked-In profiles show that he has been involved in a very wide range of businesess, like manufacturing plants for Fannies Fat Free Cheesecakes and Fat Free Burger (providing microwave-ready cheeseburgers to military commissaries) and marketing & sales for Lion Sportswear and Faded Glory Jeans. He also developed a highly secure appartment building, named Garrett Place. At his twitter account he describes himself as "Proven Rainmaker, Change Agent, Strategist, and Driving Force for Unprecedented, Exponential Growth in Revenues, Earnings, and Market Valuation".



SecurVoice

The Genesis Key released the SecurVoice software in December 2008, claiming this to be the world's first completely secure voice and data encryption solution. Allthough there were already a number of other hardware and software encryption solutions, the SecurVoice application should be able to protect global voice connections between and within all types of cell, satellite, PBX, SDR and VOIP phones and phone systems.

SecurVoice is 100% Java based, which should make it device- and carrier-independent, but according to the website, the software is currently only operational on the Blackberry operating system version 4.5 and up. Software porting for other operating systems, like Symbian, Brew, Windows Mobile, Google, and iPhone is said to be underway.

With SecurVoice, each phone can be loaded with up to three levels of security, each one accessible through a separate icon and recognizable by a different ringtone. When dialing a number and this number has a cryptographic key associated with it, then the call is automatically placed as a secured call. If a phone number has no cryptographic key associated with it, then the cell phone operates normally and the call is placed unencrypted.

The SecurVoice software comes in two versions:
- Phone-to-Phone (P2P), where secure calls are made directly from one cell phone to another. The price for government users is 1795,- USD per application.
- Phone-to-Server (P2S), where secure calls are routed from the phone to an enterprise server and back. The price of a server license is between 2500,- and 25.000,- USD.

It's likely, that for Obama the server solution was chosen. This allows a centralized key management, monitoring of all secure calls and record keeping of the messages. One source says the president may have to wait up to 50 minutes for an e-mail reply, as the system actively sniffs out incoming messages for viruses or Trojan horses.


Overview of the SecurVoice application options
(by The Genesis Key/SecurDigital)



Encryption

The SecurVoice software features a dual-layered, or hybrid encryption scheme, which means it combines symmetrical and asymmetrical encryption algorithms. It performs the voice encryption in real time by using a fast symmetric cipher, using a strong key. This key is then encrypted with a public-key or asymmetrical cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. This is also how the vast majority of present-day communications encryption works.

The SecurVoice symmetric encryption uses a 256-bit session (conversation) key, which replaces the encryption every second with non-reoccurring numbers. This session key is a combination (salted hash) of the sender Base Secure Key (stored in the recipient key store) and a random session key. According to the manufacturer, SecurVoice uses classified Type 1 encryption algorithms, which are restricted to government and military users. For corporate users, public crypto algorithms like AES are used.

In case of a SecurVoice enterprise server, the software converts voice into encrypted data, which is then sent over the carrier network to the SecurVoice Enterprise Server where it is decrypted. It is then re-encrypted and sent back over the carrier network to the receiving phone, where it is decrypted and converted back to voice. It's also possible to select different encryption algorithms, so that, for example, encryption from a cell phone to the enterprise server may be the AES algorithm with a 128-bit, while from the server to the receiving phone this may be done by using Elliptic Curve Cryptography (ECC).


President Obama using his BlackBerry 8900 in the limousine while traveling
from the University of Indonesia to the airport in Jakarta, Indonesia.
(White House Photo by Pete Souza, November 10, 2010)


Security risks

As Obama wanted to keep using a BlackBerry device, the security solution is software only. This still leaves risks like compromised hardware and hacking by means of social engineering. Therefore, some security specialists say that it's not impossible to hack Obama's BlackBerry and that foreign states and other hackers will likely try to do so.

To minimize these risks, the secured BlackBerrys prevent forwarding e-mail messages from the president and sending him attachments. His secret e-mail address is likely to be changed regularly as well and Obama's friends and staff members were lectured about these security issues.

Another risk of the president using a BlackBerry, like a cell phone in general, is that enemies can try to track the president's location in real-time, even when GPS is disabled. Every cell phone regularly transmits it's IMEI-number to the cell tower, and this can be intercepted by devices like a Triggerfish. How this tracking can be done, and countered, is described in this, respectively this article.

One source says the presidential BlackBerry can only connect to a secure base station, which can be used to hide the IMEI-number of the device and thus prevent tracking it. This would mean the White House Communications Agency has to carry such a secure base station wherever the president goes.

There must be also a secure base station inside the presidential limousine, as we can see in the picture above. First because using a foreign cell phone network would be a big security risk, but also because the limousine is most likely constructed like a Faraday cage, and therefore a BlackBerry could only be used if there's a base station in the car itself (and probably also in Air Force One). The secure base station is probably connected to a secure satellite link with Washington.



President Obama uses his BlackBerry for calling Mitt Romney
(White House photo by Pete Souza, November 6, 2012)



President Obama using his old BlackBerry, during a campaign
visit to Albuquerque, New Mexico in August 2008


Conclusion

As we have seen, president Obama has kept his BlackBerry, but only after it had been secured. This took quite some effort: newly developed software had to be tested within a couple of months, all his contacts have to use the same software, limiting their number to a rather small group, and a secure base station has to follow the president.

Nonetheless, this ad hoc solution for the president marks the beginning of an era in which top level mobile communications will no longer be secured with dedicated hardware, but by using software applications for regular commercial smartphones.


Update #1:

By the end of 2014, a Russian state-sponsored hacker group, known as Cozy Bear, was able to infiltrate White House e-mail servers containing the sent and received emails of president Barack Obama, but they failed to penetrate the servers that controlled the traffic from his personal BlackBerry. The Dutch Joint Sigint Cyber Unit (JSCU) monitored these hacking operations and alerted the Americans.


UPDATE #2:

Since August 2023, the actual BlackBerry devices used by president Obama are on display in the National Cryptologic Museum (NCM). This museum, which is located just outside the NSA campus at Fort Meade, shows four BlackBerry smartphones, several with the presidential seal. Following Obama’s term, the NSA removed security modifications and classified data from the phones and eventually offered them to the NCM.

BlackBerry devices used by president Obama on display at the NCM
(photo: NSA - click to enlarge)

Besides the four BlackBerry devices, the NCM also has three Motorola A840 flip phones on display, which Obama used in his presidential limousine, for example. In the photo released by the NSA, we see that the front side camera of these phones have been replaced by what looks like the seal of the White House Communications Agency (WHCA), which maintains (secure) communications for the president.

Motorola A840 flip phones used by president Obama on display at the NCM
(photo: NSA - click to enlarge)



Sources and Links

- Yahoo.com: Obama has finally ditched his BlackBerry, but its replacement will surprise you (2016)
- CNN.com: 'I made Obama's BlackBerry' (2014)
- FoxNews.com: Obama Getting Super-Secure BlackBerry
- New York Times: Symbol of Elite Access: E-Mail to the Chief
- The Telegraph: Barack Obama's BlackBerry 'no fun' (2010)
- PRWeb: The X-Change Corporation Acquires Genesis Key, Inc. (2010)
- Radio interview about SecurVoice: Telecom Junkies - Secret Agent Phone
- Interview with Steven Garrett: Wireless Technology Risks and Enterprise Security (2010)
- Washington Times: Obama soon to get secure BlackBerry (2009)
- WirelessMoves: How To Secure The BarackBerry (2009)
- Communities Dominate Brands: Do Communities Dominate personal security of Obama? The Blackberry Battle (2009)
- See also: securvoice.blogspot.com

8 comments:

Unknown said...

*Blackberry*? Really??

No wonder they can't get tech going in .gov!

Welcome to 2013!!

Anonymous said...

If we've got techies who can do that for the POTUS, why couldn't German Intel do the same for Angela?

Anonymous said...

He should get a new BB10 BlackBerry

P/K said...

German chancellor Merkel actually has a secure BlackBerry Z10, but NSA only targeted her non-secure cell phone, the one she uses for most of her political conversations.

secure-voice said...

Maybe Blackberry is OK for the president but don't ever think that your calls are 100% protected if you are using Blackberry coz they still go through the Blackberry's servers and therefore may be vulnerable to Man in the Middle attack. Privacy in phone calls does not exist:) unless you really know what to use to secure your communications.

halman said...

I know some android mobile apps to send encrypted messages. I mean, I don't use them because I don't need to, but if I would be the president, for example, for sure I wouldn't use whatsapp.

Anonymous said...

@secure-voice...You cannot be referring to BlackBerry MVS (mobile voice solution, now discontinued) which can allow the end user to get their Work PBX extension onto their BB device using the BES encryption (AES 256bit), it is fully secure just the same way as the Corporate email and data used on a BlackBerry device via BES is secure.
This piece is also installed behind the firewall just like the SecureVoice server, the only difference being BlackBerry has their own infrastructure as a secure tunnel to get the data out of the corporate network to the device and vice versa. If you are referring to middle man hacks on BlackBerry's Infrastructure, packets may be intercepted but the encryption keys are within the company network behind the firewall on the BES, so it's no different than SecureVoice Enterprise Server packets being intercepted during transit over the internet (presuming that the encryption keys for SecureVoice are only stored behind the firewall on the SecureVoice Enterprise Server). Without BlackBerry MVS, corporate extension voice calls are not secure any app that allows for the forwarding of this to the mobile # works just like any other Cell phone user where the call is open and unsecure, the same as anyone that does not use your SecureVoice solution.
Not sure why you had to go and rain on BlackBerry when you offer the exact same voice solution minus the Email, Calendar, Contacts, Application data, Browsing, and Filesharing end to end security

Anonymous said...

Now do one for trumps android

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties