Just When You Thought BlackBerry On BES Was Secure, ElcomSoft Wants You To Think Again

October 3, 2010 | By | 10 Comments

The Russian software developer ElcomSoft with it’s Russian competition, AccentSoft, has created a password-cracking programs targeted at BlackBerry with a Phone Password Breaker that previously was useful on only iPhone devices. The software has a double standard because it can help you retrieve your backup should your BlackBerry get stolen, but in the wrong hands can leave you exposed.

The following was stated by the ElcomSoft CEO Vladimir Katalov (via InfoWorld):

“All data transmitted between a BlackBerry Enterprise Server and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Unique private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Even more, to secure information stored on BlackBerry smartphones, password authentication can be made mandatory through the policies of a BlackBerry Enterprise Server (default, password authentication is limited to ten attempts, after which the smartphone’s wiped clean with all its contents erased). Local encryption of all data, including messages, address book and calendar entries, memos and tasks, is also provided, and can be enforced via the IT policy as well. With the supplied Password Keeper, Advanced Encryption Standard (AES) encryption allows password entries to be stored securely on the smartphone, enabling users to keep their online banking passwords, PIN codes, and financial information handy — and secure. If that’s not enough, system administrators can create and send wireless commands to remotely change BlackBerry device passwords, lock or delete information from lost or stolen BlackBerries. “( BlackBerry Smartphones to be correct Vladimir).

But the weak point of this starts with the offline backup mechanism. Katalov also goes on to say:

“Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises.

In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it’s BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. The Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we’ve been expecting BlackBerry backup protection to be at least as secure as Apple’s, which turned not to be the case.

What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast — even without GPU acceleration, we can go over millions of passwords per second.”

In other words, in three days they can crack a seven-letter mixed case password, longer if special characters or numbers are used as well or is longer, and less time if it’s all one case if it’s partially known or using a dictionary attack. Pretty scary isn’t it?  It’s even more unsettling to think that they have exploited such a weakness and able to implement it. What are your thoughts about it?

I suppose my theory would be that as a BIS user, if you were to keep your pc online for updating only, and backup your device on that pc only, and keep it offline the rest of the time except to update then you would be able to keep your backups safe. As a BES user, I don’t believe that’s possible since you are connected to the enterprise. I have to wonder how this would apply to the BlackBerry Protect that BlackBerry has in private beta. Any thoughts?

[story via: InfoWorld]

Filed in: BlackBerry, RIM, Security | Tags: , , , , , , , ,

  • interesting

    Interesting and disappointing to see that RIM, unlike Apple hasn’t improved their backup mechanism over the years.

    Regarding BlackBerry Protect, I wouldn’t keep my hopes to high. The data is probably not encrypted properly, like 99% of the mobile backup solutions out there.
    Most companies that offer those services have access to your data.

    The solution for BIS users is to encrypt the backup files on their desktop with something like PGP or Truecrypt.

  • Pingback: BlackBerry Backups Accessible by Password-Breaking Software

  • Pingback: Smart Phone Top 10 » BlackBerry Backup Data Vulnerable to New Password-Breaking Software

  • Susan

    Interesting,

    BlackBerry Protect is a software security solution devised and maintained by RIM, hence the name BlackBerry Protect. It’s not a third party vendor. And while some BIS users may encrypt their data, I was referring more or less to the idea of general backup in regards to the average user. I don’t use password keeper, and most of us would not worry about encrypting our backups as most users keep their sensitive information on the micro sd card.

  • Matt

    The backup isn’t the problem per se. The problem lies in the inital fodder uses to create the AES encryption standard.

    The original key they based of the password(weird …of all things) Password is cracked …and they have backwards engineered the original generation mechansim of the AES key.

    IPD files are easily able to be read(which is probably a a contributing factor).

  • http://www.obbergton.com/ obbergton

    Yeah, I don’t think Matt is Steve/rightforwny. At least Matt has a brain in his head – his brain may be woefully misguided, but at least it’s there. Steve is just Chris Collins’ robot and a cyberstalker of anything having to do with WNYMedia. What I’m more amused by is the fact that Matt won’t address his own hypocrisy and high-horsedness (although any horse imagery is very welcome this week).

  • http://verti-line.pl/ Dwayne Brookover

    For most people, the Torch 9800 was the first decent touchscreen phone RIM brought to the market. None of that SurePress nonsense, and the screen was actually responsive enough to be of use when you didn’t necessarily want to use the trackpad/keyboard.

  • http://www.northfacejacketssaleuk.net/ the north face sale

    Thank you for any other magnificent post. Where else could anyone get that kind of information in such a perfect method of writing? I have a presentation next week, and I’m on the look for such info.

  • http://www.samsung1080phdtv.net/ samsung 1080p hdtv

    Here I am with my morning coffee and an amazing informational article that has taught me something. It’s true that we learn something new everyday. I enjoyed this article. Your views are similar to mine. http://www.samsung1080phdtv.net/

  • http://uggsforsale2011.info ugg boots on sale

    Take a close look at the tags on the ugg boots outlet.