Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Blackberry Cellphones Encryption Handhelds Security IT

Russian Software Company Says Its App Can Crack BlackBerry Security 78

Posted by timothy
from the put-down-that-wrench dept.
AZA43 leaps into the ranks of accepted submitters, writing "Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."
This discussion has been archived. No new comments can be posted.

Russian Software Company Says Its App Can Crack BlackBerry Security

Comments Filter:
  • by PsychoSlashDot (207849) on Sunday October 02, 2011 @11:43AM (#37583770)

    news at 11...big freaking deal...

    You act like this is either unimportant or not news. I'm not sure which.

    Fact is while there's a lot of FUD floating around regarding things like RIM "caving in" and dropping BIS servers in questionable countries, there haven't actually been very many actual real-life exploits for the phones or their communications. Blackberry phone remains the only ones on the market that encrypt all data traffic by default and that encryption can't be disabled. If you're on BIS or if you're on BES, your unencrypted web traffic, e-mail traffic (even POP3) is encrypted at the device. That's still worlds ahead of the other devices.

    There's reports that one exploit exists that can decrypt Password Keeper data from a phone backup on a PC. There's this report that discusses recovery of phone unlock passwords. There's the widely discussed and misunderstood reports about RIM dropping BIS MDS servers in unfriendly countries and what that allows (hint: it has zero to do with Blackberries not in those countries).

    RIM's stuff is by and large still very, very secure by any comparison and their phones are unique in that regard. So the way I see it, this is both news (being a genuine security hack) and relevant (these phones being the best on the market).

    So stuff your ignorant sarcasm.

  • by Sqr(twg) (2126054) on Sunday October 02, 2011 @11:53AM (#37583840)

    The password is not stored in any form, of course. But if there's encrypted data on the card, and that data can be decrypted using only the password, then you can just try every possible password until you find one that doesn't result in gibberish. This is called a known-plaintext attack [wikipedia.org].

  • by TheRaven64 (641858) on Sunday October 02, 2011 @01:08PM (#37584208) Journal
    How did this borderline racist shit get modded up? Two of the biggest open source projects that I work on (LLVM and FreeBSD) have a lot of Russian contributors. You are almost certainly using code (at least partially) written by Russians on a daily basis.
  • by metallic (469828) on Sunday October 02, 2011 @09:06PM (#37586766)

    Let's try not posting this as an Anonymous Coward by mistake.

    This is the same company that employed Dmitry Skylarov, one of the first people to be arrested under the DMCA for breaking the encryption on Adobe's eBook format.

    http://en.wikipedia.org/wiki/Dmitry_Sklyarov [wikipedia.org]

Building translators is good clean fun. -- T. Cheatham

Working...