Forgot your password?
typodupeerror
Blackberry Cellphones Encryption Handhelds Security IT

Russian Software Company Says Its App Can Crack BlackBerry Security 78

Posted by timothy
from the put-down-that-wrench dept.
AZA43 leaps into the ranks of accepted submitters, writing "Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."
This discussion has been archived. No new comments can be posted.

Russian Software Company Says Its App Can Crack BlackBerry Security

Comments Filter:
  • Not reliable... (Score:5, Interesting)

    by hawkbat05 (1952326) on Sunday October 02, 2011 @12:39PM (#37583740)
    If you actually read this one you'll realize it's useless if the card isn't encrypted (ironically) or the user chose one of the other 3 options. Plus this option is designed to be less secure so you can put the card in another device and decrypt it with just a password. I also wonder what character set is included in their claim of cracking a 7 character password in just hours. http://xkcd.com/936/ [xkcd.com]
  • Same key? (Score:2, Interesting)

    by russotto (537200) on Sunday October 02, 2011 @01:47PM (#37584106) Journal

    Pure speculation here:

    Since this only works with media encryption enabled, I'm guessing this is an alternative cipher attack. They can't directly obtain the Blackberry device password, but they can break the media encryption (perhaps because it is a much weaker cipher). The media encryption key is likely the same as or derived from the device password, allowing an expedited attack on that.

    Moral of the story: If you derive a key for a weak cipher from a key used for a strong one, make sure you use an irreversible function to do so.

  • RIM stuff is largely security by obscurity at this point however, very few people have seemingly tried to pull their stuff apart, and the few that have didn't find good things, see the pwn2own contest from this year for one such example.

    Android, iphone and even windows mobile devices are much easier to target because they are largely based on existing systems which are well understood... RIM are using a totally obscure black box that requires significant investment of time to reverse engineer. This doesn't mean it's secure, it just means that hackers will need to spend more time to find holes in it. On the other hand, it means that whitehats will also require more time to reverse engineer the system, whereas its highly possible that blackhats have already stolen the sourcecode.

    Most devices provide the option to run a VPN between the handset and a server under your control, only RIM require that there be a server under their control sitting in between.

    Most devices (RIM included) can also boot up and start talking to the network without requiring any user input, therefore the keys used for this encryption must be stored on the device somewhere, just waiting for someone appropriately skilled and motivated to work out how to extract them...

Any program which runs right is obsolete.

Working...