Russian Software Company Says Its App Can Crack BlackBerry Security 78
AZA43 leaps into the ranks of accepted submitters, writing "Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."
Re:someone cracks blackberry security (Score:5, Informative)
news at 11...big freaking deal...
You act like this is either unimportant or not news. I'm not sure which.
Fact is while there's a lot of FUD floating around regarding things like RIM "caving in" and dropping BIS servers in questionable countries, there haven't actually been very many actual real-life exploits for the phones or their communications. Blackberry phone remains the only ones on the market that encrypt all data traffic by default and that encryption can't be disabled. If you're on BIS or if you're on BES, your unencrypted web traffic, e-mail traffic (even POP3) is encrypted at the device. That's still worlds ahead of the other devices.
There's reports that one exploit exists that can decrypt Password Keeper data from a phone backup on a PC. There's this report that discusses recovery of phone unlock passwords. There's the widely discussed and misunderstood reports about RIM dropping BIS MDS servers in unfriendly countries and what that allows (hint: it has zero to do with Blackberries not in those countries).
RIM's stuff is by and large still very, very secure by any comparison and their phones are unique in that regard. So the way I see it, this is both news (being a genuine security hack) and relevant (these phones being the best on the market).
So stuff your ignorant sarcasm.
Re:I wonder how they managed that... (Score:3, Informative)
The password is not stored in any form, of course. But if there's encrypted data on the card, and that data can be decrypted using only the password, then you can just try every possible password until you find one that doesn't result in gibberish. This is called a known-plaintext attack [wikipedia.org].
Re:Do Russians contribute anything useful? (Score:3, Informative)
Blast to the past: Dmitry Skylarov (Score:4, Informative)
Let's try not posting this as an Anonymous Coward by mistake.
This is the same company that employed Dmitry Skylarov, one of the first people to be arrested under the DMCA for breaking the encryption on Adobe's eBook format.
http://en.wikipedia.org/wiki/Dmitry_Sklyarov [wikipedia.org]