Forgot your password?
typodupeerror
Blackberry Cellphones Encryption Handhelds Security IT

Russian Software Company Says Its App Can Crack BlackBerry Security 78

Posted by timothy
from the put-down-that-wrench dept.
AZA43 leaps into the ranks of accepted submitters, writing "Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."
This discussion has been archived. No new comments can be posted.

Russian Software Company Says Its App Can Crack BlackBerry Security

Comments Filter:
  • ...software cracks YOU!
  • by Beelzebud (1361137) on Sunday October 02, 2011 @11:38AM (#37583738)
    It seems like the only time I read about anything Russians do with computer tech, it involves botnets, stealing passwords, and ripping off peoples bank accounts. Are there any Russians that contribute something positive to the world of software?
    • by Threni (635302)

      They provide entertaining plane/sub/ etc disasters. Oh, and putin does stuff like lying about finding ancient vases etc when he goes swimming. He's like that bearded Iranian twat. But without the beard.

      • by Anonymous Coward

        Have you seen that picture of him riding the shark though? A guy who could harness a wild shark and ride it around the sea, is probably badass enough to happen upon an ancient vase. Even more likely to do so because he would be traveling at shark speed through the water, rather than human speed.

    • Re: (Score:2, Funny)

      by thht (1473001)
      Kaspersky?
    • by Anonymous Coward on Sunday October 02, 2011 @11:46AM (#37583786)

      Are there any Russians that contribute something positive to the world of software?

      Tetris alone puts them way ahead of most countries.

    • by Osgeld (1900440)

      they have pinouts for everything!

      http://pinouts.ru/ [pinouts.ru]

    • Re: (Score:3, Insightful)

      by ripdajacker (1167101)

      One might view the testing and breaking of security as a valuable contribution. How else will companies like RIM learn?

    • by roman_mir (125474)

      I am former Soviet, Israeli, Canadian, currently in Europe building and selling/deploying software systems that analyze and integrate retail operations within store chain (integrate stores into a chain) and between stores and suppliers/manufacturers. It's hard business to compete with Oracle, SAP, MS in this field as well as with a number of smaller providers, including Russian 1C (1S), which is supported by Russian government, even their owner is a 'comptroller general' for a very large part of Russian Fed

    • Parallels.
    • by X.25 (255792)

      It seems like the only time I read about anything Russians do with computer tech, it involves botnets, stealing passwords, and ripping off peoples bank accounts. Are there any Russians that contribute something positive to the world of software?

      No, of course not, you stupid retard. All Russians are criminals, right?

      How are you not ashamed of publicly admitting that you don't read anything is beyond me, though.

    • by melted (227442)

      They do. There are a lot of Russian programmers working here in the US contributing quite heavily and positively to "the world of software". It's just that good news aren't as exciting.

      Engineer is really a third rate profession in an oil and gas rich country like Russia. Everyone wants to be a boss of some kind and to sit just a wee bit closer to the pipe. A few companies that manage to pull together good talent generally either work for the local market (because US is impossible to get into if you're not a

    • Re: (Score:3, Informative)

      by TheRaven64 (641858)
      How did this borderline racist shit get modded up? Two of the biggest open source projects that I work on (LLVM and FreeBSD) have a lot of Russian contributors. You are almost certainly using code (at least partially) written by Russians on a daily basis.
      • by fatphil (181876)
        Plenty working on Linux are from Russia too. The input layer subsystem is Dmitry Torokhov's ward, for example, and Artem Bityutskiy gave us UBI(FS). Not to mention a great number of footsoldiers contributing a whole host of drivers, features, fixes, etc. I've worked alongside a great many Russians, and they were highly skilled and rigorous engineers.
      • by gtall (79522)

        Racist? Errrm...okay, I give up, how does casting aspersions on Russians constitute racism?

        The GP though should give the Russians a break. First the Tsars, then Stalin, and now Putin. Russkies do have a knack for finding the least capable people to run the country. Having a government which is the moral equivalent of La Cosa Nostra isn't a recipe for success. The Russkies should be hailed for still trying to succeed in spite of their leaders.

      • Yeah good points. I'll add Nginx to the list. Jeez - that webserver software has been killing it in terms of capabilities (and market growth) for about 4 years. All thanks to a solid Russian OSS developer named Igor Sysoev.

        And if you want to dig a little deeper, the GiST index system for Postgres which enables GIS, spherical projections (for astronomy) and all kinds of other amazing solutions in Postgres - thanks to two great (and amazingly smart) guys also in Russia. http://www.sai.msu.su/~megera/postgres/ [sai.msu.su]

    • by tokul (682258)

      Are there any Russians that contribute something positive to the world of software?

      rarlabs, akella, http://l10n.gnome.org/languages/ru/ [gnome.org]

    • by Hentes (2461350)

      If they disclose the vulnerability instead of just exploiting it than it's useful. Also, Russians are very good at IT in general, [wikipedia.org] you just only hear about the hackers as they are the ones to make the news.

    • by hutsell (1228828)

      Isaac Asimov's Three Laws of Robotics. Initially, I found the simplistic algorithm to be strangely fascinating; in hindsight,
      I realized the exposure was my first experience with the idea of programming--something I still find strangely fascinating.

      From: ...Are there any Russians that contribute something positive to the world of software?

      --
      "God, please stop me before I code again."

  • Not reliable... (Score:5, Interesting)

    by hawkbat05 (1952326) on Sunday October 02, 2011 @11:39AM (#37583740)
    If you actually read this one you'll realize it's useless if the card isn't encrypted (ironically) or the user chose one of the other 3 options. Plus this option is designed to be less secure so you can put the card in another device and decrypt it with just a password. I also wonder what character set is included in their claim of cracking a 7 character password in just hours. http://xkcd.com/936/ [xkcd.com]
    • The real question, however, is will any such attack against Blackberries be successful before RIM is out of business? Hmmm, come to think of it this is sort of like TKIP but on a macro level.

  • Why would the password be stored, in any form recoverable by means that aren't computationally intractable brute forcing, anywhere in the device or storage expansion cards?

    Isn't this the sort of thing that hashing is supposed to solve?
    • They're brute forcing it
    • Re: (Score:3, Informative)

      by Sqr(twg) (2126054)

      The password is not stored in any form, of course. But if there's encrypted data on the card, and that data can be decrypted using only the password, then you can just try every possible password until you find one that doesn't result in gibberish. This is called a known-plaintext attack [wikipedia.org].

  • Russians are good at cracking software. It is a puzzle that they are so bad at creating it.
  • by G3ckoG33k (647276) on Sunday October 02, 2011 @12:38PM (#37584060)

    In other news "Other Russians Say They Cracked BlackBerry Years Ago" but kept mum about, for "financial and business reasons". ;)

  • Same key? (Score:2, Interesting)

    by russotto (537200)

    Pure speculation here:

    Since this only works with media encryption enabled, I'm guessing this is an alternative cipher attack. They can't directly obtain the Blackberry device password, but they can break the media encryption (perhaps because it is a much weaker cipher). The media encryption key is likely the same as or derived from the device password, allowing an expedited attack on that.

    Moral of the story: If you derive a key for a weak cipher from a key used for a strong one, make sure you use an irrev

  • by metallic (469828) on Sunday October 02, 2011 @09:06PM (#37586766)

    Let's try not posting this as an Anonymous Coward by mistake.

    This is the same company that employed Dmitry Skylarov, one of the first people to be arrested under the DMCA for breaking the encryption on Adobe's eBook format.

    http://en.wikipedia.org/wiki/Dmitry_Sklyarov [wikipedia.org]

  • by Prune (557140) on Sunday October 02, 2011 @10:42PM (#37587084)
    This is simply brute-forcing the password, relying on a short user password. It is only viable if the user has set up the phone security options in a weak way: selected to encrypt media card with user password only, rather than user password plus device key. So really there is nothing surprising in this attack. If you want good security on a Blackberry, it's a matter of setting it up in the options.

We warn the reader in advance that the proof presented here depends on a clever but highly unmotivated trick. -- Howard Anton, "Elementary Linear Algebra"

Working...