IMPORTANT : Russian Company Breaks BlackBerry Encryption With Two New Exploits
Results 1 to 6 of 6

Thread: Russian Company Breaks BlackBerry Encryption With Two New Exploits

  1. #1
    ice2921's Avatar
    ice2921 is offline BlackBerryOS Grand Master Follow ice2921 On Twitter
    Join Date
    Sep 2010
    Location
    USA
    Device
    Z10
    OS
    10.0.10.684
    Carrier
    AT&T
    Posts
    2,544
    Liked
    753 times

    Russian Company Breaks BlackBerry Encryption With Two New Exploits




    Security is one of the biggest reasons why so many people choose BlackBerry as their preferred smartphone. Its clear that it rises far beyond the rest of its class in regards to security, and keeping data safe. So when exploits or security loopholes are found it's a big deal. Users want to be protected, and companies need to be ensured their data is protected at all times.

    Until recently there has been little regarding BlackBerry security penetration. However, a Russian company Elcomsoft that specializes in making mobile phone cracking software, has figured out a way to exploit two of RIM's most prominent security features. Surprisingly one of the exploits is carried out by utilizing two free apps that normally come standard on all BlackBerry smartphones. The other utilizes an exploit found on the removable media card.

    The first exploit was found by targeting the apps BlackBerry Password Keeper, and Blackberry Wallet. How ironic, the very apps that are supposed to keep your info secure are the ones that give up key info into getting the master password for each app. As you know these two apps are meant to easily store confidential information in a safe place.

    The key to this exploit is in the backup. Password Keeper and the Wallet databases are always included in the backup done by the BlackBerry Desktop Software. Sounds easy enough just grab the raw databases and extract the info, right? No, the problem is that these backups are encrypted which means they are useless without that encryption key. Enter EPPB (Elcomsoft Phone Password Breaker), this program can break through that encryption, and ultimately extract the apps master password.


    The databases can then be loaded in the EPPB program, and the password recovery process begins. According to the makers the recovery processis relatively fast. Computing “ hundreds of thousands and up to several millions passwords per second on modern CPU, depending on BlackBerry OS version.” After running the program the master password is found. Now what?


    Now that the password(s) have been recovered you now have a couple options extract data:

    • Use the BlackBerry Simulator, restore the backup to it, and then use the recovered master password(s) to read the users data
    • Use the EPPB built in Backup Explorer to view both apps data
    The second exploit can recover the master password set by the user on their BlackBerry. We all know what happens after that 10th time of incorrectly entering your password; it erases your data. Up until now there was no know way to crack the master password on a BlackBerry. That has changed, Elcomsoft has figured out a way to do just that.

    This exploit utilizes an attack on the users media card. Here is how it works. A user must have selected the option to encrypt the contentsof their removable media card. ElcomSoft estimates that 30% percent of BlackBerry users enable that option. EPPB then uses information stored on the media card to crack the password. This is done by usinga simple brute-force dictionary attack. The whole process can be done in less than an hour. Really, is it that simple? It seems so. Now what is intended for an extra layer of security actually becomes a liability.

    It seems as though Elcomsoft has made it pretty simple to crack the master password and recover the passwords for Password Keeper and BlackBerry wallet. This is a pretty significant achievement, breaking through BlackBerry security features.


    So what does all of this mean for BlackBerry users? Well for starters, there is no reason to sound the alarms, and declare the BlackBerry an insecure device. We all know that’s far from the truth. What this does is make us that much more aware of the importance of safeguarding our data. BlackBerry smartphones are solid secure devices, and that's why I use mine. Ignoring securing your data is a bad idea.

    Do you use Password Protector or Blackberry Wallet? Do you have encryption enabled on your media card?


    Last edited by ice2921; 09-30-2011 at 09:33 AM.




  2. #2
    YahyaRivero is offline BlackBerryOS Noobie
    Join Date
    Aug 2011
    Device
    Bold 9930
    OS
    7.0.0.241
    Posts
    3
    Liked
    0 times
    sorry for ignorant response but, you're telling me that though i have my personal info encrypted inside the Password Keeper that this can still steal my stuff? And not to panic?!

  3. #3
    AgentBlackBerry's Avatar
    AgentBlackBerry is offline BlackBerryOS Master Follow AgentBlackBerry On Twitter Add AgentBlackBerry on Facebook Add AgentBlackBerry on Google+
    Join Date
    Jun 2011
    Location
    New York
    PIN
    2ADD0724
    Device
    Z10
    OS
    10.2.0.1443
    Carrier
    AT&T
    Posts
    2,015
    Liked
    478 times
    Well the reason why there shouldn't be any reason to panic are because 1.) not everyone has access to the program necessary to extract these passwords from a backup file and 2.) a hacker would need to have access to those back up files as well.

    Research In Motion has been the most secure smartphone manufacturer for a long time. When something like this comes out, companies immediately seek to address this as soon as possible through an app/software update. So that's also something we can expect to happen. No need to panic
    Click the Like link in the bottom right of a post to say thanks!
    Resource Center ~ Rules and Guidelines ~ Download Center

  4. #4
    ice2921's Avatar
    ice2921 is offline BlackBerryOS Grand Master Follow ice2921 On Twitter
    Join Date
    Sep 2010
    Location
    USA
    Device
    Z10
    OS
    10.0.10.684
    Carrier
    AT&T
    Posts
    2,544
    Liked
    753 times
    Quote Originally Posted by YahyaRivero View Post
    sorry for ignorant response but, you're telling me that though i have my personal info encrypted inside the Password Keeper that this can still steal my stuff? And not to panic?!
    Panic no, but its always good to keep tabs on your data, especially if you have laptop.

  5. #5
    YahyaRivero is offline BlackBerryOS Noobie
    Join Date
    Aug 2011
    Device
    Bold 9930
    OS
    7.0.0.241
    Posts
    3
    Liked
    0 times
    Ok thanks. That's one of my main reasons I chose Blackberry, security. Android sucks a** in that category.

  6. #6
    ice2921's Avatar
    ice2921 is offline BlackBerryOS Grand Master Follow ice2921 On Twitter
    Join Date
    Sep 2010
    Location
    USA
    Device
    Z10
    OS
    10.0.10.684
    Carrier
    AT&T
    Posts
    2,544
    Liked
    753 times
    Quote Originally Posted by YahyaRivero View Post
    Ok thanks. That's one of my main reasons I chose Blackberry, security. Android sucks a** in that category.
    And a good choice.

Similar Threads

  1. Voice Encryption for Blackberry
    By ice2921 in forum BlackBerry Apps
    Replies: 0
    Last Post: 07-22-2011, 06:50 AM
  2. App World Breaks the 10,000 App Mark
    By horangi7 in forum BlackBerry Apps
    Replies: 1
    Last Post: 09-08-2010, 11:09 AM
  3. 5.0.0.328 Breaks VZAM Tethering
    By bdube in forum 9530/9500 Operating Software
    Replies: 11
    Last Post: 12-09-2009, 02:49 PM
  4. Enabling Encryption
    By chm0690 in forum BlackBerry Storm 9530/9500
    Replies: 3
    Last Post: 10-25-2009, 08:47 AM
  5. HSN salesman breaks TV - Pretty damn funny!
    By Brett Wyman in forum Off Topic Discussion
    Replies: 3
    Last Post: 10-25-2009, 05:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •