Results 1 to 2 of 2

  1. #1
    Join Date
    Sep 2010

    RIM Responds To ElcomSoft Encryption Exploits

    About a week ago we wrote an article about the Russian company ElcomSoft, and their ability to exploit BlackBerry encryption. This was big news as there were no known ways to crack or hack a BlackBerry device in the manner described by ElcomSoft. We also stated that there was no reason to sound the alarms, and declare BlackBerry an insecure device. We all know that BlackBerry remains one of the most secure devices on the planet. However, I know its important for various reasons, that users be made aware of tactics that an attacker can use to gain entry to their personal information.

    On Saturday we received a response from RIM's BlackBerry Security Incident Response Team (BBSIRT) regarding the exploits found by ElcomSoft. The following is the response we got from RIM:

    The article states that the tool uses a brute-force attack to guess the
    smartphone password by attempting to decrypt the contents of a media
    card that has been removed from the smartphone. For this tool to do
    what Elcomsoft claims, an IT administrator or the smartphone user must have
    chosen to encrypt the contents of the media card with the smartphone
    password only. Furthermore, an attacker must have access to the media
    card from the smartphone, and the tool would have to successfully guess
    the password. To then use the password to unlock the smartphone, that
    attacker would also have to have access to the smartphone.

    For stronger protection, users can choose to encrypt the contents of an
    optional media card, choose the option to encrypt using a device key or
    the combination of a device key and the device password. See Enforcing
    encryption of internal and external file systems on BlackBerry devices
    for more information.

    To increase the difficulty of guessing passwords, RIM recommends that
    users always use strong passwords. A strong password has the following
    characteristics: includes punctuation marks, numbers, capital and
    lowercase letters does not include the user name, account name, or any
    word or phrase that would be easily guessed.

    The security of mobile devices and major networked systems is tested by
    third party security researchers every day. RIM also continually tests
    the security of its own products, and volunteers its products to
    recognized industry experts for security testing and certification to
    help identify possible security vulnerabilities and protect BlackBerry
    customers against potential security threats.
    Lets break down the response a little bit. The first paragraph we already discussed in the original article, basically the attacker would need physical access to your phone. So no remote exploit here, but how many times have you left or forgotten your phone some place. The next two paragraphs give us some pointers on how to block our devices against an attack like this. Although RIM did not specifically address the second exploit that takes advantage of BlackBerry Password Keeper, and BlackBerry Wallet, using a strong password will most likely take care of that.

    Ok so lets bring it all home. If you choose to encrypt your optional media card make sure you use a combination of a
    device key and the device password. Always use a complex password with a strong password that includes a combination of punctuation marks, numbers, capital and lowercase letters does not include your name, account name,or any word or phrase that would be easily guessed. Lets also remember that this is proprietary software developed by ElcomSoft, and at this point ElcomSoft is the only company that has it. However, anyone can purchase the software.
    Last edited by ice2921; 10-10-2011 at 07:31 PM.

  2. #2
    Join Date
    Feb 2009
    Phoenix, AZ
    BlackBerry Z10
    What about someone who sells you a BlackBerry that knows about the exploit?

Similar Threads

  1. IMPORTANT : Russian Company Breaks BlackBerry Encryption With Two New Exploits
    By ice2921 in forum BlackBerry News and Rumors
    Replies: 5
    Last Post: 10-04-2011, 10:33 AM
  2. Hackers Crack GPRS Encryption
    By DownForce in forum Off Topic Discussion
    Replies: 1
    Last Post: 08-11-2011, 05:31 AM
  3. Voice Encryption for Blackberry
    By ice2921 in forum BlackBerry Apps
    Replies: 0
    Last Post: 07-22-2011, 06:50 AM
  4. Enabling Encryption
    By chm0690 in forum BlackBerry Storm 9530/9500
    Replies: 3
    Last Post: 10-25-2009, 08:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts