[itsyaboy]

Hello,

I am a bit confused about how encryption works for the BlackBerry KEYone.

In my settings, I have chosen a PIN for screen lock and have Picture Password enabled. Whenever I start up my device, I need to enter my device PIN first before it goes any further. If I have read the user guides correctly, this means that my device is encrypted at rest with an encryption key based on my PIN.

The reason I ask is because I am going to turn the phone in for repair this weekend and wonder whether I should do a data wipe (but is all data truly removed on BlackBerry Android?) or whether I can trust the encryption and should just turn off the device.

Any who can offer some sound advice?

I have taken a look at this document: https://s3.amazonaws.com/blackberrym...-2+English.pdf

PS I suspect DTEK says that secure start-up isn't enabled when you're also using Picture Password? Anybody know why that is?

[anon(10387168)]

Sorry, don't know the answer to your technical question. However, my common sense answer says wipe it, if it's out of your hands! Even my old Enterprise BlackBerry's I would wipe before sending them in for repair or upgrade. Just my 2 cents worth. Cheers,

[Dunt Dunt Dunt]

I'd back it up and wipe it.

Don't know if you are sending it to a factory or local repair shop - or what they are fixing, but either way they might end up wiping it anyway.

[itsyaboy]

Sorry, don't know the answer to your technical question. However, my common sense answer says wipe it, if it's out of your hands! Even my old Enterprise BlackBerry's I would wipe before sending them in for repair or upgrade. Just my 2 cents worth. Cheers,

Thanks for your comment. Yes I am inclined to do so, however, I read online somewhere that most wipes on Android do not actually delete the data. The help webpage on BlackBerry's website seems to say that it does delete the data but would like additional confirmation (but from where and whom?)..

I'd back it up and wipe it.

Don't know if you are sending it to a factory or local repair shop - or what they are fixing, but either way they might end up wiping it anyway.

Thanks for your reply. I should have said, it isn't for anything software-related. It is because of loose keys on my physical keyboard. It's through my warranty with John Lewis in the UK who suggested repair over the phone. I am not sure whether they will do it themselves, through a third party or through BlackBerry Mobile...

So that's why I considered turning the phone off and trust on the local encryption.. but yeah maybe I shouldn't take the risk and just wipe it - provided it does delete the data.

[anon(10387168)]

Will they not need to access your phone to test the fix? Thus, you would be exposed!

[itsyaboy]

Will they not need to access your phone to test the fix? Thus, you would be exposed!

Hmm even for a keyboard fix? Didn't think about that.

[anon(10387168)]

Yup, they need to test swipe motions, typing, etc... I would wipe it for sure! And if you do your banking on it, then even riskier!

[anon(2695703)]

All deleting does is remove references to the data so that the sector is free to be overwritten.

The safest way to truly delete data is a "DoD wipe" or a security wipe, which performs a similar function. Specifically, not only does it remove references in the table, it also overwrites several times (seven, I believe?) with nonsense. This way, if one does try to examine the disk, they will only get nonsense overwritten several times over the original data.

Drive encryption makes the disk (much) more difficult to be read because you'd need the cipher key to actually see the cleartext. You run the risk of ruining the specimen trying to read it while in an encrypted state.

Picture key is not considered secure because of how easy it is to watch someone unlock their device.

... but it's better than nothing at all.

[itsyaboy]

Yup, they need to test swipe motions, typing, etc... I would wipe it for sure! And if you do your banking on it, then even riskier!

Hmmm okay didn't think of that! Thanks!

All deleting does is remove references to the data so that the sector is free to be overwritten.

The safest way to truly delete data is a "DoD wipe" or a security wipe, which performs a similar function. Specifically, not only does it remove references in the table, it also overwrites several times (seven, I believe?) with nonsense. This way, if one does try to examine the disk, they will only get nonsense overwritten several times over the original data.

Drive encryption makes the disk (much) more difficult to be read because you'd need the cipher key to actually see the cleartext. You run the risk of ruining the specimen trying to read it while in an encrypted state.

Picture key is not considered secure because of how easy it is to watch someone unlock their device.

... but it's better than nothing at all.

So how do you do a security wipe? Is it the same as a factory data wipe? The BlackBerry help page says data is permanently deleted, but does that mean it is overwritten like you said? If the data is not overwritten, then leaving it encrypted might be the better option? Bit of a shame the BlackBerry page isn't more specific about this... thanks for replying btw!

[wmatsura]

The factory data wipe you mention only restores the device to its original settings, erasing data and configs. It doesn't "permanently" erase data. There are apps for that (I used one called andro shredder or something of the sorts), and a couple of PC's software

[itsyaboy]

The factory data wipe you mention only restores the device to its original settings, erasing data and configs. It doesn't "permanently" erase data. There are apps for that (I used one called andro shredder or something of the sorts), and a couple of PC's software

Thanks for that. But is this also true for BlackBerry Android? The wording on the official BlackBerry website seems to suggest something else.

BlackBerry devices powered by Android perform a full device wipe or work data wipe as follows:

If the device is password-protected and the device owner types the device password incorrectly more times than an EMM solution or the device settings allow, the device deletes all user information and app data, and returns the device to factory default settings.
If a secondary profile or guest profile user types their profile password incorrectly more times than an EMM solution or the device settings allow, the profile is removed from the device.
If a user performs a factory reset on their device, the device permanently deletes all data so that it can't be recovered.
If a user has a remote device management app, such as Android Device Manager, set up on their device, they may be able to perform a remote device wipe.

When a device wipe occurs, all data on the device and media card is permanently deleted, including email accounts, downloaded apps, media files, documents, browser bookmarks, and settings.

See: https://help.blackberry.com/en/secur...486445486.html

[wmatsura]

In theory, what I said also applies to Blackberry Android, I'm unaware of any differences between the factory reset used by stock Android. The difference is the extra layer of encryption of Blackberry Android (the pin number you have to type every time the device is turned on). So Blackberry statement isn't technically incorrect when it says it erases data permanently, as long as the encryption holds.

But I feel like we've gotten way out of topic here, all this discussion would be relevant if you're a person of interest, who cannot afford any data being leaked (and in this case, it would've been a no brainer just disposing of the device). It's safe to assume that for the normal dude, it's ok to just trust Blackberry's encryption, your occasional nude pic won't be easily recovered just by performing a normal factory reset

[itsyaboy]

In theory, what I said also applies to Blackberry Android, I'm unaware of any differences between the factory reset used by stock Android. The difference is the extra layer of encryption of Blackberry Android (the pin number you have to type every time the device is turned on). So Blackberry statement isn't technically incorrect when it says it erases data permanently, as long as the encryption holds.

But I feel like we've gotten way out of topic here, all this discussion would be relevant if you're a person of interest, who cannot afford any data being leaked (and in this case, it would've been a no brainer just disposing of the device). It's safe to assume that for the normal dude, it's ok to just trust Blackberry's encryption, your occasional nude pic won't be easily recovered just by performing a normal factory reset

Thanks for the clarification!

And don't worry, your final paragraph is completely true from a practical point of view while at the same time it is not true from a principled point of view! Irrespective of whether I am interesting (I know I am not) I just really would like to know how it works (even though I am a layman).. It will suffice for my purpose obviously, but I still have that feeling of "wanting" to know.

Thanks for replying though - your information was very much appreciated.

[anon(10120165)]

Due to your factory enabled FDE there shouldn't be the need no overwrite your memory for a safe erase.
All you can restore from that wiped device is data garbage without knowledge of entropy and an attempt to exploit a weak implementation or passphrase.

If you want to be even more safe you can go the already suggested route and overwrite your memory after a factory reset. There should be apps for that (never tested them) but copying random data or using dd should be sufficient.

If you don't reset your phone you are basically left with the strength of your passphrase which isn't that high for a (short) PIN.

Eitherway work should be greater than benefit to try cracking your device.

Personally I would always do a reset.

[wmatsura]

Just to clarify my previous statement to the OP, I didn't mean to imply that you are not interesting, what I meant by "person of interest" was someone like a known politician, big shot CEO and so on (people who would be obvious targets to data stealing). I didn't know if you were one of those, my bad, I just took a guess that you'd be a regular person, like most of us here on CB.

I hope you got at least a reasonable explanation from the contributions here.

[itsyaboy]

Just to clarify my previous statement to the OP, I didn't mean to imply that you are not interesting, what I meant by "person of interest" was someone like a known politician, big shot CEO and so on (people who would be obvious targets to data stealing). I didn't know if you were one of those, my bad, I just took a guess that you'd be a regular person, like most of us here on CB.

I hope you got at least a reasonable explanation from the contributions here.

Don't worry, I wasn't offended or anything! I am quite regular (I hope)... And yes I do realise that the picture is very different type of professionals you have mentiones!

[itsyaboy]

Due to your factory enabled FDE there shouldn't be the need no overwrite your memory for a safe erase.
All you can restore from that wiped device is data garbage without knowledge of entropy and an attempt to exploit a weak implementation or passphrase.

If you want to be even more safe you can go the already suggested route and overwrite your memory after a factory reset. There should be apps for that (never tested them) but copying random data or using dd should be sufficient.

If you don't reset your phone you are basically left with the strength of your passphrase which isn't that high for a (short) PIN.

Eitherway work should be greater than benefit to try cracking your device.

Personally I would always do a reset.

Thanks for the write-up, I think I understand it better now. Have done a factory data reset and am trusting in BlackBerry's full-disk encryption

[bathu]

why picture password is not secure? when I set picture password the dtek security shows like phone is not encrypted and not secure.

[anon(2695703)]

Picture password is meant to prevent access, not secure the device.

I haven't looked at the actual implementation, but off the top of my head, I don't believe that a picture lock generates a cipher key for encryption / decryption.

Picture greatly reduces the "guesswork" required to gain access to the device.

Also very easy for "over the shoulder" password snooping. I use pattern lock, which admittedly is not as strong as complex password.

I'm OK with this risk and I mitigate "over the shoulder" snooping by turning off "Make pattern visible."

[itsyaboy]

Picture password is meant to prevent access, not secure the device.

I haven't looked at the actual implementation, but off the top of my head, I don't believe that a picture lock generates a cipher key for encryption / decryption.

Picture greatly reduces the "guesswork" required to gain access to the device.

Also very easy for "over the shoulder" password snooping. I use pattern lock, which admittedly is not as strong as complex password.

I'm OK with this risk and I mitigate "over the shoulder" snooping by turning off "Make pattern visible."

Wow I disagree with how easy it is for "over the shoulder" snooping to happen with picture password. Most significantly, people have no clue at all how it works, not even after watching it a few times. Even if I explain it and let some friends watch me unlock my phone, thus far no one has succeeded in guessing my number and the position.

But tk your other point, I am again very curious to the details

[bathu]

so which combination is best? pin and picture password or fingerprint and pin?

I think picture password is secure when it's compare to finger print and patter lock. but why dtek shows like picture password is not secure.

[bathu]

so which combination is best? pin and picture password or fingerprint and pin?

I think picture password is secure when it's compare to finger print and patter lock. but why dtek shows like picture password is not secure.

???

[chetmanley]

so which combination is best? pin and picture password or fingerprint and pin?

I think picture password is secure when it's compare to finger print and patter lock. but why dtek shows like picture password is not secure.

Picture password is a great compromise between the speed of a fingerprint, and the security and changeability of a passphrase.

However, picture password can still be observed over the shoulder, and with a surprisingly high degree of probability, your device can be unlocked by that observer before they hit the 5 try limit where it reverts to password.

https://forums.crackberry.com/blackb...ility-1100048/

I'm not sure why DTEK says Picture password is insecure? Does it say pattern lock is secure? I would take picture password over pattern lock any day.