1. Harry_III_UK's Avatar
    As far as I am aware, it is possible to encrypt your BlackBerry device and media card files so that the files can only be read on the particular BlackBerry device that they are encrypted on.

    As I understand it, the files are encrypted with a key that is generated by the specific BlackBerry device, and stored on that device.

    So, for example, if you remove the encrypted memory card from the device and put it into another device, you may be able to see the file names that are there, but you wont be able to decrypt them to view them as the key resides on the specific BlackBerry device that they were encrypted on.

    Am I right in thinking that this poses risks in terms of losing your data as the key is only stored on the BlackBerry device used to encrypt them?

    For example, say I encrypt the files on my media card on my Z10. All is well and good. The files are secure, and can only be read on the specific Z10 that encrypted them.

    However, if I drop the Z10 and crack the screen, then I can never unlock the device, thus can not access my files.

    If the device is returned for a repair, and the service centre wipes the device during the repair process, I would think that the encryption key will be lost and I will never be able to access those files again.

    So, does anyone know if:

    1) There is a way to store a BlackBerry encryption key outside the device as a backup?

    2) If BlackBerry link backs up the encryption key as part of the backup process so that in the repair scenario above, I could simply re-install the backup file, and then be able to read my encrypted media card again?

    Thanks
    kbz1960 likes this.
    02-21-14 03:23 PM
  2. FF22's Avatar
    As I understand it, the key is on that SPECIFIC device. You have identified the inherent problems with encrypting the sd card. And there have been posts by folks who have lost sd card data when their "original (encrypting)" phone failed for one reason or another. The one way around this would be to make sure you have a backup of any data on the card on another device/computer/tablet/laptop.
    ronfc, kbz1960 and Harry_III_UK like this.
    02-21-14 05:12 PM
  3. kbz1960's Avatar
    As I understand it, the key is on that SPECIFIC device. You have identified the inherent problems with encrypting the sd card. And there have been posts by folks who have lost sd card data when their "original (encrypting)" phone failed for one reason or another. The one way around this would be to make sure you have a backup of any data on the card on another device/computer/tablet/laptop.
    That would need to be an unencrypted copy, yes? So would you have to decrypt backup or copy and encrypt again on the phone when done?
    02-21-14 05:30 PM
  4. tickerguy's Avatar
    Yep.

    If your device becomes inaccessible (or is wiped), irrespective of reason, all data on the SD card cannot be decrypted. There is no way around this; that's the POINT of encrypting it.
    kbz1960 and Harry_III_UK like this.
    02-21-14 05:35 PM
  5. SmellWhole's Avatar
    BlackBerry legacy OS (BBOS) has the option to encrypt the media card using the Device Password only; if that mode is employed, the files can be viewed in another BlackBerry by someone who knows the password. As I understand it, this option is not available on BB10, and media card encryption is device specific. You should keep a backup of your media card pics, files, videos, etc. on another device (like a laptop) in a safe place. I mean you could lose your phone, card and all, and be completely screwed without a backup.
    Gerii and Harry_III_UK like this.
    02-21-14 06:38 PM
  6. FF22's Avatar
    That would need to be an unencrypted copy, yes? So would you have to decrypt backup or copy and encrypt again on the phone when done?
    Good question. So, the issue is: are files automatically decrypted as you copy them (say, using Windows Explorer) by drag and drop them to your computer or do they remain encrypted unless you take specific steps to copy UNencrypted versions?
    Harry_III_UK likes this.
    02-22-14 08:54 AM
  7. tickerguy's Avatar
    Good question. So, the issue is: are files automatically decrypted as you copy them (say, using Windows Explorer) by drag and drop them to your computer or do they remain encrypted unless you take specific steps to copy UNencrypted versions?
    They are unencrypted if you drag and drop them from the connected phone (e.g. it's connected via Link.)

    If you put the phone into "raw" mode (as a raw USB storage device) I am uncertain of whether that is the case, and in fact would not expect it to be. I have not tested this, however.

    I don't run with my SD card encrypted as there's nothing on there but media. I DO encrypt the phone storage itself.
    FF22 and Harry_III_UK like this.
    02-22-14 09:05 AM
  8. NtotheK's Avatar
    OK so here is what I do. The device itself is encrypted and I save all pictures and videos to the on board storage. Then I sort all my pictures for sensitive material and transfer over to the SD. I also keep all my music and non sensitive information on the SD.

    Posted via CB10
    Harry_III_UK likes this.
    02-22-14 02:04 PM
  9. Harry_III_UK's Avatar
    BlackBerry legacy OS (BBOS) has the option to encrypt the media card using the Device Password only; if that mode is employed, the files can be viewed in another BlackBerry by someone who knows the password. As I understand it, this option is not available on BB10, and media card encryption is device specific.
    I can see why that would be more secure on BB10, as without the decryption key the file can't be opened. The key is separated from the files. With the standard (i.e. "not using public key infrastructure") "encrypt using a password" option, the password is always a part of the encrypted file.

    So, you "encrypt using a password", send the file to your colleague, and your colleague just needs to type in the password to open it. Your colleague doesn't need any decryption keys because the password is part of the file.

    I would think where the password is part of the file then it is more susceptible to a brute force attack? It is like having the key to your front door hidden somewhere on the door at all times, rather than the key being in your pocket and kept apart from the door. Or, does public key v standard encryption susceptibility to brute force attack depend entirely on the encryption algorithm used?

    So, then to "secure wipe" the device and make your files unreadable, I would think that you don't really need to wipe every individual file (which would take hours on a 64GB card), all you need to do is secure wipe the decryption key?

    I know when I was playing around with my Q10 and decided to see if BlackBerry protect worked to secure remote wipe the device (not the card, the device) it took a fair while, but my device wasn't encrypted so I would imagine it was secure wiping every single file rather than just wiping a key.

    As key file sizes tend to be small compared to actual file sizes, wiping the key would take seconds. Even wiping using a multiple pass algorithm wouldn't take that long.

    So, when Blackberry 10 "security wipe" is activated on an encrypted media card or device, does it take a relatively short time - indicating it is the key rather than the files that are being wiped?
    02-22-14 02:51 PM
  10. SmellWhole's Avatar
    I can see why that would be more secure on BB10, as without the decryption key the file can't be opened. The key is separated from the files. With the standard (i.e. "not using public key infrastructure") "encrypt using a password" option, the password is always a part of the encrypted file.

    So, you "encrypt using a password", send the file to your colleague, and your colleague just needs to type in the password to open it. Your colleague doesn't need any decryption keys because the password is part of the file.

    I would think where the password is part of the file then it is more susceptible to a brute force attack? It is like having the key to your front door hidden somewhere on the door at all times, rather than the key being in your pocket and kept apart from the door. Or, does public key v standard encryption susceptibility to brute force attack depend entirely on the encryption algorithm used?

    So, then to "secure wipe" the device and make your files unreadable, I would think that you don't really need to wipe every individual file (which would take hours on a 64GB card), all you need to do is secure wipe the decryption key?

    I know when I was playing around with my Q10 and decided to see if BlackBerry protect worked to secure remote wipe the device (not the card, the device) it took a fair while, but my device wasn't encrypted so I would imagine it was secure wiping every single file rather than just wiping a key.

    As key file sizes tend to be small compared to actual file sizes, wiping the key would take seconds. Even wiping using a multiple pass algorithm wouldn't take that long.

    So, when Blackberry 10 "security wipe" is activated on an encrypted media card or device, does it take a relatively short time - indicating it is the key rather than the files that are being wiped?
    Legacy BBOS has three media card encryption modes to choose from:

    1. "Device Password"
    2. "Device Key"
    3. "Device Password & Device Key"

    Yes, "Device Password" is the the most vulnerable mode. If your media card is encrypted using this mode, there is software available that can be used to brute force one file on the media card to crack your BlackBerry's password! Of course, password length and complexity would play a part in whether the attack is successful; if your password is 25 random characters, the attack is unlikely to succeed. Nevertheless, the "Device Password" mode is a useful option because it allows less technically inclined people to achieve a moderate level of security without substantial risk of loss to their data, and it allows more technically advanced people to temporarily choose the mode when they want to transfer an encrypted media card from one BlackBerry to another or before performing a device security wipe.

    I use "Device Password & Device Key." If I want to do a security wipe, I first switch the mode to "Device Password." I then safely remove the media card (Options>Storage>Menu key+"safely remove media card"). After I do a security wipe, I set up my device's security settings. For the media card encryption mode, I choose "Device Password & Device Key." Once I put the media card back in, a prompt appears and asks for the password that was used to encrypt the card. After I enter that, a second prompt comes up which states that the media card has encryption settings that are different ("Device Password") from that on the device ("Device Password & Device Key"), and it asks me if I would like to change the card's settings to match the settings on the newly set up device. I choose yes, and at that point my card becomes again encrypted using the "Device Password & Device Key" mode.

    Additional Note:

    Whenever I do a security wipe and set up the device I don't rush the process. I choose all the settings, including the security settings, and when I'm done doing setup (before I put in the media card), I lock the BlackBerry. Soon thereafter, the BlackBerry encrypts all the data on it. I know this, because I let it sit there for about five or ten minutes and then light the screen. A message appears on the screen that says, "Content Protection is being enabled. This process may take a few minutes," and the screen stays lit till it's done. On my BlackBerry, this encryption process takes about five or ten minutes. But you're right, later when I unlock the phone and put my already encrypted card in, it doesn't take any time to encrypt the files because they are already encrypted. Changing the mode from "Device Password" to "Device Password & Device Key" (or switching between the modes) is very fast, because doing so merely introduces (or removes depending which way you go) a device key; it doesn't re-encrypt all the files from scratch, it adds or removes the key. I have no experience with BB10.
    Harry_III_UK likes this.
    02-23-14 08:51 AM

Similar Threads

  1. "Start Considering an Exit Strategy" ad on Good.com
    By supraking in forum General BlackBerry News, Discussion & Rumors
    Replies: 54
    Last Post: 05-06-14, 10:42 AM
  2. Bbm Voice call on z10
    By Joseph El Soueidy in forum General BBM Chat
    Replies: 4
    Last Post: 02-21-14, 04:38 PM
  3. Recommended Skins for your Blackberry Z10, Z30, Q10, Q5?
    By Ohstopityou in forum BlackBerry Z10
    Replies: 2
    Last Post: 02-21-14, 04:25 PM
  4. Heres one way BlackBerry could become a huge consumer brand again
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 1
    Last Post: 02-21-14, 03:55 PM
LINK TO POST COPIED TO CLIPBOARD