[EncroChat]

This is the worst nightmare of owners of a similar device Just read latest blogpost of PGPSure� and then you may decide yourself if you will or won't use a BlackBerry PGP

[funksh1n]

Lady's and gentlemen, i'd like to revive this thread and put a little fact on the internet. Geoff Green of Myntex (competitor of Phantom secure previously referenced) has been trying to promote his android encrypted phones and scare people off of legacy BlackBerry 7 devices by posting paid articles on misdaadnieuws.com.

Here are the facts. Geoff I invite you to post PROOF that a cellebrite unit can complete a physical acquisition from an ENCRYPTED (content protection turned on) blackberry 7 device. Not a video of a cellebrite unit dumping a blackberry with unknown configuration. We've known for years that without encryption turned on, the devices can easily be cracked.

1. Cellebrite UFED units cannot complete physical extractions of BlackBerry's with encryption turned on.

Inquire with one of the many private mobile forensics firms out there and they will tell you the truth. Cellebrite's software requires a chip-off to obtain a data dump, and then it must bruteforce the password hash.

Contact Zack @ Mobile Phone Forensics & Mobile Phone Data Recovery for further information, he's very helpful. Other reputable firms include SYTECH | Digital Forensics and Binary Intelligence - Expert Digital Forensics & Investigations

-- A chipoff is required to acquire a data dump. This data dump is then loaded into cellebrite's software, which isolates the password hash and bruteforces it. That said, a strong password (16+ characters, uppercase + lowercase + symbols + numbers) still thwarts this forensics process.

2. If you look at the documents posted by misaadnieuws.com you will see a reference to a .bin file (comes from the chip off) and the SHA-256 password hash. This is visible proof that the so called "new method" is simply the chipoff + cellebrite bruteforce that has been used to crack BlackBerry device passwords since 2011. If the person had the same key store and device password, the .bin is simply loaded on a new BlackBerry handheld and the bruteforced device password is entered.
http://www.misdaadnieuws.com/blackq.jpg
Zogenaamd 'versleuteld' BlackBerry systeem Ennetcom ��k uitgelezen door NFI

3. Evidence shows that BlackBerry 7 devices have been cracked using chip-off + bruteforce since 2011. However Myntex chose to deny the facts on their website.

Now Geoff, you posted this one your website in 2014, seems like you've pulled a complete 180 since then + misleading customers for your own gain.
http://www.nist.gov/forensics/upload...nsics-FULL.pdf

4. My message to Geoff Green + Myntex.

Cellebrite recently helped the FBI crack an iOS 9 device locked & encrypted. How long before Cellebrite and company find a way to bruteforce Android lolipop and successors with encryption turned on?

[glamrlama]

Encryption and (unauthorized) decryption will always be a cat and mouse game. Truth is most encryption schemes will fail the wrench test.

[chrisleka]

Its a 9900.. Does blackberry follow up with updates on those?

Posted via the CrackBerry App for Android

[anon(8719892)]

You're getting confused. The Blackberry's that were cracked by the Dutch are not Blackberrys as you know them. They run unique OS designed from the bottom up. These arent BB10 or even BB7 devices.

[funksh1n]

Amir, none of these devices in question have people using memory cards encrypted to the BB7 device password, hence your post is irrelevant.

Amir, how many exploits does the hacking team have for android? LOL. In fact if you dig deeper into "The hacking team" so called exploit it is NOT an exploit. Rather it's a remote access / trojan that needs to be installed on the targets device. This requires the device password and not possible if activated on a BES that disallows third party applications.

Can't help but notice this "article" was posted just prior to all the misleading stories on misdaadnieuws.com... it promotes the encromail / encrochat product.

Encro Chat encrypted smartphone met verbeterde OTR en PGP

[funksh1n]

Teknofish you are wrong, they use just regular build's of the BB 7 OS. All they have is PGP Support package + activated on blackberry enterprise server to lock the devices down and allow remote wipes.

Anyways, plain and simple chip-off forensics were used to acquire a raw data dump of the devices in question. They simply then isolate the password hash and bruteforce it. Then they reload the raw data dump onto another device using cellebrite's software and enter the password. All comes back to a weak password... and this has been known since 2011. Myntex and it's merry band of resellers " have simply twisted what competent individuals in the industry have known since 2011.

[anon(1723145)]

Had a friend who got in trouble with the police. They managed to get into his encrypted BlackBerry 7 device for the evidence they needed.

Posted via CB10

Was it password protected? Did they crack the device memory or the SD card?

ClassicSQC100-3/10.3.2.858

[anon(8719892)]

I've seen one boot up they just go straight to a basic PGP chat sandboxed in whatever OS it is. There is no access to anything else. Definitely nothing BBRY related.

[anon(8719892)]

Have there been any cases of BB 7 os being accessed in court? I cant find any example. If a device or system is breached thats how it becomes public knowledge.

[mauro316]

Hello everyone. I saw an article on a different BlackBerry fan site about this. I'd like to share it with you.

This is the link to the original story: http://www.nationalpost.com/m/wp/new...ch-crime-probe

And here's the story:

Canadian judge releases encrypted BlackBerry messages from 20,000 users to Dutch crime probe

Canadian judge releases encrypted BlackBerry messages from 20,000 users to Dutch crime probe

Joseph Brean
Thursday, Sept. 15, 2016

After a police raid on a Toronto technology company, Canada has agreed to share a massive stash of encrypted BlackBerry Ltd. messages with Dutch police investigating an underworld conspiracy involving robberies, drug trafficking, attempted murder and assassinations.

But rather than simply hand over the messages, from 20,000 different users, an Ontario judge this week imposed restrictions designed to prevent a �fishing expedition� by police in the Netherlands or any other country. The ruling ensures the data will remain under Canadian control, and not be shared further without a court�s approval.

The fear is that unfettered disclosure would expose innocent people to the unjustified attention of police, just because they used an encrypted BlackBerry.

�Canada remains the home of this data,� Judge Ian Nordheimer wrote.

The case arose from a Dutch probe of an organized crime ring, in which police seized assault rifles, machine guns, grenades, vehicles, tracking devices, and large sums of money. Unusually, they also kept discovering BlackBerries that had been modified to send only encrypted messages, outside the normal cellphone network.

The BlackBerries had been modified so they could not be used for phone calls or Internet access or to take pictures. Their microphones had either been disabled or removed.

That service was offered by a Dutch company called Ennetcom, which sold the modified BlackBerries for about 1,500 euros ($2,220), and had the power to remotely �wipe� them clean of data. Ennetcom bills itself as a pioneering data protection company that will �defend against all forms of cybercrime.�

Dutch authorities, however, allege Ennetcom was actively facilitating organized crime by offering an almost uncrackable encryption service for gangsters, using the famously secure BlackBerry.


thewhistleblowers.infoDanny Manupassa of Ennetcom

Further Dutch investigation revealed the devices were all using a particular IP address, a routing code for Internet traffic, which they traced to Bitflow Technologies Inc., an Internet hosting company with offices at One Yonge Street on the Toronto waterfront.

Riaz Timol, a lawyer for Bitflow, said the company�s part in the case is entirely innocent. �They don�t know what�s on the servers. They rent space to people,� he said.

The search warrant executed at Bitflow was co-ordinated with raids in Holland on April 19. The head of Ennetcom, Danny Manupassa, 36, was held for two weeks by police on money laundering and weapons charges. He was released with conditions that included not leaving the Netherlands.

He later wrote a letter that came before Judge Nordheimer in which he �denies any conscious involvement with anyone who used the services of his company for criminal purposes.� Manupassa was also �critical of Dutch authorities for not requesting assistance and/or information from him, prior to taking the steps that they did.�

The 20,000 users are said to include the Dutch criminal suspects and their associates, but also likely include many innocent users of Ennetcom�s service. Most are believed to be Dutch."



BlackBerry Passport SE SQW100-4/10.3.2.2876