1. AlexXF's Avatar
    Moscow, Russia � September 29, 2011

    ElcomSoft Co. Ltd. updates Elcomsoft Phone Password Breaker with the ability to recover BlackBerry device passwords protecting BlackBerry smartphones. The recovery is possible if the user-selectable "Device Password" security option is enabled to encrypt media card data. By analyzing information stored on encrypted media cards, Elcomsoft Phone Password Breaker can try millions password combinations per second, recovering a fairly long 7-character password in a matter of hours. With the ability to recover the device password, ElcomSoft does what's been long considered impossible, once again making Elcomsoft Phone Password Breaker the world's first.
    ElcomSoft Recovers BlackBerry Device Passwords

    Information stored in BlackBerry devices is securely protected with an individual security password (device password). This password is requested every time the device it being turned on, or every time after a certain timeout if Security Timeout option is selected. If a password in typed incorrectly ten times in a row, all information on the BlackBerry smartphone is wiped clear, leaving no chance of subsequent recovery. This is a security feature, and one of the hallmarks of BlackBerry security model. Until today, it was commonly believed there is no way around the security password.

    ElcomSoft has proven this belief wrong. If a user-selectable option to encrypt the contents of a removable media card is selected, Elcomsoft Phone Password Breaker can analyze information stored on the media card and derive the original device password without the need to use the BlackBerry device itself.

    BlackBerry smartphones have an option to encrypt the contents of a removable media card, making any information stored on it only accessible to an authorized user. The encryption is disabled by default, but many users opt for enabling the extra security layer. To the contrary of this feature�s intent, those opting for extra security may be actually opening a way for investigators to overcome BlackBerry�s hallmark security feature, the device password.

    When a BlackBerry user opts for the �Device Password� option to encrypt the contents of their memory card, it opens an interesting avenue for an attack. Since with this security option the media card is encrypted using the device password, it becomes possible to recover the original device password with a simple dictionary or brute-force attack.
    While this method only works if the removable media card is encrypted with user selectable �Device Password� option, it�s much better than nothing. ElcomSoft estimates that about 30 per cent of all BlackBerry smartphone users opt to protect their media cards with this option, making their devices open to this attack.

    Unlike with Apple iPhone, a BlackBerry device is not required to perform the recovery. A single file from the removable media card is all that�s needed. The password recovery rate is in the order of millions passwords per second, meaning that a fairly long 7-character password can be unlocked in less than an hour if the password consists of characters in a single case (all capital or all lower- case) characters.

    Knowing the original plain-text device password, investigators can access all information stored in the original BlackBerry device, or produce a backup file for comprehensive off-line analysis.
    09-29-11 07:47 AM
  2. AlexXF's Avatar
    I'm disappointed in Blackberry security model!

    PS. This option 'Device password' is enabled by default. So, BES admins must to check their policy settings due to this security hole.
    09-29-11 07:49 AM
  3. katiepea's Avatar
    wow, well, ..hmm, this is what everyone said was impossible due to nobody knowing anything about RIM's security.. this is actually a really huge story, if true, i didn't think i'd ever read it.
    Last edited by katiepea; 09-29-11 at 08:21 AM.
    09-29-11 07:55 AM
  4. guerllamo7's Avatar
    This is another report against Blackberry that is not true. The fact is that Blackberry has never been breached and if they have your phone Blackberry is the one phone they can't get into.
    Google how long it takes to get into an iPhone or Droid.

    RIM got the memo on content and are about to release a big upgrade with BB Movies and close the gap on content but they will always have security.
    No one will say, our phones are less secure than Blackberry but they are. This is part of the B.S. campaign against Blackberry.

    Is Mircosoft safe? No, Is apple safe? No, Are droids safe? definitely not. Is Blackberry safe? Yes, and a competitor will have to show me for five years that they can't be compromised.

    Nice try turkeys.
    09-29-11 08:15 AM
  5. johnenglish's Avatar
    Is this the same story from the beginning of the month?

    http://forums.crackberry.com/news-ru...kberry-644431/
    Jake2826 likes this.
    09-29-11 08:15 AM
  6. katiepea's Avatar
    This is another report against Blackberry that is not true. The fact is that Blackberry has never been breached and if they have your phone Blackberry is the one phone they can't get into.
    Google how long it takes to get into an iPhone or Droid.

    RIM got the memo on content and are about to release a big upgrade with BB Movies and close the gap on content but they will always have security.
    No one will say, our phones are less secure than Blackberry but they are. This is part of the B.S. campaign against Blackberry.

    Is Mircosoft safe? No, Is apple safe? No, Are droids safe? definitely not. Is Blackberry safe? Yes, and a competitor will have to show me for five years that they can't be compromised.

    Nice try turkeys.
    sigh, you do realize that at the last defcon blackberry was hacked in about 10 minutes giving the hackers access to the entire contact list as well as all the pictures on the device right?

    Pwn2Own 2011: BlackBerry falls to WebKit browser attack | ZDNet
    09-29-11 08:18 AM
  7. therapyreject174's Avatar
    Since when is brute forcing a password considered a legitimate security breach?
    lorax1284 and Jake Storm like this.
    09-29-11 08:23 AM
  8. AlexXF's Avatar
    Is this the same story from the beginning of the month?
    No. Previous story was been about BACKUP security hole.

    It's a fresh news.

    RIM got the memo on content and are about to release a big upgrade with BB Movies and close the gap on content but they will always have security.
    in RIM we trust? This is not a BS company against RIM. This is a vulnerability in BlackBerry security model BY DESIGN!

    If you have device locked by password and media card encrypted using 'Device Password' options, then your password CAN be recovered in a short time.

    There is impossible to fix that vulnerability. RIM need to remove this option (encrypt using device password) from list.

    PS. As BES owner i've request admins to disable this option from all of our accounts and switch it to Device Key + Device Password
    Last edited by AlexXF; 09-29-11 at 08:28 AM.
    09-29-11 08:23 AM
  9. katiepea's Avatar
    Since when is brute forcing a password considered a legitimate security breach?
    considering the device is supposed to wipe and lock after 10 wrong tries, a brute force attack is pretty surprising and equally effective as any other means.
    09-29-11 08:28 AM
  10. BBThemes's Avatar
    sigh, you do realize that at the last defcon blackberry was hacked in about 10 minutes giving the hackers access to the entire contact list as well as all the pictures on the device right?

    Pwn2Own 2011: BlackBerry falls to WebKit browser attack | ZDNet
    hacked by going onto a certain mailicious website and activating a certain malicious script. hardly the everyday occurence of `hacking`. plus the browser has been updated since then, although its unclear if the updates have resolved the issue or not

    Since when is brute forcing a password considered a legitimate security breach?
    yup ya can get into most things by brut forcing, but this requires the user to a) have a memory card and b) have the media card encryption turned on, which is by no means a default setting.
    09-29-11 08:34 AM
  11. lnichols's Avatar
    Simple fix for this, disable the ability via BES to support external memory. Hole plugged. This break requires the memory card to be encrypted and determining the password via the card, not the phone.
    09-29-11 09:19 AM
  12. i7guy's Avatar
    Actually it's an interesting concept. Can't hack the device so hack the media card on the device. My media card contains all sorts of g rated unencrypted junk. So hack away.
    09-29-11 09:26 AM
  13. i7guy's Avatar
    considering the device is supposed to wipe and lock after 10 wrong tries, a brute force attack is pretty surprising and equally effective as any other means.
    It's a brute force on the media card, not the device if I read it properly. How many people actually encrypt their media card, contrary to what the software thinks.
    09-29-11 09:28 AM
  14. Rickroller's Avatar
    It's a brute force on the media card, not the device if I read it properly. How many people actually encrypt their media card, contrary to what the software thinks.
    "When a BlackBerry user opts for the �Device Password� option to encrypt the contents of their memory card, it opens an interesting avenue for an attack. Since with this security option the media card is encrypted using the device password, it becomes possible to recover the original device password with a simple dictionary or brute-force attack."

    So when a user opts for the Device Password option encrypting their memory card..it's possible to retrieve the password for the device itself via the brute force attack.

    At least that's what I gather about it. Whether or not alot of people do this..I have no idea. Regardless..to me it's still a PITA to do (attempt the hackery)..and whether there is vulnerabilities or not doesn't change the fact BB's are still the most secure platform. Does the average consumer care about that? Not imo..but for those that do..it makes a nice option.
    09-29-11 10:26 AM
  15. Pete6#WP's Avatar
    The BlackBerry is just as secure as ever. It's security is still 100%.

    The hole in the security is the media card. The way this Russina hack works, according to the article, was to find a BlackBerry that had encryption on the Media Card. The hack require this and the fact that you could remove the Media Card from the phone and crack the security by analysing the data on the (now external) Media Card.

    This somehow allowed them to gain access to the Device Password.

    THIS HACK WILL NOT WORK IF YOU REMOVE ENCRYPTION FROM THE REMOVABLE MEDIA CARD.

    Do this and your BlackBerry is still secure - 100%.
    Jake Storm likes this.
    09-29-11 10:34 AM
  16. sam_b77's Avatar
    Well with the new devices having 8 gb data keep the sensitive data on the device and don't select "encrypt media card". Now hack the device.
    At least there is an option to make it unhackable(as of now).With the Androids and iOS you just have your a$$ flapping in the wind.
    09-29-11 10:35 AM
  17. i7guy's Avatar
    The reason I don't encrypt my media card, is because I would like to back it up on my computer by plugging it in directly. There is nothing there, other than some embarrasing pictures of me with my thumbs in my ears, that I care about anyone else seeing. lol
    09-29-11 10:44 AM
  18. iN8ter's Avatar
    Some people do have personal stuff on their media card. Some people may have personal documents there and think that the data is safe. Lots of people prefer to put stuff on the card because the card can be salvaged if something happens to the phone. Newsflash: Many Android phones come with 16GB Internal storage, but people still put almost everything on the SD Card because of that reason alone. Phone dies? No problem. Take the card out and put it into a replacement.

    Make RIM fix the hole. Don't throw it under the rug and claim it's secure 100% when your media card is anything but secure using the proposed work-around.

    And a lot of people use Blackberries that don't have ridiculous amounts of internal storage. The last flagship bold is the 9780 and it sure as **** didn't have a ton of internal storage. Not everyone was on AT&T or Verizon to get a Torch or Storm.

    If it was an Android issue, this would be at least a *little* less laughable since those aren't used to much in the corporate sector, where this level of security is assumed to be reliable, and mostly needed.

    Apparently a fix is incoming, so there's no reason to be hysterical about it, either. RIM's security vs. these things have mostly been through obscurity. As they start to use more common components (like, the WebKit browser engine... browsers offer such huge coverage for exploits), people will try to target it more.
    Last edited by N8ter; 09-29-11 at 10:54 AM.
    09-29-11 10:50 AM
  19. hornlovah's Avatar
    The moral of this story is do not protect your data with a simple passcode. No one will defeat AES-256 encryption at this time, but they can and will attack the encryption keys. You don�t have to memorize or key in 30+ characters of gibberish every time you unlock your phone, but you can select a passcode that contains upper and lower case letters, numbers, and special symbols. Then add some easy to type and remember words, abbreviations, phrases, etc... to add length and complexity (entropy).
    09-29-11 12:15 PM
  20. sam_b77's Avatar
    Some people do have personal stuff on their media card. Some people may have personal documents there and think that the data is safe. Lots of people prefer to put stuff on the card because the card can be salvaged if something happens to the phone. Newsflash: Many Android phones come with 16GB Internal storage, but people still put almost everything on the SD Card because of that reason alone. Phone dies? No problem. Take the card out and put it into a replacement.

    Make RIM fix the hole. Don't throw it under the rug and claim it's secure 100% when your media card is anything but secure using the proposed work-around.

    And a lot of people use Blackberries that don't have ridiculous amounts of internal storage. The last flagship bold is the 9780 and it sure as **** didn't have a ton of internal storage. Not everyone was on AT&T or Verizon to get a Torch or Storm.

    If it was an Android issue, this would be at least a *little* less laughable since those aren't used to much in the corporate sector, where this level of security is assumed to be reliable, and mostly needed.

    Apparently a fix is incoming, so there's no reason to be hysterical about it, either. RIM's security vs. these things have mostly been through obscurity. As they start to use more common components (like, the WebKit browser engine... browsers offer such huge coverage for exploits), people will try to target it more.
    Right so we should not sweep this under the rug and hang RIM for a vague security flaw, while the Androids you carry deserve accolades for having so many security leaks?? Your logic or lack thereof astounds me.
    09-29-11 12:59 PM
  21. hornlovah's Avatar
    This is not a vague security flaw, Elcomsoft has publically identified the file where the encryption key lives, and simple passcodes are very vulnerable to dictionary and brute force attacks, period. Instead of a BlackBerry vs Android security discussion, Berry owners should make the necessary changes to ensure their privacy/security needs are met. A couple of options have already been presented in this thread.

    No mobile device is a 100% secure. Another forensic software vendor, Cellebrite, has been demonstrating unreleased software that will reliably decode chip-off hex dumps of BlackBerry devices. Currently, obtaining that hex dump is a laborious process that involves specialized equipment, but it is just a matter of time before someone is able to attack those encryption keys too.
    09-29-11 02:01 PM
  22. i7guy's Avatar
    Some people do have personal stuff on their media card. Some people may have personal documents there and think that the data is safe. Lots of people prefer to put stuff on the card because the card can be salvaged if something happens to the phone. Newsflash: Many Android phones come with 16GB Internal storage, but people still put almost everything on the SD Card because of that reason alone. Phone dies? No problem. Take the card out and put it into a replacement.

    Make RIM fix the hole. Don't throw it under the rug and claim it's secure 100% when your media card is anything but secure using the proposed work-around.

    And a lot of people use Blackberries that don't have ridiculous amounts of internal storage. The last flagship bold is the 9780 and it sure as **** didn't have a ton of internal storage. Not everyone was on AT&T or Verizon to get a Torch or Storm.

    If it was an Android issue, this would be at least a *little* less laughable since those aren't used to much in the corporate sector, where this level of security is assumed to be reliable, and mostly needed.

    Apparently a fix is incoming, so there's no reason to be hysterical about it, either. RIM's security vs. these things have mostly been through obscurity. As they start to use more common components (like, the WebKit browser engine... browsers offer such huge coverage for exploits), people will try to target it more.
    This is a non-issue. RIM can't fix the hole, because you can't stop brute force attacks like this. As far as I know all encyrption/decryption algorithms can be bruted forced. The variable is how long it will take. For those users who have sensitive information appropriate best-practices have to be applied to the password to make render the brute force approach a non-issue.

    If you have very sensitive information and you put the password 'A' on your phone, this is not RIMs issue. They gave you the tools to be as secure or non-secure as you want. You can also forgo the use of the media card and keep this information within the device memory.

    Stop blaming RIM when this is not RIMs issue.
    09-29-11 02:02 PM
  23. i7guy's Avatar
    This is not a vague security flaw, Elcomsoft has publically identified the file where the encryption key lives, and simple passcodes are very vulnerable to dictionary and brute force attacks, period. Instead of a BlackBerry vs Android security discussion, Berry owners should make the necessary changes to ensure their privacy/security needs are met. A couple of options have already been presented in this thread.

    No mobile device is a 100% secure. Another forensic software vendor, Cellebrite, has been demonstrating unreleased software that will reliably decode chip-off hex dumps of BlackBerry devices. Currently, obtaining that hex dump is a laborious process that involves specialized equipment, but it is just a matter of time before someone is able to attack those encryption keys too.
    You cannot plug the cellbrite into a bb, afaik, like an iphone and gain access. Gaining access to the dm backups on your computer and media card, is a whole different ballgame than plugging a cellbrite into your phone and gaining nearly instant access.

    Not that I have any real sensistive information, but now I encrypt my dm backups and I change the password every few weeks.
    09-29-11 02:05 PM
  24. hornlovah's Avatar
    You cannot plug the cellbrite into a bb, afaik, like an iphone and gain access. Gaining access to the dm backups on your computer and media card, is a whole different ballgame than plugging a cellbrite into your phone and gaining nearly instant access.

    Not that I have any real sensistive information, but now I encrypt my dm backups and I change the password every few weeks.
    A chip off extraction usually involves removing the memory chip from the processor using a tool like a hot air gun, and then using a card reader to dump the data. Cellebrite is just developing the software to decode said dump.
    09-29-11 02:18 PM
  25. i7guy's Avatar
    A chip off extraction usually involves removing the memory chip from the processor using a tool like a hot air gun, and then using a card reader to dump the data. Cellebrite is just developing the software to decode said dump.
    Having law enforcement unceremoniously take apart your phone without a warrant would never fly.

    If the NSA wanted to get the data on my phone they can and have the means. You will never stop law enforcement from attempting to obtain data on electronic devices where it is within the law.

    What you want to prevent is drive by hackings. Law enforcement will not be able to take apart your phone at a traffic stop to obtain your information with a hot air gun.

    Nobody ever said BB was impervious, but it is really difficult to get into the phone and those who have the tools are the same people who can take your computer with a warrant and do forensic analysis.
    09-29-11 02:24 PM
107 123 ...
LINK TO POST COPIED TO CLIPBOARD