Information stored in BlackBerry devices is securely protected with an individual security password (device password). This password is requested every time the device it being turned on, or every time after a certain timeout if Security Timeout option is selected. If a password in typed incorrectly ten times in a row, all information on the BlackBerry smartphone is wiped clear, leaving no chance of subsequent recovery. This is a security feature, and one of the hallmarks of BlackBerry security model. Until today, it was commonly believed there is no way around the security password.
ElcomSoft has proven this belief wrong. If a user-selectable option to encrypt the contents of a removable media card is selected, Elcomsoft Phone Password Breaker can analyze information stored on the media card and derive the original device password without the need to use the BlackBerry device itself.
BlackBerry smartphones have an option to encrypt the contents of a removable media card, making any information stored on it only accessible to an authorized user. The encryption is disabled by default, but many users opt for enabling the extra security layer. To the contrary of this feature�s intent, those opting for extra security may be actually opening a way for investigators to overcome BlackBerry�s hallmark security feature, the device password.
When a BlackBerry user opts for the �Device Password� option to encrypt the contents of their memory card, it opens an interesting avenue for an attack. Since with this security option the media card is encrypted using the device password, it becomes possible to recover the original device password with a simple dictionary or brute-force attack.
While this method only works if the removable media card is encrypted with user selectable �Device Password� option, it�s much better than nothing. ElcomSoft estimates that about 30 per cent of all BlackBerry smartphone users opt to protect their media cards with this option, making their devices open to this attack.
Unlike with Apple iPhone, a BlackBerry
device is not required to perform the recovery.
A single file from the removable media card is all that�s needed. The password recovery rate is in the order of millions passwords per second, meaning that a fairly long 7-character password can be unlocked in less than an hour if the password consists of characters in a single case (all capital or all lower- case) characters.
Knowing the original plain-text device password, investigators can access all information stored in the original BlackBerry device, or produce a backup file for comprehensive off-line analysis.