[qbnkelt]

And before anyone attempts to throw a party on the news that this company has developed a software for investigators, please note the following information as to the company's partnerships, customers and activities. Hardly the same as downloading infected software into your phone.

Password recovery, forensic, forensics, system and security software from ElcomSoft : recover or reset lost or forgotten password, remove protection, unlock system

[guerllamo7]

Here is a story that talks about this claim. Basically this is not news and not really a threat to BB Security. It is just more bull**** against RIMM. Unless you have three million years to wait for the password breaker to come up with a 12 character PW.

Device Encryption: BlackBerry Backup Encryption Cracked, Claims Firm - AlertBoot Endpoint Security

Three Days to Break a Seven-Character Password?

Elcomsoft has made this claim:

What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast -- even without GPU acceleration, we can go over millions of passwords per second.
And, infoworld.com followed up with this observation:

That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.
I did the math, and the "millions of passwords per second" actually results in nearly four million password guesses per second. Applying that rate, it would take 155 days for an 8-character password, 8044 days for a 9-character password, etc.

(It was recommended quite recently that passwords should be 12-characters long; it would take 3 million years to exhaust those at a rate of 4 million passwords a second. Yowza!)

So, what to do? Well, I guess technically you could take a second encryption program, apply file encryption to the backup file, and kiss this hack away. Encryption software works; you just have to make sure it's been designed right.

BTW, I use an 8 character PW with Upper and lower case as well as numbers so someone that actually gets close enough to steal my phone (and I'm not an ***** apple prototype carrier that leaves it at a bar) so it would take 155 days to get my password. Honestly, this is not news and when I looked it up this claim has been made before. As far as transmission of BB communications there is not even a claim to be able to do this.
Have you noticed apple, microsoft or droids making the claim? No. Why? Because they can't. No phone will tell you they are not secure but they just don't have it.
It will be much easier for Blackberry to build content, which admittedly is lacking than for the wanna be turkeys to add security.
Go RIM

[katiepea]

i love the classic argument like any of this ultimately matters. if security were really a hot topic you wouldn't have people coming in here and saying " we're abandoning BES knowing that it's less secure, it's cheaper for us, and our employees don't want blackberry" security good or bad doesn't make or break a company, not to mention the fact that BB has been vulnerable to attacks for what a year? and it's still not patched.

[i7guy]

Huh this is another red herring. People who really cared about security wouldn't have a media card anyway. My media card is unencrypted and has junk on it. My device backups are encrypted since the last revelation.

Dont think corporations aren't worried about the potential for losing valuable corporate information on iPhone due to the ease of cracking throughout their security.

[hornlovah]

Just an FYI for those that use Security Password or Device Password ONLY to encrypt their BlackBerry media card: Elcomsoft has just released software that can reveal your device passcode through simple dictionary or brute force attacks against the file containing your passcode (info.mkf) on your media card. I�m a long time lurker, so hopefully someone will help me out by posting a link to today�s post on the Elcomsoft blog.

If you are using a weak passcode to protect your data, those days are long over. This would be a great time to add some entropy to your passcode, and then get back to enjoying your BlackBerry!

[i7guy]

I don't encyrpt my media card and now encrypt my dm backups. While I have no sensitive information, I also don't have any trails for any of this decryption software.

The real news will be when one can plug a cellbrite into your BB and gain instant access...