RSS FeedSecurity

BlackBerry backup encryption 'broken' by Russians

Alleged flaw gives access to archive file

By | Techworld | Published 08:45,

A Russian company that specialises in cracking tools claims it has broken the password protection used to secure data backups from BlackBerry smartphones.

According to Elcomsoft, a weakness in the way BlackBerry has implemented the apparently secure 256-bit AES encryption in its PC and Mac backup program BlackBerry Desktop Software makes it possible to carry out a successful password recovery attack on the backup archive with relative ease.

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

'Relative' in this context means breaking a 7-character password consisting of small letters with two capitalisation in around half an hour using an Intel Core i7 processor. More complex variations of this basic password could be broken in three days using the same hardware, the company claims, although adding using a graphics processor such as the ATI Radeon HD5970 would cut this considerably.

“In short, standard key-derivation function, PBKDF2 [password-based key derivation function], is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one,” says Elcomsoft’s Vladimir Katalov in an explanatory blog posting.

The encryption is also carried out using the desktop or Mac PC, rather than the smartphone itself, which means that the data is exchanged in unencrypted form, Katalo adds.

What such a backup archive contains will vary from user to user, but in the case of a managed business user, will likely be all data from the BlackBerry, including contacts, email, and password settings for email and WiFi.

Almost as an aside, the company says the same software will also do the same for iPhone, iPad and iPod Touch backups, although it is clear that the possibility of attacking a device famously used by President Obama is the bigger prize.

Elcomsoft has given itself a controversial reputation with previous cracking tools, including one to derive WiFi encryption passphrases, which was updated last week.

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

Join the HP Business Answers Linkedin Community

Read the most recent discussions

Read more at the HP Business Answers Linkedin Community

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *