[Infowarrior] - Blackberry's Encryption Hacked

Fri Oct 1 14:14:40 CDT 2010

You can no longer rely on encryption to protect a BlackBerry

By InfoWorld Tech Watch
Created 2010-10-01 03:00AM

http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436

Did you think your BlackBerry [1] data was safe because it's encrypted on the phone, over the airwaves, and in its backup form? Think again.

Russian software developer ElcomSoft, which, with its Russian competitor AccentSoft, has developed effective password-cracking programs for most common desktop encryption formats, is at it again. Now, it's targeted the BlackBerry with a Phone Password Breaker that was previously limited to Apple mobile devices [2].

Like all password-cracking programs, this is a double-edged sword. On one hand, it can save your bacon if you really need the data backed up from a phone that's been stolen and remotely wiped. On the other hand, cyber criminals who get their hands on your backup now have a way to read encrypted business data. In addition, government agencies that have a good reason to read your data can dig in.

According to ElcomSoft CEO Vladimir Katalov:

All data transmitted between a BlackBerry Enterprise Server [6] and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Unique private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Even more, to secure information stored on BlackBerry smartphones, password authentication can be made mandatory through the policies of a BlackBerry Enterprise Server (default, password authentication is limited to ten attempts, after which the smartphone's wiped clean with all its contents erased). Local encryption of all data, including messages, address book and calendar entries, memos and tasks, is also provided, and can be enforced via the IT policy as well. With the supplied Password Keeper, Advanced Encryption Standard (AES) encryption allows password entries to be stored securely on the smartphone, enabling users to keep their online banking passwords, PIN codes, and financial information handy -- and secure. If that's not enough, system administrators can create and send wireless commands to remotely change BlackBerry device passwords, lock or delete information from lost or stolen BlackBerries.

Sounds pretty secure, does it? As always, there is the weakest link. With BlackBerry, the weakest link is its offline backup mechanism.

Katalov goes on to explain that backups are good because, well, they are backups. But he also says they are evil because they create a new instance of information that might be private or sensitive. Then he explains the hole in the BlackBerry backup scheme:

Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises.

In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it's BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. The Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we've been expecting BlackBerry backup protection to be at least as secure as Apple's, which turned not to be the case.

What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast -- even without GPU acceleration, we can go over millions of passwords per second.

That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.

Bottom line: If you really need to recover your BlackBerry backup and can't remember your password, there's still hope. At the same time, if you let the backup file out of your control and into the hands of an attacker, you're in deep trouble.

Source URL (retrieved on 2010-10-01 11:55AM): http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436
Links:
[1] http://www.infoworld.com/t/blackberry
[2] http://www.infoworld.com/t/ios
[3] http://www.infoworld.com/d/mobilize/mobile-security-your-smartphone-safer-your-pc-now-570?source=fssr
[4] http://www.infoworld.com/d/mobilize/blogs?source=fssr
[5] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_mobile_rpt&source=ifwelg_fssr
[6] http://www.infoworld.com/d/mobilize/infoworld-review-blackberry-enterprise-server-express-or-deluxe-428
[7] http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436?source=footer
[8] http://www.infoworld.com/?source=footer
[9] http://www.infoworld.com/blogs/infoworld-tech-watch?source=footer