BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BlackBerry and Mobile Security (http://www.blackberryforums.com/blackberry-mobile-security/)
-   -   Elcomsoft breaks BB password by hacking encrypted media card (http://www.blackberryforums.com/blackberry-mobile-security/253933-elcomsoft-breaks-bb-password-hacking-encrypted-media-card.html)

juwaack68 09-29-2011 11:03 AM

Elcomsoft breaks BB password by hacking encrypted media card
 
Read this very carefully...

ElcomSoft Recovers BlackBerry Device Passwords

It doesn't say they can hack your BB password directly from the device, but rather if your media card is encrypted using the device password. They are hacking the media card, NOT the device.

Simple answer - either don't encrypt your media card or encrypt it another way, such as device key + device password.

No need to panic. BB has not been hacked.

the-economist 09-29-2011 11:34 AM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by juwaack68 (Post 1747274)
No need to panic. BB has not been hacked.

It hasn't?! Encryption on the card is an OS feature. Obviously flawed is being used as an attack vector to reveal the handset's password and everything it protects. The OS, the handset, the encryption, the filesystem on the card are all made by RIM. So who's been hacked then? :?

juwaack68 09-29-2011 11:38 AM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
The card is being hacked, not the device. Without the card being encrypted in a certain way, the hacking they are doing would not gain access to the device.

the-economist 09-29-2011 11:47 AM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by juwaack68 (Post 1747281)
The card is being hacked, not the device.

The card hasn't been hacked at all. The encryption on the card (a RIM product) has been attacked and that results in the handset being compromised.


Following your logic if i break into your house through a window, your premises' security is not compromised because i didn't structurally compromised the walls by breaking through the bricks of the building.

juwaack68 09-29-2011 11:58 AM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by the-economist (Post 1747283)
The card hasn't been hacked at all. The encryption on the card (a RIM product) has been attacked and that results in the handset being compromised.

True, this also means the DEVICE has not been 'hacked'. Without the encryption on the card (and a certain type of encryption), the card could not be attacked/hacked, either.

jsconyers 09-29-2011 12:13 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
My question is which device, OS, etc was hacked? Was it OS 4.x, 5, 6, 7? If it was an earlier OS, has this issue been corrected in more recent OSes?

the-economist 09-29-2011 12:20 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by juwaack68 (Post 1747284)
True, this also means the DEVICE has not been 'hacked'.

If certain criteria is met (extremely common for users to have device password protection enabled on the card) the DEVICE is compromised. Not only that but it extends to all information stored in the handset and in the case of Blackberry Wallet could potentially compromise banking accounts and/or whatever confidential info is protected under BB Wallet.

juwaack68 09-29-2011 12:23 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
*sigh*

ndub33 09-29-2011 12:32 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Let's go back to the house window analogy. If you used the open bedroom window to break into my house, but I have locked the bedroom door from the outside, you ceratinly have gained access to my bedroom-but no where else in my house.

penguin3107 09-29-2011 12:35 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by ndub33 (Post 1747292)
Let's go back to the house window analogy. If you used the open bedroom window to break into my house, but I have locked the bedroom door from the outside, you ceratinly have gained access to my bedroom-but no where else in my house.

Bad analogy.
Recovering the device password off the media card does in fact give you access to the entire device. Once you know what the password is, the device is compromised. (Assuming you have physical possession of said device.)

Make no mistake about it... if this software does what it says it does, it's a security problem and headache that RIM is going to need to face.
The last thing they need is more bad press... so just the fact that this news is "out there", whether confirmed or not, is going to be a big deal for RIM.

juwaack68 09-29-2011 12:38 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
There's no disputing that getting the password from the media card gives you access to the device.

However, the 'hack' happened on the card, NOT the device. That's the difference. Either way, it's not good, but the device itself was not hacked, per say.

It's as if I locked my house, but left a key under the flower pot on the front door. A 'hack' would mean someone picked the lock to get in. However, because they found the key under the flowerpot the key was not 'hacked'. Still bad they got in the house, but how they got there is different.

jsconyers 09-29-2011 12:45 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
I agree with Penguin, no matter how you look at it, it is bad for RIM and their reputation for security.

the-economist 09-29-2011 12:50 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are RIM products.
2) The filesystem + the encryption are RIM products.
3) The feature that allows the user to protect the card using the device password is a RIM product.
4) Getting the device password via ANY possible attack vector compromises Blackberry security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a RIM flaw, juwaack wants to blame the SD card. That's a dumb magnetic medium. Never promised you or offered any kind of security protection. RIM did both.

daphne 09-29-2011 12:59 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
The vendor's website says the software works on all versions of the BlackBerry OS and all iOS devices up to 4.x. Price is reportedly $200.

JSanders 09-29-2011 01:32 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Yup iPhones too.


And on the BlackBerry, it can only be an alpha password either all lower or uppercase, no password with a numeral or special character or mixed case can be hacked.

JSanders 09-29-2011 01:35 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by the-economist (Post 1747296)
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are RIM products.
2) The filesystem + the encryption are RIM products.
3) The feature that allows the user to protect the card using the device password is a RIM product.
4) Getting the device password via ANY possible attack vector compromises Blackberry security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a RIM flaw, juwaack wants to blame the SD card. That's a dumb magnetic medium. Never promised you or offered any kind of security protection. RIM did both.

@the-economist, I look at this way:

We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are Apple products.
2) The filesystem + the encryption are Apple products.
3) The feature that allows the user to protect the card using the device password is an Apple product.
4) Getting the device password via ANY possible attack vector compromises Apple security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a Apple flaw, the-economist wants to ignore this and focus only on RIM. . That's a dumb apple fan boi. Never promised you or offered any kind of security protection. Apple did both.

Works?

By the way, the-economist, Raphael gave me a message to give you.

the-economist 09-29-2011 01:52 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by JSanders (Post 1747302)
@the-economist, I look at this way:

We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are Apple products.
2) The filesystem + the encryption are Apple products.
3) The feature that allows the user to protect the card using the device password is an Apple product.
4) Getting the device password via ANY possible attack vector compromises Apple security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a Apple flaw, the-economist wants to ignore this and focus only on RIM. . That's a dumb apple fan boi. Never promised you or offered any kind of security protection. Apple did both.

Works?

By the way, the-economist, Raphael gave me a message to give you.


i'm trying hard to find the word apple or any apple inc products mentioned anywhere in the thread until you started trolling... :?

JSanders 09-29-2011 01:53 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
It wasn't.
But the same software does the same does the same on the iPhone.

Don't tell me you didn't know that. You can't be that daft, can you?

ezrunner 09-29-2011 02:29 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
So what have we learned

Use a complex password ie 8lack8eRry2081!!

and well now very difficult to obtain

daphne 09-29-2011 02:35 PM

Re: Elcomsoft breaks BB password by hacking encrypted media card
 
Quote:

Originally Posted by the-economist (Post 1747304)
i'm trying hard to find the word apple or any apple inc products mentioned anywhere in the thread until you started trolling... :?

Anyone who clicked the link and read the page that Juwaack posted would have seen that it works on iOS. So you didn't read the link?

Also I posted that it works on iOS before JSanders posted. Did you not read that either?

The last time I checked iOS was an operating system for Apple mobile devices.


All times are GMT -5. The time now is 09:56 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.