BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 09-29-2011, 11:03 AM   #1 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Elcomsoft breaks BB password by hacking encrypted media card

Please Login to Remove!

Read this very carefully...

ElcomSoft Recovers BlackBerry Device Passwords

It doesn't say they can hack your BB password directly from the device, but rather if your media card is encrypted using the device password. They are hacking the media card, NOT the device.

Simple answer - either don't encrypt your media card or encrypt it another way, such as device key + device password.

No need to panic. BB has not been hacked.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 09-29-2011, 11:34 AM   #2 (permalink)
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Post Thanks: 1
Thanked 5 Times in 4 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by juwaack68 View Post
No need to panic. BB has not been hacked.
It hasn't?! Encryption on the card is an OS feature. Obviously flawed is being used as an attack vector to reveal the handset's password and everything it protects. The OS, the handset, the encryption, the filesystem on the card are all made by RIM. So who's been hacked then?
Offline  
Old 09-29-2011, 11:38 AM   #3 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

The card is being hacked, not the device. Without the card being encrypted in a certain way, the hacking they are doing would not gain access to the device.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 09-29-2011, 11:47 AM   #4 (permalink)
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Post Thanks: 1
Thanked 5 Times in 4 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by juwaack68 View Post
The card is being hacked, not the device.
The card hasn't been hacked at all. The encryption on the card (a RIM product) has been attacked and that results in the handset being compromised.


Following your logic if i break into your house through a window, your premises' security is not compromised because i didn't structurally compromised the walls by breaking through the bricks of the building.
Offline  
Old 09-29-2011, 11:58 AM   #5 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by the-economist View Post
The card hasn't been hacked at all. The encryption on the card (a RIM product) has been attacked and that results in the handset being compromised.
True, this also means the DEVICE has not been 'hacked'. Without the encryption on the card (and a certain type of encryption), the card could not be attacked/hacked, either.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 09-29-2011, 12:13 PM   #6 (permalink)
New Member
 
jsconyers's Avatar
 
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,071
Post Thanks: 139
Thanked 140 Times in 121 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

My question is which device, OS, etc was hacked? Was it OS 4.x, 5, 6, 7? If it was an earlier OS, has this issue been corrected in more recent OSes?
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
Offline  
Old 09-29-2011, 12:20 PM   #7 (permalink)
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Post Thanks: 1
Thanked 5 Times in 4 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by juwaack68 View Post
True, this also means the DEVICE has not been 'hacked'.
If certain criteria is met (extremely common for users to have device password protection enabled on the card) the DEVICE is compromised. Not only that but it extends to all information stored in the handset and in the case of Blackberry Wallet could potentially compromise banking accounts and/or whatever confidential info is protected under BB Wallet.
Offline  
Old 09-29-2011, 12:23 PM   #8 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

*sigh*
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 09-29-2011, 12:32 PM   #9 (permalink)
Stuck In The '70's Mod
 
ndub33's Avatar
 
Join Date: Feb 2006
Location: The 'burbs east of Seattle.
Model: 9810
Carrier: T-Mobile
Posts: 7,599
Post Thanks: 0
Thanked 4 Times in 4 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Let's go back to the house window analogy. If you used the open bedroom window to break into my house, but I have locked the bedroom door from the outside, you ceratinly have gained access to my bedroom-but no where else in my house.
__________________
1st Step in Troubleshooting: Do you have a BlackBerry Data Plan?
2nd Step in Troubleshooting: Pull the Battery.
Offline  
Old 09-29-2011, 12:35 PM   #10 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by ndub33 View Post
Let's go back to the house window analogy. If you used the open bedroom window to break into my house, but I have locked the bedroom door from the outside, you ceratinly have gained access to my bedroom-but no where else in my house.
Bad analogy.
Recovering the device password off the media card does in fact give you access to the entire device. Once you know what the password is, the device is compromised. (Assuming you have physical possession of said device.)

Make no mistake about it... if this software does what it says it does, it's a security problem and headache that RIM is going to need to face.
The last thing they need is more bad press... so just the fact that this news is "out there", whether confirmed or not, is going to be a big deal for RIM.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 09-29-2011, 12:38 PM   #11 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

There's no disputing that getting the password from the media card gives you access to the device.

However, the 'hack' happened on the card, NOT the device. That's the difference. Either way, it's not good, but the device itself was not hacked, per say.

It's as if I locked my house, but left a key under the flower pot on the front door. A 'hack' would mean someone picked the lock to get in. However, because they found the key under the flowerpot the key was not 'hacked'. Still bad they got in the house, but how they got there is different.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 09-29-2011, 12:45 PM   #12 (permalink)
New Member
 
jsconyers's Avatar
 
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,071
Post Thanks: 139
Thanked 140 Times in 121 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

I agree with Penguin, no matter how you look at it, it is bad for RIM and their reputation for security.
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
Offline  
Old 09-29-2011, 12:50 PM   #13 (permalink)
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Post Thanks: 1
Thanked 5 Times in 4 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are RIM products.
2) The filesystem + the encryption are RIM products.
3) The feature that allows the user to protect the card using the device password is a RIM product.
4) Getting the device password via ANY possible attack vector compromises Blackberry security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a RIM flaw, juwaack wants to blame the SD card. That's a dumb magnetic medium. Never promised you or offered any kind of security protection. RIM did both.

Last edited by JSanders : 09-29-2011 at 01:32 PM.
Offline  
Old 09-29-2011, 12:59 PM   #14 (permalink)
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Z30
OS: 10.2.1.12
PIN: X1ZPY34K
Carrier: VZW
Posts: 9,169
Post Thanks: 122
Thanked 146 Times in 116 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

The vendor's website says the software works on all versions of the BlackBerry OS and all iOS devices up to 4.x. Price is reportedly $200.
__________________
Report spam text messages to 7726
#BlackBerry by choice #BlacBerry 10 is here!
Offline  
Old 09-29-2011, 01:32 PM   #15 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Yup iPhones too.


And on the BlackBerry, it can only be an alpha password either all lower or uppercase, no password with a numeral or special character or mixed case can be hacked.
Offline  
Old 09-29-2011, 01:35 PM   #16 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by the-economist View Post
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are RIM products.
2) The filesystem + the encryption are RIM products.
3) The feature that allows the user to protect the card using the device password is a RIM product.
4) Getting the device password via ANY possible attack vector compromises Blackberry security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a RIM flaw, juwaack wants to blame the SD card. That's a dumb magnetic medium. Never promised you or offered any kind of security protection. RIM did both.
@the-economist, I look at this way:

We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are Apple products.
2) The filesystem + the encryption are Apple products.
3) The feature that allows the user to protect the card using the device password is an Apple product.
4) Getting the device password via ANY possible attack vector compromises Apple security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a Apple flaw, the-economist wants to ignore this and focus only on RIM. . That's a dumb apple fan boi. Never promised you or offered any kind of security protection. Apple did both.

Works?

By the way, the-economist, Raphael gave me a message to give you.
Offline  
Old 09-29-2011, 01:52 PM   #17 (permalink)
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Post Thanks: 1
Thanked 5 Times in 4 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by JSanders View Post
@the-economist, I look at this way:

We can use analogies to describe security models until we're blue in the face. Things are rather simple though.

1) The handset + the OS are Apple products.
2) The filesystem + the encryption are Apple products.
3) The feature that allows the user to protect the card using the device password is an Apple product.
4) Getting the device password via ANY possible attack vector compromises Apple security.


From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a Apple flaw, the-economist wants to ignore this and focus only on RIM. . That's a dumb apple fan boi. Never promised you or offered any kind of security protection. Apple did both.

Works?

By the way, the-economist, Raphael gave me a message to give you.

i'm trying hard to find the word apple or any apple inc products mentioned anywhere in the thread until you started trolling...
Offline  
Old 09-29-2011, 01:53 PM   #18 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

It wasn't.
But the same software does the same does the same on the iPhone.

Don't tell me you didn't know that. You can't be that daft, can you?
Offline  
Old 09-29-2011, 02:29 PM   #19 (permalink)
EPIC MOD
 
ezrunner's Avatar
 
Join Date: Mar 2006
Location: Virginia Beach
Model: ZED10
OS: DOS 3.1
PIN: INK STICK
Carrier: Tmobile
Posts: 12,214
Post Thanks: 9
Thanked 6 Times in 6 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

So what have we learned

Use a complex password ie 8lack8eRry2081!!

and well now very difficult to obtain
__________________
ZED 10
Offline  
Old 09-29-2011, 02:35 PM   #20 (permalink)
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Z30
OS: 10.2.1.12
PIN: X1ZPY34K
Carrier: VZW
Posts: 9,169
Post Thanks: 122
Thanked 146 Times in 116 Posts
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by the-economist View Post
i'm trying hard to find the word apple or any apple inc products mentioned anywhere in the thread until you started trolling...
Anyone who clicked the link and read the page that Juwaack posted would have seen that it works on iOS. So you didn't read the link?

Also I posted that it works on iOS before JSanders posted. Did you not read that either?

The last time I checked iOS was an operating system for Apple mobile devices.
__________________
Report spam text messages to 7726
#BlackBerry by choice #BlacBerry 10 is here!
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: Elcomsoft breaks BB password by hacking encrypted media card
Thread Thread Starter Forum Replies Last Post
Fix for Media Player Not Scanning For Music, Stuck on Scan, or Constant Reboots John Clark Media Center 49 07-30-2012 01:43 PM
Media card encryption problem luc-mobile General BlackBerry Discussion 1 12-17-2010 05:02 PM
BB noob here- Problem inserting media card reclary General 8300 Series Discussion - Curve 13 05-28-2008 09:12 AM
Need help with the media card for my BB desi_doll General 8100 Series Discussion - Pearl 19 01-14-2008 02:24 PM
Locked Password disable - locked media card access debby1 General 8100 Series Discussion - Pearl 11 02-13-2007 05:06 PM





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.