BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BlackBerry In the News (http://www.blackberryforums.com/blackberry-news/)
-   -   A Russian passcode-breaker firm exploits a weakness in RIM's encryption to crack open (http://www.blackberryforums.com/blackberry-news/237240-russian-passcode-breaker-firm-exploits-weakness-rims-encryption-crack-open.html)

camaxtli 10-02-2010 04:24 PM

A Russian passcode-breaker firm exploits a weakness in RIM's encryption to crack open
 
You can no longer rely on encryption to protect a BlackBerry | Mobile device management - InfoWorld

Has anyone else seen this? If I am correct enterprise users may not be affected if a policy is set to disable off-line data backup, but what about BIS users? I wonder if there will be a fix?

In the meantime I guess I will store my backups in my ironkey. ;-)

aiharkness 10-02-2010 06:20 PM

Saw article today. The writer apparently doesn't know blackberrys. What I got out of the story is someone says they can defeat encryption of backup files. And the process takes days. So thief would first need to get possession of the backup file.
Posted via BlackBerryForums.com Mobile

nobody7290 10-03-2010 07:13 AM

Normally, If you are on a BES, there is no need to manually backup your phone, because, all important data is wireless backuped on the server.

However, if you choose to make backups anyway then the article is correct, still someone has to get his hands on the files.

BIS has no wireless backup. If you need to backup your device settings, you should store them at a safe location.
But, if someone is able to remotely get access to your PC in the office, where you most likely store your backups, he has access to your mail, your files, anything, no need to hack the backup files of the BB.

juwaack68 10-03-2010 10:05 AM

How is this different then using, say, an .ipd converter program?

aiharkness 10-03-2010 01:03 PM

Quote:

Originally Posted by juwaack68 (Post 1661082)
How is this different then using, say, an .ipd converter program?

I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile

joginder 10-03-2010 01:19 PM

I don't think this is a huge huge issue here. if someone can get hold of your static /local file then person could try for months to drill into it and may be some day it will be a success. thats how .zip encryption was hacked. My password is still jk$3^hjRT so I hope I am safe. it takes me a while to type my passwd on BB but I am ok with my memory and BB thumb (hurt)
I wish BB OS will allow taking backup on to its memory card so that the backup file is not lying around on your old desktop. Less chance of falling the device in wrong hands.

daphne 10-06-2010 11:59 PM

Quote:

Originally Posted by juwaack68 (Post 1661082)
How is this different then using, say, an .ipd converter program?

That was my question too.

juwaack68 10-07-2010 06:57 AM

Quote:

Originally Posted by aiharkness (Post 1661114)
I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile

I'm thinking of ABCAmber Converter. Not sure if it can read encrypted files, but it can open backup files and you can read the contents of emails, text messages, address book, etc. You don't even need a password to open the file, even if you needed one to make the backup in the first place.

aiharkness 10-07-2010 03:31 PM

From reading more reports on this story I gather the program just cracks the encrypted backup file by the brute force method of systematically trying passwords until it gets to the one that works. RIM makes it relatively easy by not following the recommended practices designed to make brute force take a really, really, really long time and not but a couple of days.

If ABCAmber can defeat an encrypted backup file, I'm even more disappointed in RIM--not to mention it would make this Russian effort not news.
Posted via BlackBerryForums.com Mobile

camaxtli 10-07-2010 11:37 PM

3 Attachment(s)
Since I was up I decided to test the abcamber converter to try to view the contents of an encrypted ipd. It didnt. Im glad.


All times are GMT -5. The time now is 11:26 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.