BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-02-2010, 04:24 PM   #1 (permalink)
Thumbs Must Hurt
 
camaxtli's Avatar
 
Join Date: Jul 2006
Location: Traffic
Model: 9780
OS: 5.0.0.921
PIN: a colada
Carrier: Tmobile
Posts: 157
Post Thanks: 0
Thanked 0 Times in 0 Posts
Question A Russian passcode-breaker firm exploits a weakness in RIM's encryption to crack open

Please Login to Remove!

You can no longer rely on encryption to protect a BlackBerry | Mobile device management - InfoWorld

Has anyone else seen this? If I am correct enterprise users may not be affected if a policy is set to disable off-line data backup, but what about BIS users? I wonder if there will be a fix?

In the meantime I guess I will store my backups in my ironkey.
Offline  
Old 10-02-2010, 06:20 PM   #2 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,697
Post Thanks: 15
Thanked 498 Times in 485 Posts
Default

Saw article today. The writer apparently doesn't know blackberrys. What I got out of the story is someone says they can defeat encryption of backup files. And the process takes days. So thief would first need to get possession of the backup file.
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-03-2010, 07:13 AM   #3 (permalink)
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,360
Post Thanks: 11
Thanked 69 Times in 66 Posts
Default

Normally, If you are on a BES, there is no need to manually backup your phone, because, all important data is wireless backuped on the server.

However, if you choose to make backups anyway then the article is correct, still someone has to get his hands on the files.

BIS has no wireless backup. If you need to backup your device settings, you should store them at a safe location.
But, if someone is able to remotely get access to your PC in the office, where you most likely store your backups, he has access to your mail, your files, anything, no need to hack the backup files of the BB.
Offline  
Old 10-03-2010, 10:05 AM   #4 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

How is this different then using, say, an .ipd converter program?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 10-03-2010, 01:03 PM   #5 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,697
Post Thanks: 15
Thanked 498 Times in 485 Posts
Default

Quote:
Originally Posted by juwaack68 View Post
How is this different then using, say, an .ipd converter program?
I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-03-2010, 01:19 PM   #6 (permalink)
BlackBerry Extraordinaire
 
Join Date: May 2005
Location: AZ
Model: 9900
Carrier: ATT
Posts: 1,110
Post Thanks: 0
Thanked 14 Times in 14 Posts
Default

I don't think this is a huge huge issue here. if someone can get hold of your static /local file then person could try for months to drill into it and may be some day it will be a success. thats how .zip encryption was hacked. My password is still jk$3^hjRT so I hope I am safe. it takes me a while to type my passwd on BB but I am ok with my memory and BB thumb (hurt)
I wish BB OS will allow taking backup on to its memory card so that the backup file is not lying around on your old desktop. Less chance of falling the device in wrong hands.
__________________
_____________________________
Never be silent about the things that matter, but what about Democracy? That matters too
Offline  
Old 10-06-2010, 11:59 PM   #7 (permalink)
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Z
OS: 10.2.1.12
PIN: X1ZPY34K
Carrier: VZW
Posts: 9,165
Post Thanks: 122
Thanked 146 Times in 116 Posts
Default

Quote:
Originally Posted by juwaack68 View Post
How is this different then using, say, an .ipd converter program?
That was my question too.
__________________
Report spam text messages to 7726
#BlackBerry by choice #BlacBerry 10 is here!
Offline  
Old 10-07-2010, 06:57 AM   #8 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Quote:
Originally Posted by aiharkness View Post
I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile
I'm thinking of ABCAmber Converter. Not sure if it can read encrypted files, but it can open backup files and you can read the contents of emails, text messages, address book, etc. You don't even need a password to open the file, even if you needed one to make the backup in the first place.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 10-07-2010, 03:31 PM   #9 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,697
Post Thanks: 15
Thanked 498 Times in 485 Posts
Default

From reading more reports on this story I gather the program just cracks the encrypted backup file by the brute force method of systematically trying passwords until it gets to the one that works. RIM makes it relatively easy by not following the recommended practices designed to make brute force take a really, really, really long time and not but a couple of days.

If ABCAmber can defeat an encrypted backup file, I'm even more disappointed in RIM--not to mention it would make this Russian effort not news.
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-07-2010, 11:37 PM   #10 (permalink)
Thumbs Must Hurt
 
camaxtli's Avatar
 
Join Date: Jul 2006
Location: Traffic
Model: 9780
OS: 5.0.0.921
PIN: a colada
Carrier: Tmobile
Posts: 157
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Since I was up I decided to test the abcamber converter to try to view the contents of an encrypted ipd. It didnt. Im glad.
Attached Images
File Type: jpg bbt1.JPG (64.3 KB, 23 views)
File Type: jpg bbt2.JPG (62.9 KB, 18 views)
File Type: jpg bbt3.JPG (73.7 KB, 17 views)
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.