A Russian passcode-breaker firm exploits a weakness in RIM's encryption to crack open
You can no longer rely on encryption to protect a BlackBerry | Mobile device management - InfoWorld
Has anyone else seen this? If I am correct enterprise users may not be affected if a policy is set to disable off-line data backup, but what about BIS users? I wonder if there will be a fix? In the meantime I guess I will store my backups in my ironkey. ;-) |
Saw article today. The writer apparently doesn't know blackberrys. What I got out of the story is someone says they can defeat encryption of backup files. And the process takes days. So thief would first need to get possession of the backup file.
Posted via BlackBerryForums.com Mobile |
Normally, If you are on a BES, there is no need to manually backup your phone, because, all important data is wireless backuped on the server.
However, if you choose to make backups anyway then the article is correct, still someone has to get his hands on the files. BIS has no wireless backup. If you need to backup your device settings, you should store them at a safe location. But, if someone is able to remotely get access to your PC in the office, where you most likely store your backups, he has access to your mail, your files, anything, no need to hack the backup files of the BB. |
How is this different then using, say, an .ipd converter program?
|
Quote:
The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea. Posted via BlackBerryForums.com Mobile |
I don't think this is a huge huge issue here. if someone can get hold of your static /local file then person could try for months to drill into it and may be some day it will be a success. thats how .zip encryption was hacked. My password is still jk$3^hjRT so I hope I am safe. it takes me a while to type my passwd on BB but I am ok with my memory and BB thumb (hurt)
I wish BB OS will allow taking backup on to its memory card so that the backup file is not lying around on your old desktop. Less chance of falling the device in wrong hands. |
Quote:
|
Quote:
|
From reading more reports on this story I gather the program just cracks the encrypted backup file by the brute force method of systematically trying passwords until it gets to the one that works. RIM makes it relatively easy by not following the recommended practices designed to make brute force take a really, really, really long time and not but a couple of days.
If ABCAmber can defeat an encrypted backup file, I'm even more disappointed in RIM--not to mention it would make this Russian effort not news. Posted via BlackBerryForums.com Mobile |
3 Attachment(s)
Since I was up I decided to test the abcamber converter to try to view the contents of an encrypted ipd. It didnt. Im glad.
|
All times are GMT -5. The time now is 08:58 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.