A Russian passcode-breaker firm exploits a weakness in RIM's encryption to crack open
 

You can no longer rely on encryption to protect a BlackBerry | Mobile device management - InfoWorld

Has anyone else seen this? If I am correct enterprise users may not be affected if a policy is set to disable off-line data backup, but what about BIS users? I wonder if there will be a fix?

In the meantime I guess I will store my backups in my ironkey. ;-)

Saw article today. The writer apparently doesn't know blackberrys. What I got out of the story is someone says they can defeat encryption of backup files. And the process takes days. So thief would first need to get possession of the backup file.
Posted via BlackBerryForums.com Mobile

Normally, If you are on a BES, there is no need to manually backup your phone, because, all important data is wireless backuped on the server.

However, if you choose to make backups anyway then the article is correct, still someone has to get his hands on the files.

BIS has no wireless backup. If you need to backup your device settings, you should store them at a safe location.
But, if someone is able to remotely get access to your PC in the office, where you most likely store your backups, he has access to your mail, your files, anything, no need to hack the backup files of the BB.

How is this different then using, say, an .ipd converter program?

I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile

I don't think this is a huge huge issue here. if someone can get hold of your static /local file then person could try for months to drill into it and may be some day it will be a success. thats how .zip encryption was hacked. My password is still jk$3^hjRT so I hope I am safe. it takes me a while to type my passwd on BB but I am ok with my memory and BB thumb (hurt)
I wish BB OS will allow taking backup on to its memory card so that the backup file is not lying around on your old desktop. Less chance of falling the device in wrong hands.

That was my question too.

I'm thinking of ABCAmber Converter. Not sure if it can read encrypted files, but it can open backup files and you can read the contents of emails, text messages, address book, etc. You don't even need a password to open the file, even if you needed one to make the backup in the first place.

From reading more reports on this story I gather the program just cracks the encrypted backup file by the brute force method of systematically trying passwords until it gets to the one that works. RIM makes it relatively easy by not following the recommended practices designed to make brute force take a really, really, really long time and not but a couple of days.

If ABCAmber can defeat an encrypted backup file, I'm even more disappointed in RIM--not to mention it would make this Russian effort not news.
Posted via BlackBerryForums.com Mobile

Since I was up I decided to test the abcamber converter to try to view the contents of an encrypted ipd. It didnt. Im glad.