BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 10-02-2010, 04:24 PM   #1
camaxtli
Thumbs Must Hurt
 
camaxtli's Avatar
 
Join Date: Jul 2006
Location: Traffic
Model: 9780
OS: 5.0.0.921
PIN: a colada
Carrier: Tmobile
Posts: 157
Question A Russian passcode-breaker firm exploits a weakness in RIM's encryption to crack open

Please Login to Remove!

You can no longer rely on encryption to protect a BlackBerry | Mobile device management - InfoWorld

Has anyone else seen this? If I am correct enterprise users may not be affected if a policy is set to disable off-line data backup, but what about BIS users? I wonder if there will be a fix?

In the meantime I guess I will store my backups in my ironkey.
Offline  
Old 10-02-2010, 06:20 PM   #2
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default

Saw article today. The writer apparently doesn't know blackberrys. What I got out of the story is someone says they can defeat encryption of backup files. And the process takes days. So thief would first need to get possession of the backup file.
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-03-2010, 07:13 AM   #3
nobody7290
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,381
Default

Normally, If you are on a BES, there is no need to manually backup your phone, because, all important data is wireless backuped on the server.

However, if you choose to make backups anyway then the article is correct, still someone has to get his hands on the files.

BIS has no wireless backup. If you need to backup your device settings, you should store them at a safe location.
But, if someone is able to remotely get access to your PC in the office, where you most likely store your backups, he has access to your mail, your files, anything, no need to hack the backup files of the BB.
Offline  
Old 10-03-2010, 10:05 AM   #4
juwaack68
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
Default

How is this different then using, say, an .ipd converter program?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 10-03-2010, 01:03 PM   #5
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default

Quote:
Originally Posted by juwaack68 View Post
How is this different then using, say, an .ipd converter program?
I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-03-2010, 01:19 PM   #6
joginder
BlackBerry Extraordinaire
 
Join Date: May 2005
Location: AZ
Model: Passp
Carrier: ATT
Posts: 1,123
Default

I don't think this is a huge huge issue here. if someone can get hold of your static /local file then person could try for months to drill into it and may be some day it will be a success. thats how .zip encryption was hacked. My password is still jk$3^hjRT so I hope I am safe. it takes me a while to type my passwd on BB but I am ok with my memory and BB thumb (hurt)
I wish BB OS will allow taking backup on to its memory card so that the backup file is not lying around on your old desktop. Less chance of falling the device in wrong hands.
__________________
_____________________________
Never be silent about the things that matter, but what about Democracy? That matters too
Offline  
Old 10-06-2010, 11:59 PM   #7
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default

Quote:
Originally Posted by juwaack68 View Post
How is this different then using, say, an .ipd converter program?
That was my question too.
__________________
Report spam text messages to 7726
#BlackBerry by choice
Offline  
Old 10-07-2010, 06:57 AM   #8
juwaack68
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
Default

Quote:
Originally Posted by aiharkness View Post
I don't know, but can the program you have in mind open and read an encrypted backup file?

The story at the link posted by the OP gives some technical details and makes some comparisons. A lot of it was over my head. I assume RIM would have good explanations for why it did things the way it did, but some of it makes you wonder. For example the Desktop Manager encryption algorithm makes one pass -- whatever that means, exactly -- while other products make multiple passes, which sounds better, but I have no idea.
Posted via BlackBerryForums.com Mobile
I'm thinking of ABCAmber Converter. Not sure if it can read encrypted files, but it can open backup files and you can read the contents of emails, text messages, address book, etc. You don't even need a password to open the file, even if you needed one to make the backup in the first place.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 10-07-2010, 03:31 PM   #9
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default

From reading more reports on this story I gather the program just cracks the encrypted backup file by the brute force method of systematically trying passwords until it gets to the one that works. RIM makes it relatively easy by not following the recommended practices designed to make brute force take a really, really, really long time and not but a couple of days.

If ABCAmber can defeat an encrypted backup file, I'm even more disappointed in RIM--not to mention it would make this Russian effort not news.
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-07-2010, 11:37 PM   #10
camaxtli
Thumbs Must Hurt
 
camaxtli's Avatar
 
Join Date: Jul 2006
Location: Traffic
Model: 9780
OS: 5.0.0.921
PIN: a colada
Carrier: Tmobile
Posts: 157
Default

Since I was up I decided to test the abcamber converter to try to view the contents of an encrypted ipd. It didnt. Im glad.
Attached Images
File Type: jpg bbt1.JPG (64.3 KB, 23 views)
File Type: jpg bbt2.JPG (62.9 KB, 18 views)
File Type: jpg bbt3.JPG (73.7 KB, 17 views)
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


Analog Panel AMP VOLT Current Ammeter Voltmeter Voltage Gauge 10A 50V DH-670 DC  picture

Analog Panel AMP VOLT Current Ammeter Voltmeter Voltage Gauge 10A 50V DH-670 DC

$12.99



WITRN A2L USB Voltmeter Ammeter Tester 8A 120W Mobile Phone Charging Detector picture

WITRN A2L USB Voltmeter Ammeter Tester 8A 120W Mobile Phone Charging Detector

$17.57



AC 80-260V 0-100A LCD Digital Display Volt Watt Power Meter Voltmeter Ammeter picture

AC 80-260V 0-100A LCD Digital Display Volt Watt Power Meter Voltmeter Ammeter

$22.50



USB Power Meter Tester Type-C Multimeter Voltmeter Ammeter Detector picture

USB Power Meter Tester Type-C Multimeter Voltmeter Ammeter Detector

$21.83



US Stock Analog Panel AMP Current Ammeter Meter Gauge DH-670 0-10A DC picture

US Stock Analog Panel AMP Current Ammeter Meter Gauge DH-670 0-10A DC

$13.23



DC 50uA 1mA 20mA 30A 85C1 Class 2.5 Analog Amp Panel Meter Gauge Current Ammeter picture

DC 50uA 1mA 20mA 30A 85C1 Class 2.5 Analog Amp Panel Meter Gauge Current Ammeter

$86.09







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.