BlackBerry backup encryption broken by Russians
Alleged flaw gives access to archive file
A Russian company that specialises in cracking tools claims it has broken the password protection used to secure data backups from BlackBerry smartphones.
According to Elcomsoft, a weakness in the way BlackBerry has implemented the apparently secure 256-bit AES encryption in its PC and Mac backup program, BlackBerry Desktop Software, makes it possible to carry out a successful password recovery attack on the backup archive with relative ease.
'Relative' in this context means breaking a 7-charcter password consisting of small letters with two capitalisation in around half an hour using an Intel Core i7 processor. More complex variations of this basic password could be broken in three days using the same hardware, the company claims, before adding that using graphics hardware such as the ATI Radeon HD5970 card would cut this considerably.
Related Articles on Techworld
“In short, standard key-derivation function, PBKDF2 [password-based key derivation function], is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one,” says Elcomsoft’s Vladimir Katalov in an explanatory blog posting.
The BlackBerry archive encryption is also carried out using the desktop or Mac PC, rather than the smartphone itself, which means that the data is exchanged in unencrypted for, Katalo adds.
What such a backup archive contains will vary from user to user, but in the case of a managed business user, will likely be all data from the BlackBerry, including contacts, email, and password settings for email and WiFi.
Almost as an aside, the company says the same software will also do the same for iPhone, iPad and iPod Touch backups, although it is clear that the possibility of attacking backups made from a device famously used by President Obama is the bigger prize.
Elcomsoft has given itself a controversial reputation with previous cracking tools, including one to derive some WiFi WPA encryption passphrases, which was, coincidentally, updated last week.