Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

BlackBerry backup encryption broken by Russians

Alleged flaw gives access to archive file

Article comments

A Russian company that specialises in cracking tools claims it has broken the password protection used to secure data backups from BlackBerry smartphones.

According to Elcomsoft, a weakness in the way BlackBerry has implemented the apparently secure 256-bit AES encryption in its PC and Mac backup program, BlackBerry Desktop Software, makes it possible to carry out a successful password recovery attack on the backup archive with relative ease.

'Relative' in this context means breaking a 7-charcter password consisting of small letters with two capitalisation in around half an hour using an Intel Core i7 processor. More complex variations of this basic password could be broken in three days using the same hardware, the company claims, before adding that using graphics hardware such as the ATI Radeon HD5970 card would cut this considerably.

“In short, standard key-derivation function, PBKDF2 [password-based key derivation function], is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one,” says Elcomsoft’s Vladimir Katalov in an explanatory blog posting.

The BlackBerry archive encryption is also carried out using the desktop or Mac PC, rather than the smartphone itself, which means that the data is exchanged in unencrypted for, Katalo adds.

What such a backup archive contains will vary from user to user, but in the case of a managed business user, will likely be all data from the BlackBerry, including contacts, email, and password settings for email and WiFi.

Almost as an aside, the company says the same software will also do the same for iPhone, iPad and iPod Touch backups, although it is clear that the possibility of attacking backups made from a device famously used by President Obama is the bigger prize.

Elcomsoft has given itself a controversial reputation with previous cracking tools, including one to derive some WiFi WPA encryption passphrases, which was, coincidentally, updated last week.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *