Forgot your password?
typodupeerror
Encryption Security

BlackBerry's Encryption Hacked; Backups Now a Risk 120

Posted by Soulskill
from the good-news-for-india dept.
GMGruman writes "InfoWorld blogger Martin Heller reveals that a Russian passcode-breaker developer has broken the encryption used in BlackBerry backups. That can help recover data when passwords are lost, but also gives data thieves access to a treasure trove of corporate secrets. And the developer boasts that it was easier to crack the BlackBerry encryption than it was to crack Apple's iOS."
This discussion has been archived. No new comments can be posted.

BlackBerry's Encryption Hacked; Backups Now a Risk

Comments Filter:
  • by Kenja (541830) on Friday October 01, 2010 @12:54PM (#33761170)
    Notice how the blackberry adds have shifted from being about business apps and security to how cool it is that you can edit a MP3 playlist.

    Whole thing smacks of desperation.
    • by MyLongNickName (822545) on Friday October 01, 2010 @01:03PM (#33761368) Journal

      Notice how the blackberry adds

      Adding is easier than factoring primes. This might have something to do with the security problem.

    • by jimicus (737525) on Friday October 01, 2010 @01:07PM (#33761446)

      Probably because it was only a few years ago that there was no other serious business phone that did a half-decent job of email and had management features built right in (such as encforcing endpoint encryption and remote wiping).

      Now more-or-less every smartphone offers such features, and non-smart phones are rapidly starting to look like an endangered species. Blackberry no longer offer anything particularly special.

      • Re: (Score:1, Informative)

        by Anonymous Coward

        Ahhhhh I wouldn't say that necessarily. Flash? Remote Desktop to a Linux tower or server? Enterprise server?

        Yes, that may not entice the "average" user, whatever that happens to be, may not see the need for such things, but that is why there are options.

        I love my Blackberry. I put my professors' powerpoints and my notes on it to study wherever I'm at. I have it set up to run my tower at home. I use it as a USB mass storage device as well, so I don't have to worry about forgetting my USB drive at home. T

        • by Bert64 (520050)

          The iphone has remote desktop, vnc and ssh clients, as do android phones, they also have voip clients which blackberry handsets seem to be severely lacking and which are great for business use, if your physically in the office and within wireless range calls are routed over that, otherwise they are routed over your cell service.

          BES runs on windows (which is not free) and requires a corporate groupware setup such as exchange, notes or groupwise, none of which are free.

          Other phones now offer many of the same

        • by Bert64 (520050)

          I don't understand how you can claim blackberry is for power users, you have a closed proprietary platform tied to a closed proprietary service and requires you to run another closed proprietary server... You get far more flexibility from android, and even from iOS once you jailbreak it.

          Blackberry is aimed at business users who have very limited requirements, quite the opposite of a power user.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        How the hell is this "insightful?"

        Wake me up when Apple provides end-to-end encryption for e-mails. Oh that's right: they don't. That's why you don't see India or any other 3rd world country threatening to "shut off" iPhones. BBM isn't simply a stupid e-mail application accessing a POP3 server someplace.

        The iPhone is great for people who are distracted by shiny things. But don't fool yourself into thinking what RIM is doing is "nothing special."

        In addition, the summary is bogus. RIM's encryption has

        • by h4rr4r (612664)

          I am pretty sure you could get that with imap over ssl on an iphone.

        • by Bert64 (520050)

          The iphone supports SSL for IMAP, POP3 and SMTP... It also supports SSL for Activesync.
          There is also support for establishing a VPN connection.

          Sure, Apple don't mandate the use of a proprietary service and give you the option to use plain unencrypted imap/pop3 if you want to.

          What RIM are doing is locking users in to their proprietary service and proprietary server, android and ios based phones will talk to any number of standards compliant servers from a multitude of different sources with or without encryp

    • Re: (Score:3, Interesting)

      by gstoddart (321705)

      Notice how the blackberry adds have shifted from being about business apps and security to how cool it is that you can edit a MP3 playlist.

      Whole thing smacks of desperation.

      Well, initially the Black Berry was a corporate device. Then a lot of consumers decided they want one so they could do messaging and email.

      However, Apple and other manufacturers have been making smart phones which have way more consumer features than business and have been correspondingly taking a lot of market share away from RIM. In

      • by grub (11606) *

        I'd say that they're getting very desperate. Like 'em or hate 'em, the iPhone and its ilk have become hugely popular for non business users -- arguably, a much larger market.

        Even for business users.

        I've heard of many places opening up their email/calendar/directory (or Exchange) servers to iPhones and the like. Many users don't want to carry around two devices which perform the same functions.

        At our place we have a How To for iPhone users but don't support beyond that. Company-supplied Blackberries
        • by cjb658 (1235986)

          One of the companies I work for recently switched all employees over to iPhones because it was cheaper (and easier) to buy new phones than to buy a BES server.

        • Business users identify with luxury goods. There's a crossover point between cool, high tech, trendy and luxury goods that attracts business people. The iPhone is seen as high end, and this naturally draws in business people.

      • by nullifi (1085947)
        My Android phone displays PowerPoint just fine thanks to Documents to Go. I'm fairly positive that they iPhone version as well..
        • by gstoddart (321705)

          My Android phone displays PowerPoint just fine thanks to Documents to Go. I'm fairly positive that they iPhone version as well..

          I didn't mean to imply you couldn't do that, hence the smiley face ... I was more sniping a little at the whole "PC vs Mac" joke and how people use the devices.

          Many of the people buying smartphones specifically didn't want to do "business" activities. It is Facebook and Twitter and YouTube, not spreadsheets and concalls. The things like editing playlists was more important to the

        • by k_187 (61692)
          This won't last long. RIM bought Documents to go not too long ago. http://www.pcworld.com/businesscenter/article/205025/rim_buys_documents_to_go_but_microsoft_missed_out.html [pcworld.com]
      • by afidel (530433)
        RIM's sales are growing faster than Apple's (+4.5M vs +3.4M year over year growth for the second quarter). They're just growing slower in percentage terms since RIM had such a large number of units shipped all along. Android is growing mostly at the cost of Symbian.
    • Re: (Score:3, Funny)

      by noidentity (188756)

      Notice how the blackberry adds have shifted from being about business apps and security to how cool it is that you can edit a MP3 playlist.

      pYou know you're a geek when you read the above sentence and first think it's describing the encryption algorithm that was hacked (add, shift).

    • This is a very informative write, wow. Great job man. Cell Phone Spy [cellphonespyreviews.net]
  • Simple solution (Score:5, Interesting)

    by Prune (557140) on Friday October 01, 2010 @12:54PM (#33761174)
    Back up to a non-encrypted IPD file and put it into a TrueCrypt volume--or better yet, don't back up to an insecure machine! This story would have been much more newsworthy if they had broken the actual phone's encryption, AES and elliptic curve D-H.
    • Re:Simple solution (Score:5, Interesting)

      by mlts (1038732) * on Friday October 01, 2010 @01:16PM (#33761632)

      It is still a hole though, and one that is completely preventable. Most serious crypto products around uses key strengthening, be it KeePass with its variable number of rounds that are user selectable, TrueCrypt with its 1000 rounds, or iOS 4's 10,000 rounds. Heck, even the venerable crypt(3) mechanism had a number of rounds to slow down people running Crack over 20 years ago back before passwords were stored in /etc/shadow.

      How can this be fixed? Use a reasonable amount of rounds (enough so it slows down brute forcing, but not too many that it kills day to day normal operation.) Also, use a salt, so rainbow table pre-computation of keys is impossible.

      In the meantime, the parent poster probably has the best solution. For maximum security, add a cryptographic token and store a TC keyfile on that. This way, if someone tries to brute force the token's passphrase, they have 3-20 tries before the token permanently fries itself.

      • Re: (Score:3, Informative)

        by blueg3 (192743)

        PBKDF2, which the BlackBerry backups use, always uses a salt. One round is a joke, though. The 4096 rounds of WPA aren't really sufficient, and the 1000 rounds of FileVault are really a mistake.

        • by mlts (1038732) *

          What would be ideal is functionality that KeePass has. It has the option to scale the amount of rounds to one second of your hardware's CPU time with the ability to edit the rounds up and down to preference. For BB users who don't want this detail, this can be a semi-hidden option and the device can compute how many rounds it does to suck up a second or two of CPU times automatically.

          It is understandable why TrueCrypt doesn't do this (because it has to guess a number of times with various combinations of

  • was the encryption scheme weaker, or were disgruntled RIM employees more willing to hand over the keys than disgruntled apple employees?
    • by apparently (756613) on Friday October 01, 2010 @01:15PM (#33761612)

      Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises. In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one.

      If only the article had the above information on page 2, you'd have the answer to your question. If only.

    • by AHuxley (892839)
      NSA, GCHQ like to read too? Old cryto in the worlds marketplace was 'open' why would this generation be any different?
      What makes this generation so 'smart' and 'unique' when faced with a few simple solution when getting into telco work.
      Open to a select few gov's or you are not a telco...
      Or good crypto is expensive and made the device seem laggy during testing ..
  • Solution - no more backups!
    • But then access to a Wintel box is trivial these days, especially with Adobe helping out.

      I administer 130 blackberrys and there isn't an IPD file in the entire outfit - that's what BES and its backups are for.

  • by Suki I (1546431) on Friday October 01, 2010 @01:11PM (#33761512) Homepage Journal
    Does this solve that encryption complaint the UAE, Saudis and others had about Blackberry?
    • no since, only the backups encryption is broken, and it still takes 3 days to crack a 7 mixed case password
  • by blueg3 (192743) on Friday October 01, 2010 @01:19PM (#33761692)

    The encryption itself is just fine (at least, for now). While it's interesting that the data is transmitted in the clear and then encrypted by the backup software, they don't propose exploiting this (which would be an inconvenient attack).

    This is simply a brute-force password cracker that's specific to BlackBerry backups. It's not particularly specific, either, as the backups are encrypted with AES and the key is derived from a password using the standard PBKDF2. There are tons of PBKDF2-crackers out there (like coWPAtty). The surprising thing is that they only use single-iteration PBKDF2, which is a joke.

    This, incidentally, is what is meant by the statement in TFS that cracking BlackBerry backup passwords is easier than cracking iOS passwords. Difficulty in password cracking (amount of computational time per password) for PBKDF2 is roughly proportional to the number of iterations. IIRC, WPA uses 4096, Apple's FileVault uses 1000, and BlackBerry backups apparently use 1.

  • So, if I read the article correctly, it hasn't been hacked so much as improperly implemented on blackberry's part. Honestly, the title made me think AES had been cracked which... yeah, that would be bad.
  • by BoRegardless (721219) on Friday October 01, 2010 @01:20PM (#33761706)
    RIM headquarters.
  • by McGregorMortis (536146) on Friday October 01, 2010 @01:22PM (#33761758)

    This "weakness" seems a little silly.

    You typically make your backups on your office desktop PC, and leave them there. But all the sensitive data in the backup file was already there on that same PC, in your corporate mailbox, completely unencrypted.

    Cracking a Blackberry backup file would be the hardest way to get access to that data.

    • Re: (Score:3, Insightful)

      by TubeSteak (669689)

      You typically make your backups on your office desktop PC, and leave them there. But all the sensitive data in the backup file was already there on that same PC, in your corporate mailbox, completely unencrypted.

      Cracking a Blackberry backup file would be the hardest way to get access to that data.

      It would create the least amount of loggable activity.
      And it's much faster to copy 1 file than to dig around for XYZ # of files.

  • by RegTooLate (1135209) on Friday October 01, 2010 @01:37PM (#33762032)
    The NSA announced today that they are offering secured online backup for all Blackberry users. RIMM responded saying they were surprised how quickly the DNS poison spread but wish the NSA well in their user friendly backup service. Many Middle East governments are also now offering the easy secure backup service as well.
  • Soooo, the spat between UAE, Saudi, India and Blackberry is now moot...
  • ...it's just full of 200 fart apps anyway. [slashdot.org]
  • Why not just use the encryption based on gpg or some other existing open source encryption method? Anytime you give a bunch of programmers a chance to reinvent the wheel, you need to go through the exact same evolutionary process that the existing wheels went through. So why is it that companies keep doing so and ending up shooting themselves in the foot?
    • by blueg3 (192743)

      They don't. They use industry-standard algorithms, and the encryption itself wasn't compromised.

      • by Bert64 (520050)

        They implemented perfectly good encryption in a flawed way, you don't just need industry standard algorithms, you need to be able to verify that they are implemented correctly.

        • by blueg3 (192743)

          They're implemented fine. They chose a particularly poor value for one of the parameters. Your implementation of PBKDF2 is the same regardless of the number of rounds; number of rounds is simply a parameter.

          • by Bert64 (520050)

            Choosing defaults values for parameters are done at the implementation stage, especially if those parameters are not modifiable by the user later.

  • instead of calling them backups shouldnt they be called BLACKUPS?
  • How long after the code was given to the Indian government that now it is in the wild with all sorts of hacks,
    atleast we know who we can point the finger at, and hopefully learn from this, that in future when they ask for code,
    just say "NO, dat is not vedy vedy nise!"

  • In Soviet Russia, passcodes break YOU.
  • This is one of the biggest things people forget about with data security and one my professors at school were constantly mindful of. Sure, 2048 bit keys and most modern cryptography is secure right now; but if you have really sensitive data - data about banking accounts, transaction records that your business depends on keeping secret for competitive reasons, voting records, etc - you need that to remain secure for the life-time of the person - or even longer. This is MUCH harder - especially if the adven
  • RIM has been under pressure to open up backdoors for its user data to governments. This is against its official policy and promise. If it does not comply, it risks losing business in foreign markets. Now it can do so more easily because it's already leak^^^^hacked.

  • by ratboy666 (104074) <fred_weigel.hotmail@com> on Friday October 01, 2010 @02:55PM (#33763392) Homepage Journal

    So, it takes 3 days to crack the 7 character password. Adding 8 characters to the set (say, !@#$%^&*) would then increase that 3 days to...
      2^21 more effort. Or, roughly 3 to 4 million days. Seems from the discussion that elcomsoft was able to brute force quickly (millions of passwords per second).

    Add a few more characters and the effort to brute-force the thing goes up... exponentially. Unless, of course, elcomsoft has actually "cracked" the encryption, and not simply reduced the time to try a key.

    What I would warn about is my "usual" advice for password generation (optional random character) word (optional random character) word (optional random character), because, as far as I can tell, that can be now be broken by elcomsoft in 2 to 3 days (assuming they know that this is the pattern used, which we have to).

    Very curious to see a review of this (before panic sets in).

    ratboy666

    • by MtHuurne (602934)
      If you would add 7 random characters from the set !@#$%^&* to the existing 7-letter password, it would take 8^7 = 2^21 times the effort to crack it. However, if you switch from a 52-character set (mixed case letters) to a 60-character set, it only takes (60/52)^7 times as long, which is about 2.7 times.
      • by ratboy666 (104074)

        Why? Isn't the entropy increase the same? Should that not be (60-52)^7?

        • by MtHuurne (602934)

          If that were the case, increasing the alphabet by 1 would have no effect since (53-52)^7 = 1.

          The number of different 7-character passwords using a 52-character alphabet is 52^7, while using a 60-character alphabet it is 60^7: an increase by a factor of 60^7/52^7 = (60/52)^7.

  • >Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. The Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data.

    The article says that but I was under the impression that the iPhone encryption was worthless because it never lets you access data in an encrypted format. What I mean is there was a race condition where you could have an iPhone plugged into a computer and turned off and when you turn the pho
  • Give us a break (Score:3, Insightful)

    by thethibs (882667) on Friday October 01, 2010 @04:27PM (#33764562) Homepage

    Both the headline and the article are overheated.

    The "crack" requires that

    1. You have information that needs to be secured on your BB;
    2. In spite of that you've used a toy password; and
    3. The enemy has access to your backup files.

    More than a bit of a stretch.

Brain off-line, please wait.

Working...