Police Say They Can Crack BlackBerry PGP Encrypted Email

schwit1 writes: Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having "military-grade security." The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices. A representative from NFI confirmed that "we are capable of obtaining encrypted data from BlackBerry PGP devices," according to a report from Motherboard. On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

There's a reason...

[tysonedwards]

It's called "Pretty Good Privacy".

Re:There's a reason...

[LichtSpektren]

PGP works great for Linux users. If I had to make a guess as to why it's not working so great for BB customers, I would just take a stab in the dark and say it's related to the fact that BB's CEO openly defends putting backdoors in phones and computers for "lawful access" by governments.

Military grade

[Crowd Computing]

PGP works great for Linux users. If I had to make a guess as to why it's not working so great for BB customers, I would just take a stab in the dark and say it's related to the fact that BB's CEO openly defends putting backdoors in phones and computers for "lawful access" by governments.

That makes it military grade in an unintended sense. If you're a general, you want the capability to monitor your drones and troops.

Re:

[TheCarp]

"Military Grade" as in "Got a Grade of A by military intelligence for sale to the public"

Re:

[Crowd Computing]

Seriously, I thought military grade meant a device won't break accidentally. If you dropped a military grade laptop while hiking, expect it to still boot up, but not if you tossed it out of a fourth-floor window. So this could be military grade for most people who don't work in military intelligence and just want some pretty good privacy.

Re:Military grade

[MightyYar]

Military grade just means it won't change for 30 years or so. :)

Re:

[Big Hairy Ian]

Military grade just means it won't change for 30 years or so. :)

Actually Military Grade means they went for the lowest tender

Re:

[Alypius]

If you're a general, you already have the key and don't need (or want) backdoors in your radios.

Re:

[AchilleTalon]

PGP works great for Linux users. If I had to make a guess as to why it's not working so great for BB customers, I would just take a stab in the dark and say it's related to the fact that BB's CEO openly defends putting backdoors in phones and computers for "lawful access" by governments.

The BB's CEO never said such a thing. He never ever talked about putting backdoors, he talked about sharing METADATA with authorities if justified and required.

Re:

[chefmonkey]

Assuming the COO is authorized to represent the company's position: 'In a talk entitled "Securing Mobility, Protecting Privacy", BlackBerry Chief Operating Officer Marty Beard told delegates that the company is a strong believer in providing law enforcement agencies with methods to lawfully intercept communications.' http://businessinsights.bitdef... [bitdefender.com]

I've never been too keen on the "with us or against us" rhetoric, but this is math, not politics: systems are either designed to be as secure as they can be, or

Re: There's a reason...

[WarJolt]

If the following assumptions are true then pgp is secure.
1. A non vulnerable encryption algorithm with adequate strength is used.
2. Private keys are only accessible on the reading device.

You can buy expensive locks and security system for your home. If you cut a hole in the wall chances are the alarm isn't going to go off.

Linux guys tend to put everything valuables in a safe hidden 2 feet underground with the sophisticated security system. Even then if police physically have access that's when the self dest

Re:

[HiThere]

There's something in what you say, but when you say "Linux guys tend to put everything valuables in a safe hidden 2 feet underground with the sophisticated security system. Even then if police physically have access that's when the self destruct kicks in." you're really talking about the OpenBSD guys.

Re:

[RockDoctor]

I thought that the OpenBSD guys used a battlefield nuke to wipe the contents of the safe on the second password error.

Re:

[Xylantiel]

I believe PGP in this context is used for end-to-end security. If you intercept the message at one end, outside the encryption, then that isn't a PGP flaw. This sounds like the application on the device is not careful with plaintexts and keys in memory, and so the data and possibly the key can be recovered from a physical device. That is completely different from decrypting intercepted data. If, on the other hand, this BB contains a hardened chip that the key is never supposed to leave and they are able

Beware of BlackBerry shills

[LichtSpektren]

BlackBerry has an intense cadre of Internet shills that likely will be defending them within about a day or two. Just watch.

For any sane person that cares about their privacy and safety, this should be the nail in the coffin for BB.

Re:

[Kardos]

Indeed. "We don't protect your privacy" is not a selling point in 2016.

Re:

[Thud457]

1. So this isn't just Blackberry handing over the keys to the BES server to law enforcement?
2. Law enforcement says "don't use Blackberry because we cracked it". Stress on the "don't use Blackberry" part ?
3. All serious jihadists use the Leapfrog Text & Learn these days.

Re:Beware of BlackBerry shills

[drew_kime]

2. Law enforcement says "don't use Blackberry because we cracked it". Stress on the "don't use Blackberry" part ?

That's what seems odd to me. Why would police disclose that they're able to do this? Isn't this the kind of capability you'd want to keep under wraps? Almost seems like they want people to avoid BB. I wonder why.

Re:Beware of BlackBerry shills

[ShanghaiBill]

Why would police disclose that they're able to do this?

The police did not make an official statement about it. The information leaked out. The ability to decrypt was implied in a court document. It may have also been a cop or two bragging to a journalist "off the record".

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AchilleTalon]

Also: This is Canada and Netherlands. Not two of the top countries in lying. (They do lie, but not as much as many others.)

How do you know? You collected some kind of stats? How do you know they are not just better liars?

Re:

[AmiMoJo]

They have no choice, it first came out in court documents that are a matter of public record. After that there is no point denying it. If they want to use it in court, they have to admit it.

Re:

[Agripa]

That's what seems odd to me. Why would police disclose that they're able to do this? Isn't this the kind of capability you'd want to keep under wraps? Almost seems like they want people to avoid BB. I wonder why.

I do not know the merits of their claim however the next best thing to breaking the encryption is to say you have broken the encryption so users move to a less secure system.

Re:

[HiThere]

That's odd. I though all serious jihadists used coded messages sent in clear text over the gaming talk channels.

(Actually, if I recall correctly, they tend to use unencrypted text and unencrypted phone messages. At least that's what reports have said appears to have happened in both Paris and New York.)

Re:

[Ravaldy]

What I've observed is that users rarely pick a device for it's security. They pick it for MP of the camera, the name, the app availability, the screen size, the storage size... But never security. Just my personal experience.

Security is an afterthought for most.

Re:

[LichtSpektren]

Clearly they have some fanboys (else, why would Crackberry exist at all), but I didn't say fanboys. I said shills. The same ones that infested the comments section of Ars Technica after they posted a negative review of the Priv.

Re: Beware of BlackBerry shills

[tysonedwards]

They have employees? Lots and lots of employees? And, Canadian Nationalism... But mostly employees.

Re:

[LichtSpektren]

Also they have haters who are either paid or do it out of personal spite.

Even Apple fanboys are more reasonable than BlackBerry haters.

Right on schedule. Does your boss really think that there's some company out there that hates BB enough to pay to hurt their online reputation, or is that just what he tells the shareholders to explain the massive drops in revenue?

Re:

[jofas]

LOL! No one cares about the Priv. Consider the N-gage as a prime example of how not to waste money staking your corporate future on bells and whistles, on one single device, or both.

Re:

[LichtSpektren]

lol ... spoken like a true apple fanboy, just sayin ...

What?

Re:

[ArcWild]

Tough statement to make on a story that is ridiculously vague......
As an OS Blackberry is FAR SUPERIOR in security to both IOS and Android, but yeah, if someone physically has access or support from the Carrier/Manufacturer, you are screwed no matter what.
This is a cheap shot at BB, nothing more, nor is the story even validated by ANYTHING

Re:

[ArcWild]

'Just Watch' Apparently BB also has a legion of pathetic 'haters' who don't understand the QNX microkernel or what actual security is..............hating for hating's sake I guess?..............LOL

Re:

[hawleyg]

What does BlackBerry need to defend here? This isn't about BlackBerry security - it's about the third party PGP apps that some have put around it according to TFA.

Gosh, I must be a shill. Go find your tinfoil hat.

Re:

[Big Hairy Ian]

I'll take your Blackberry Internet Shills and I'll raise you Apple Internet Shills

Key is forensics.

[Anonymous Coward]

They aren't cracking PGP. This came from the forensics department. By far the most likely scenario is that they're able to recover either the key from memory/flash, or the unencrypted plaintext.

Also, people still use Blackberrys?

Not necessarily

[nospam007]

Nobody said anything about 'cracking'.
They were able to 'read' the messages after hitting the user with a wrench to get the password.

Re:

[LichtSpektren]

Nobody said anything about 'cracking'. They were able to 'read' the messages after hitting the user with a wrench to get the password.

Well, if you want to be pedantic... What TFS literally says is "Police in two countries have claimed that they can read encrypted data from BlackBerry devices". I myself can also read encypted data--it reads like random white noise, but I can read it!

I doubt it

[ooloorie]

They almost certainly can't "crack PGP"; they may, however, have found flaws in the way Blackberry uses PGP. Or perhaps they are simply referring to the fact that they can intercept data as it is being decrypted on the device.

Re:I doubt it

[Rinikusu]

It wouldn't surprise me if the app saves the plaintext somewhere on the filesystem, creates an encrypted copy for mailing, and then just does a soft delete. With SSD/Flash memory write algorithms, it could be a very long time before that gets overwritten.

yep, I bet it encrypts/decrypts to storage

[raymorris]

Yeah I'd bet the code looks like this:
save(msg, temp_file)
encrypt(temp_file, encrypted)
mail(encrypted)
delete(temp_file)

Retrieving the plaintext is therefore a matter of recovering the deleted temporary file.

Re:

[DickBreath]

You forgot the step of sending the encryption key to the mother ship. That only takes a small packet or two. In fact, encryption keys could be batched together and sent to the mother ship when the phone regularly interacts with the mother ship to check for updates, etc.

Re:

[wbr1]

It wouldn't surprise me if the app saves the plaintext somewhere on the filesystem, creates an encrypted copy for mailing, and then just does a soft delete. With SSD/Flash memory write algorithms, it could be a very long time before that gets overwritten.

Incorrect. At least with SSDs (also flash memory), you cannot overwrite an existing block, it has to be erased first. To make sure writes are speedy, the firmware normally actually clear blocks immediately or are queued for rapid deletion during idle time when a file is deleted. This is in contrast to a spinning disk where the entry in the file table is deleted but the blocks remain to be overwritten (or recovered) later.

See: http://www.forensicmag.com/art... [forensicmag.com]

Re:

[Bender0x7D1]

You are correct. However, you have no idea what the firmware behavior is. For example, if the SSD is 80% unused, does it need to clear blocks? What is the logic for determining "idle time"? Is the SSD file system aware? (i.e. - Does the OS have to trigger the trim, or does the drive have enough intelligence to do it without the OS?) Also, just for fun, remember that there are people who have phones that are 5+ years old, and may use antiquated techniques for determining their behavior.

I have a recent

Re:

[Agripa]

Since written pages are part of larger blocks which have to be erased all at once, a page with discarded data may exist without being erased until either all of the pages in the block are discarded and the block is erased or used pages are copied to a new block and the old block is erased. Individual pages cannot be erased.

Re:

[castionsosa]

Even with a "hard" delete, the data can likely still be there. Especially with SSD and flash, and their wear levelling algorithms, where a sector erased and written may not be the same sector that had data on it. In theory, a TRIM should blow that away, but it may be a while before the drive's garbage collector goes and erases those pages. It would be nice to have a "secure wipe these pages now" function in the command set.

Re:

[mrchaotica]

It would be nice to have a "secure wipe these pages now" function in the command set.

If there were, I'd be worried that it would be implemented as a "flag this data as sensitive, to be uploaded to [insert TLA or manufacturer corporate espionage department] at the earliest opportunity" command instead.

"so-called BlackBerry PGP devices"

[Nutria]

So-called?

WTF with the scare phrase?

Re:

[wonkey_monkey]

Maybe it's just because no-one knows what they're actually called - the summary later calls them "PGP BlackBerrys."

Re:

[Nutria]

Maybe it's just because no-one knows what they're actually called

Someone knows what they're officially called. In fact, I'd wager that lots of people know, and that it's damned easy to find out with 10 seconds of googling.

Re:

[hankwang]

"So-called" is a literal translation of Dutch "zogenaamd". The Dutch version doesn't suggest that the speaker disagrees with whatever follows. The author meant to introduce a name that may not be familiar to the reader.

Re:

[Nutria]

Thank you.

But now we know that literal translations are sometimes a Bad Thing.

Canada

[Anonymous Coward]

What's funny is that no-one except the Government of Canada uses Blackberries (and of course, probably terrorists) ...

so what the RCMP is saying here, is that they car crack the blackberries of their fellow co-workers.

your tax dollars at work !

Not really anyhting to do with Blackberry

[Anonymous Coward]

This is a company that takes BB phones and puts their own encryption software/tools on it. This has nothing to do with BB from what I can see. How is any of this on Blackberry except for the speculation that it may or may not involve a backdoor mechanism, which is not proven and which BB has always denied.

Why?

[CimmerianX]

I'm curious as to why any agency would announce that it could read these messages publicly? The bad guys now won't use this perhaps? It's akin to the national argument over Snowden revealing the collection of phone records and everyone screaming how the bad guys will now have this info and that put everyone at risk.

Re:

[mi]

I'm curious as to why any agency would announce that it could read these messages publicly?

To spread FUD and hurt the non-cooperating device-maker commercially:

• — I'd like an iPhone.
• — Sorry, company policy is to use Blackberry for all business communications.
• — Ah, but police in two countries can crack it already, here is the link!
• — Khm, Ok, maybe it is time to revise our policy — Apple and Android devices are so hip, I myself would like one...

Whether they can actually recover t

of course they can

[hammarlund]

And so can the US government, contrary to what they say. They have been able to crack PGP since 1996 when they dropped the case against Zimmerman. At the time encryption technology was considered a munition under the Munition Control Act of 1954. When they developed the ability to crack PGP the case against Zimmerman was moot. It's never been admitted by the government, but that could be the only reason for dropping a case they had pursued for years.

Police say a lot of things

[JoeyRox]

Some of it to coerce citizen behavior, like convincing people that the encryption on their phone's isn't effective so that they wont use it.

Are they able to recover the plain text?

[mi]

If they truly had that capability, I doubt, they would've advertised it. The announcement seems intended to scare people off using Blackberries — perhaps into some other devices, which the police actually has easier time with.

"we are capable of obtaining encrypted data from BlackBerry PGP devices"

Yep, just the sort of non-committal speak one would expect from the police. It sounds like they cracked it to a layman, but does not actually say so...

And even if they can, actually, recover the text, from t

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[mi]

As this is Canada and The Netherlands, I doubt that they would do something like that.

And why do you doubt it? From police perspective, there wouldn't be anything wrong in it... Honest people, who "have nothing to hide", have nothing to fear, do they — while the crooks will be spooked...

Military grade

[fahrbot-bot]

... BlackBerry devices that are being marketed as having "military-grade security."

To be fair, Blackberry / RIM never said whose military.

Re:

[Shawn Willden]

... BlackBerry devices that are being marketed as having "military-grade security."

To be fair, Blackberry / RIM never said whose military.

Any time you encounter a product which claims "military grade" security, encryption, etc., run away. "Military grade" is a meaningless appellation, and the best case scenario is that the vendor has good security people who are frustrated by their inability to get product marketing to understand that. But that scenario is pretty unlikely. What's far more likely is that they're clueless and the product sucks.

Need details

[acoustix]

They don't say how they did it. Did they guess the user's password? Was this a BES controlled device? What model? What version of software?

As a BES admin, I'm not too concerned at this point.

Re:

[nikhilhs]

Maybe something like this?

Obligatory: https://xkcd.com/538/ [xkcd.com]

Could some of the informative posts get modded up?

[cfalcon]

I saw this summary somewhere a few days ago, and was like "whatever I don't use Blackberry and don't trust them anyway".

Then it hits here, and immediately posts point out that these are third party modifications on Blackberries that are getting cracked. That seems an important detail- the clickbait headline had just meshed with my worldview, so I was assuming this was a problem with Blackberry based on the headline.

Granted, I didn't read TFA when it was in summary before. But the fact that this really mea

Re:

[jofas]

Your line "whatever I don't use Blackberry and don't trust them anyway" precludes this article being important in either case.

Why does everyone seem to believe this.

[frovingslosh]

I'm no Blackberry fan. I would never trust the company and I sure don't use one. But I'm surprised that everyone just seems to accept the claim. I expect that if there were any secure device out there that several gub'mints would be actively telling people "oh, we can crack that", a message which comes across as "Don't use that if you want to keep your communications private" and ends up steering people to devices that the snoops really can crack. Maybe they can crack it, but if so why tell us about it? I don't have enough trust in any government to believe this blindly.

Re:

[jofas]

Does no one remember when BlackBerry caved to Iran's demand for the keys to decrypt BB devices deployed there? Happened about 5 years ago. BlackBerry is famous for cooperating with anyone who asks in matters of privacy.

Re:

[Ravaldy]

But I'm surprised that everyone just seems to accept the claim. I expect that if there were any secure device out there that several gub'mints would be actively telling people "oh, we can crack that", a message which comes across as "Don't use that if you want to keep your communications private" and ends up steering people to devices that the snoops really can crack.

Like the statement about Windows Mobile?

I keep hearing that there are no apps for Windows Mobile. This was true 3 years ago but the retail stores are still sold on that idea and won't sell you the phone they have on their shelve. I don't blame them for not selling it as there's other reason to not buy a Windows Phone but they could at least use factual information.

Re:

[LichtSpektren]

A few posters nailed it, this is a 'Fear campaign' against an OS that LEO's have never been able to penetrate. FACTS: 1. The core of the Blackberry 10 OS is QNX which is used for Aerospace/Defense systems. https://en.wikipedia.org/wiki/... [wikipedia.org] 2. The current LEO issued "Smartphone Recovery Kit" as advertised does NOT support BB, but does crack iPhone & Android Smartphones http://www.npr.org/2014/03/20/... [npr.org] 3. Not one shred of ACTUAL/PHYSICAL evidence? Just numerous 'stories' or references to vague third-parts apps... 4. While other Gov. Officials in various countries have had their communications hacked, Obama (and the last few Pres) have NEVER had their phone compromised......guess what Obama himself uses? dun..dun...dun.........BLACKBERRY http://www.zdnet.com/pictures/... [zdnet.com] I feel sorry for BB as a company, there has been a coordinated campaign for years to discredit and destroy them, granted US consumers aren't smart enough to value security and chose Free Apps/Cheap Price (Android) and Hip/Youthful (Apple) which, in a word, sucks :( THIS IS MY FIRST POST TO /. I know this is a polarizing opinion argument, but I tried to post links where possible and hope this helps clear some misconceptions! 3 Slashdot

Shill #2, right on schedule.

Uh... Duh...

[LostMyBeaver]

If there is some point or another in which the key is present on the phone, then there is likely a way to use it. The key itself being probably a 3072 bit number itself can't be brute forced or even algorithmically weakened to something meaningful. The user however doesn't type a 3072 bit key each time. The private key is stored on the phone and encrypted with a 8-10 character password which is likely based on the 70 (or so) easily typed characters on the keyboard. So, it's only necessary to weaken the ciph

As usual, examine the incentives...

[DriveDog]

It may be true, but another reason to claim such success would be to scare people away from using something they can't crack.

FUD: doesn't affect stock BlackBerry, only modded!

[Prune]

30 seconds of search showed what I expected: http://gizmodo.com/dutch-polic... [gizmodo.com]

break a series of encrypted emails held on Blackberrys modified by Canadian firm Phantom Secure

Conclusion: (a) don't get phones modified by a shady third party with government connections, and (b) don't take Slashdot summaries at face value (but we never learn that one, do we)

Re:

[TangoMargarine]

I practically read the comments section just to find out how the headline is lying to us.

Facts from the original Dutch source

[mars-nl]

The original Dutch article [misdaadnieuws.com] shows a letter [misdaadnieuws.com] from FIOD (Fiscal Information and Investigation Service) asking NFI (National Forensic Institute) to decrypt the contents of a Blackberry Curve 9320. NFI said the retrieve data from the phone using Cellebrite's UFED 4PC software [cellebrite.com] and then decrypted it using NFI's own method.

The also say the receive a NFI report that describes the case [misdaadnieuws.com] where 279 out of 325 encrypted messages on a Blackberry 9720 could be decrypted.

Re:

[CronoCloud]

No no no, it should have been something like:

"You are all cows, 512 bit DSA using Cows!" You have to make reference to the actual topic at hand like the real Cow Guy.