Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackBerry's Encryption Hacked; Backups Now a Risk

Posted by Soulskill on from the good-news-for-india dept.

GMGruman writes "InfoWorld blogger Martin Heller reveals that a Russian passcode-breaker developer has broken the encryption used in BlackBerry backups. That can help recover data when passwords are lost, but also gives data thieves access to a treasure trove of corporate secrets. And the developer boasts that it was easier to crack the BlackBerry encryption than it was to crack Apple's iOS."

5 of 120 comments (clear)

  1. why was it easier? by Mike+Davi+Kristopeit · · Score: 2, Insightful

    was the encryption scheme weaker, or were disgruntled RIM employees more willing to hand over the keys than disgruntled apple employees?

  2. Re:But... the playlists! by jimicus · · Score: 5, Insightful

    Probably because it was only a few years ago that there was no other serious business phone that did a half-decent job of email and had management features built right in (such as encforcing endpoint encryption and remote wiping).

    Now more-or-less every smartphone offers such features, and non-smart phones are rapidly starting to look like an endangered species. Blackberry no longer offer anything particularly special.

  3. Not just secure for today by mpfife · · Score: 2, Insightful

    This is one of the biggest things people forget about with data security and one my professors at school were constantly mindful of. Sure, 2048 bit keys and most modern cryptography is secure right now; but if you have really sensitive data - data about banking accounts, transaction records that your business depends on keeping secret for competitive reasons, voting records, etc - you need that to remain secure for the life-time of the person - or even longer. This is MUCH harder - especially if the advent of quantum computer decryption around the corner. What if all your bank transactions and records for this point up till now became as easily readable as a zip file? What if you live in a country that when the regime changes, those associated with the old regime get 'purged'? Your records are your life in such situations.

    Remember, people can be storing up all those encrypted transactions you're sending around - and when the machines are fast enough - unencrypt them years or even decades later to reveal everything you said, did, bought/sold/voted on/etc during those times. This is a perfect example of why you need to take into the account the *lifetime* sensitivity of the data your encrypting, or you could easily face serious consequences.

  4. Re:You're doing it the hard way. by TubeSteak · · Score: 2, Insightful

    You typically make your backups on your office desktop PC, and leave them there. But all the sensitive data in the backup file was already there on that same PC, in your corporate mailbox, completely unencrypted.

    Cracking a Blackberry backup file would be the hardest way to get access to that data.

    It would create the least amount of loggable activity.
    And it's much faster to copy 1 file than to dig around for XYZ # of files.

    --
    [Fuck Beta]
    o0t!
  5. Give us a break by thethibs · · Score: 2, Insightful

    Both the headline and the article are overheated.

    The "crack" requires that

    1. You have information that needs to be secured on your BB;
    2. In spite of that you've used a toy password; and
    3. The enemy has access to your backup files.

    More than a bit of a stretch.

    --
    I'm a Programmer. That's one level above Software Engineer and one level below Engineer.