BlackBerry's Encryption Hacked; Backups Now a Risk

← Back to Stories (view on slashdot.org)

BlackBerry's Encryption Hacked; Backups Now a Risk

Posted by Soulskill on Friday October 1, 2010 @04:51AM from the good-news-for-india dept.

GMGruman writes "InfoWorld blogger Martin Heller reveals that a Russian passcode-breaker developer has broken the encryption used in BlackBerry backups. That can help recover data when passwords are lost, but also gives data thieves access to a treasure trove of corporate secrets. And the developer boasts that it was easier to crack the BlackBerry encryption than it was to crack Apple's iOS."

27 of 120 comments (clear)

But... the playlists! by Kenja · 2010-10-01 04:54 · Score: 4, Funny

Notice how the blackberry adds have shifted from being about business apps and security to how cool it is that you can edit a MP3 playlist.

Whole thing smacks of desperation.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
1. Re:But... the playlists! by MyLongNickName · 2010-10-01 05:03 · Score: 3, Funny
  
  Notice how the blackberry adds
  Adding is easier than factoring primes. This might have something to do with the security problem.
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
2. Re:But... the playlists! by MyLongNickName · 2010-10-01 05:05 · Score: 3, Funny
  
  Damn. I hit submit. I cannot believe I said "factoring primes". I considered playing it off like it was pat of the joke, but that would just be dishonest.
  Please revoke my nerd card and send me to business school.
  (here is hoping my x minutes since last post allows me to correct myself before I get ripped by 350 nerds)
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
3. Re:But... the playlists! by jimicus · 2010-10-01 05:07 · Score: 5, Insightful
  
  Probably because it was only a few years ago that there was no other serious business phone that did a half-decent job of email and had management features built right in (such as encforcing endpoint encryption and remote wiping).
  Now more-or-less every smartphone offers such features, and non-smart phones are rapidly starting to look like an endangered species. Blackberry no longer offer anything particularly special.
4. Re:But... the playlists! by BobNET · 2010-10-01 05:15 · Score: 4, Funny
  
  I cannot believe I said "factoring primes".
  Hi, Bill!
  "The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers."
  -- Bill Gates, 'The Road Ahead'
5. Re:But... the playlists! by gstoddart · 2010-10-01 05:18 · Score: 2, Interesting
  
  Notice how the blackberry adds have shifted from being about business apps and security to how cool it is that you can edit a MP3 playlist.
  Whole thing smacks of desperation.
  Well, initially the Black Berry was a corporate device. Then a lot of consumers decided they want one so they could do messaging and email.
  However, Apple and other manufacturers have been making smart phones which have way more consumer features than business and have been correspondingly taking a lot of market share away from RIM. In fact, I heard analysts saying the other week that while sales of BlackBerries are growing, they're not growing as fast as Apple and Android phones are. So, their corresponding market share is decreasing even while their sales are increasing -- they're just not increasing as fast as the rest of the market.
  I'd say that they're getting very desperate. Like 'em or hate 'em, the iPhone and its ilk have become hugely popular for non business users -- arguably, a much larger market.
  Of course, if you want to schedule a meeting or use powerpoint, get a Black Berry (or a PC ;-).
  
  --
  Lost at C:>. Found at C.
6. Re:But... the playlists! by treeves · 2010-10-01 05:26 · Score: 4, Funny
  
  Well, it's true: adding IS easier than factoring primes. It's also easier than dividing by zero, trisecting an angle with a compass and straightedge, and calculating the last digit of pi.
  
  --
  ...the future crusty old bastards are already drinking the Kool-Aid.
7. Re:But... the playlists! by noidentity · 2010-10-01 06:03 · Score: 2, Funny
  
  Notice how the blackberry adds have shifted from being about business apps and security to how cool it is that you can edit a MP3 playlist.
  
  pYou know you're a geek when you read the above sentence and first think it's describing the encryption algorithm that was hacked (add, shift).
8. Re:But... the playlists! by AliasMarlowe · 2010-10-01 07:34 · Score: 5, Funny
  
  The last digit of pi is "7". You can take my word for it, or prove me wrong.
  Nope, you're wrong. The last digit of pi is zero.
  This is because pi is exactly 10 (base pi).
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
9. Re:But... the playlists! by Anonymous Coward · 2010-10-01 09:41 · Score: 2, Informative
  
  10 in base 10 -> 10
  2 in base 2 -> 10
  16 in base 16 -> 10
  pi in base pi .... -> 10 ....
Simple solution by Prune · 2010-10-01 04:54 · Score: 4, Interesting

Back up to a non-encrypted IPD file and put it into a TrueCrypt volume--or better yet, don't back up to an insecure machine! This story would have been much more newsworthy if they had broken the actual phone's encryption, AES and elliptic curve D-H.

--
"Politicians and diapers must be changed often, and for the same reason."
1. Re:Simple solution by mbourgon · 2010-10-01 05:15 · Score: 4, Informative
  
  Um, no. My last two jobs mandated them. They work exceptionally well in a business environment, and while I love the iPhone it's not yet as good for the enterprise. So for personal use, "don't get one hurr" may work, for the majority of bberry users it's not an option. That being said, most users don't back it up - if you're tied to exchange, all the important stuff is synched to it and all you need to do with a new bberry is to associate it to the same acct.
  
  --
  "Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
2. Re:Simple solution by mlts · 2010-10-01 05:16 · Score: 4, Interesting
  
  It is still a hole though, and one that is completely preventable. Most serious crypto products around uses key strengthening, be it KeePass with its variable number of rounds that are user selectable, TrueCrypt with its 1000 rounds, or iOS 4's 10,000 rounds. Heck, even the venerable crypt(3) mechanism had a number of rounds to slow down people running Crack over 20 years ago back before passwords were stored in /etc/shadow.
  How can this be fixed? Use a reasonable amount of rounds (enough so it slows down brute forcing, but not too many that it kills day to day normal operation.) Also, use a salt, so rainbow table pre-computation of keys is impossible.
  In the meantime, the parent poster probably has the best solution. For maximum security, add a cryptographic token and store a TC keyfile on that. This way, if someone tries to brute force the token's passphrase, they have 3-20 tries before the token permanently fries itself.
3. Re:Simple solution by blueg3 · 2010-10-01 05:26 · Score: 2, Informative
  
  PBKDF2, which the BlackBerry backups use, always uses a salt. One round is a joke, though. The 4096 rounds of WPA aren't really sufficient, and the 1000 rounds of FileVault are really a mistake.
why was it easier? by Mike+Davi+Kristopeit · 2010-10-01 04:59 · Score: 2, Insightful

was the encryption scheme weaker, or were disgruntled RIM employees more willing to hand over the keys than disgruntled apple employees?
Does this make them legal in the Middle East now? by Suki+I · 2010-10-01 05:11 · Score: 2, Funny

Does this solve that encryption complaint the UAE, Saudis and others had about Blackberry?

--
Home of The Suki Series
If only the article supplied more information by apparently · 2010-10-01 05:15 · Score: 3, Funny

Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises. In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one.
If only the article had the above information on page 2, you'd have the answer to your question. If only.
Not "encryption hacked" by blueg3 · 2010-10-01 05:19 · Score: 5, Informative

The encryption itself is just fine (at least, for now). While it's interesting that the data is transmitted in the clear and then encrypted by the backup software, they don't propose exploiting this (which would be an inconvenient attack).
This is simply a brute-force password cracker that's specific to BlackBerry backups. It's not particularly specific, either, as the backups are encrypted with AES and the key is derived from a password using the standard PBKDF2. There are tons of PBKDF2-crackers out there (like coWPAtty). The surprising thing is that they only use single-iteration PBKDF2, which is a joke.
This, incidentally, is what is meant by the statement in TFS that cracking BlackBerry backup passwords is easier than cracking iOS passwords. Difficulty in password cracking (amount of computational time per password) for PBKDF2 is roughly proportional to the number of iterations. IIRC, WPA uses 4096, Apple's FileVault uses 1000, and BlackBerry backups apparently use 1.
Look out for flying hockey pucks at by BoRegardless · 2010-10-01 05:20 · Score: 2, Funny

RIM headquarters.
You're doing it the hard way. by McGregorMortis · 2010-10-01 05:22 · Score: 4, Interesting

This "weakness" seems a little silly.
You typically make your backups on your office desktop PC, and leave them there. But all the sensitive data in the backup file was already there on that same PC, in your corporate mailbox, completely unencrypted.
Cracking a Blackberry backup file would be the hardest way to get access to that data.
1. Re:You're doing it the hard way. by TubeSteak · 2010-10-01 07:45 · Score: 2, Insightful
  
  You typically make your backups on your office desktop PC, and leave them there. But all the sensitive data in the backup file was already there on that same PC, in your corporate mailbox, completely unencrypted.
  Cracking a Blackberry backup file would be the hardest way to get access to that data.
  It would create the least amount of loggable activity.
  And it's much faster to copy 1 file than to dig around for XYZ # of files.
  
  --
  [Fuck Beta]
  o0t!
In other news by RegTooLate · 2010-10-01 05:37 · Score: 4, Funny

The NSA announced today that they are offering secured online backup for all Blackberry users. RIMM responded saying they were surprised how quickly the DNS poison spread but wish the NSA well in their user friendly backup service. Many Middle East governments are also now offering the easy secure backup service as well.
Re:Really? by bigrockpeltr · 2010-10-01 05:41 · Score: 2, Funny

Up, Up, Down, Down, Left, Right, Left, Right, B, A, send

--
$ unzip, strip, touch, finger, grep, mount, fsck, more, yes,fsck,fsck,fsck,umount, sleep
Not just secure for today by mpfife · 2010-10-01 06:16 · Score: 2, Insightful

This is one of the biggest things people forget about with data security and one my professors at school were constantly mindful of. Sure, 2048 bit keys and most modern cryptography is secure right now; but if you have really sensitive data - data about banking accounts, transaction records that your business depends on keeping secret for competitive reasons, voting records, etc - you need that to remain secure for the life-time of the person - or even longer. This is MUCH harder - especially if the advent of quantum computer decryption around the corner. What if all your bank transactions and records for this point up till now became as easily readable as a zip file? What if you live in a country that when the regime changes, those associated with the old regime get 'purged'? Your records are your life in such situations.

Remember, people can be storing up all those encrypted transactions you're sending around - and when the machines are fast enough - unencrypt them years or even decades later to reveal everything you said, did, bought/sold/voted on/etc during those times. This is a perfect example of why you need to take into the account the *lifetime* sensitivity of the data your encrypting, or you could easily face serious consequences.
Why Blackberry still works by markdowling · 2010-10-01 06:20 · Score: 4, Informative

Remote Application Deployment from BES
Application Policies
Applications can be installed from PCs or BES, not just The Apps Steve Likes
They sell an integrated keyboard, or a narrow-factor phone, not just The Touchscreen Steve Likes
Decryption Snake Oil, or Panic? by ratboy666 · 2010-10-01 06:55 · Score: 3, Informative

So, it takes 3 days to crack the 7 character password. Adding 8 characters to the set (say, !@#$%^&*) would then increase that 3 days to...
2^21 more effort. Or, roughly 3 to 4 million days. Seems from the discussion that elcomsoft was able to brute force quickly (millions of passwords per second).
Add a few more characters and the effort to brute-force the thing goes up... exponentially. Unless, of course, elcomsoft has actually "cracked" the encryption, and not simply reduced the time to try a key.
What I would warn about is my "usual" advice for password generation (optional random character) word (optional random character) word (optional random character), because, as far as I can tell, that can be now be broken by elcomsoft in 2 to 3 days (assuming they know that this is the pattern used, which we have to).
Very curious to see a review of this (before panic sets in).
ratboy666

--
Just another "Cubible(sic) Joe" 2 17 3061
Give us a break by thethibs · 2010-10-01 08:27 · Score: 2, Insightful
Both the headline and the article are overheated.
The "crack" requires that
1. You have information that needs to be secured on your BB;
2. In spite of that you've used a toy password; and
3. The enemy has access to your backup files.
More than a bit of a stretch.
--
I'm a Programmer. That's one level above Software Engineer and one level below Engineer.