Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Say They Can Crack BlackBerry PGP Encrypted Email (sophos.com)

Posted by Soulskill on from the proof-is-in-the-pgpudding dept.

schwit1 writes: Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having "military-grade security." The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices. A representative from NFI confirmed that "we are capable of obtaining encrypted data from BlackBerry PGP devices," according to a report from Motherboard. On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

5 of 117 comments (clear)

  1. Key is forensics. by Anonymous Coward · · Score: 5, Interesting

    They aren't cracking PGP. This came from the forensics department. By far the most likely scenario is that they're able to recover either the key from memory/flash, or the unencrypted plaintext.

    Also, people still use Blackberrys?

  2. Not necessarily by nospam007 · · Score: 4, Interesting

    Nobody said anything about 'cracking'.
    They were able to 'read' the messages after hitting the user with a wrench to get the password.

  3. I doubt it by ooloorie · · Score: 5, Interesting

    They almost certainly can't "crack PGP"; they may, however, have found flaws in the way Blackberry uses PGP. Or perhaps they are simply referring to the fact that they can intercept data as it is being decrypted on the device.

    1. Re:I doubt it by Rinikusu · · Score: 3, Interesting

      It wouldn't surprise me if the app saves the plaintext somewhere on the filesystem, creates an encrypted copy for mailing, and then just does a soft delete. With SSD/Flash memory write algorithms, it could be a very long time before that gets overwritten.

      --
      If you were me, you'd be good lookin'. - six string samurai
  4. Re:Beware of BlackBerry shills by ShanghaiBill · · Score: 3, Interesting

    Why would police disclose that they're able to do this?

    The police did not make an official statement about it. The information leaked out. The ability to decrypt was implied in a court document. It may have also been a cop or two bragging to a journalist "off the record".