Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Say They Can Crack BlackBerry PGP Encrypted Email (sophos.com)

Posted by Soulskill on from the proof-is-in-the-pgpudding dept.

schwit1 writes: Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having "military-grade security." The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices. A representative from NFI confirmed that "we are capable of obtaining encrypted data from BlackBerry PGP devices," according to a report from Motherboard. On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

24 of 117 comments (clear)

  1. There's a reason... by tysonedwards · · Score: 3, Funny

    It's called "Pretty Good Privacy".

    --
    Thirty four characters live here.
    1. Re:There's a reason... by LichtSpektren · · Score: 4, Insightful

      PGP works great for Linux users. If I had to make a guess as to why it's not working so great for BB customers, I would just take a stab in the dark and say it's related to the fact that BB's CEO openly defends putting backdoors in phones and computers for "lawful access" by governments.

    2. Re:There's a reason... by Xylantiel · · Score: 2

      I believe PGP in this context is used for end-to-end security. If you intercept the message at one end, outside the encryption, then that isn't a PGP flaw. This sounds like the application on the device is not careful with plaintexts and keys in memory, and so the data and possibly the key can be recovered from a physical device. That is completely different from decrypting intercepted data. If, on the other hand, this BB contains a hardened chip that the key is never supposed to leave and they are able to recover the key, that is big news.

    3. Re:There's a reason... by AchilleTalon · · Score: 2

      PGP works great for Linux users. If I had to make a guess as to why it's not working so great for BB customers, I would just take a stab in the dark and say it's related to the fact that BB's CEO openly defends putting backdoors in phones and computers for "lawful access" by governments.

      The BB's CEO never said such a thing. He never ever talked about putting backdoors, he talked about sharing METADATA with authorities if justified and required.

      --
      Achille Talon
      Hop!
    4. Re: There's a reason... by HiThere · · Score: 2

      There's something in what you say, but when you say "Linux guys tend to put everything valuables in a safe hidden 2 feet underground with the sophisticated security system. Even then if police physically have access that's when the self destruct kicks in." you're really talking about the OpenBSD guys.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  2. Beware of BlackBerry shills by LichtSpektren · · Score: 4, Funny

    BlackBerry has an intense cadre of Internet shills that likely will be defending them within about a day or two. Just watch.

    For any sane person that cares about their privacy and safety, this should be the nail in the coffin for BB.

    1. Re:Beware of BlackBerry shills by Kardos · · Score: 2

      Indeed. "We don't protect your privacy" is not a selling point in 2016.

    2. Re:Beware of BlackBerry shills by drew_kime · · Score: 5, Insightful

      2. Law enforcement says "don't use Blackberry because we cracked it". Stress on the "don't use Blackberry" part ?

      That's what seems odd to me. Why would police disclose that they're able to do this? Isn't this the kind of capability you'd want to keep under wraps? Almost seems like they want people to avoid BB. I wonder why.

      --
      Nope, no sig
    3. Re:Beware of BlackBerry shills by ShanghaiBill · · Score: 3, Interesting

      Why would police disclose that they're able to do this?

      The police did not make an official statement about it. The information leaked out. The ability to decrypt was implied in a court document. It may have also been a cop or two bragging to a journalist "off the record".

    4. Re:Beware of BlackBerry shills by houghi · · Score: 2

      They send the information via a Blackberry PGP message.

      Also: This is Canada and Netherlands. Not two of the top countries in lying. (They do lie, but not as much as many others.)

      --
      Don't fight for your country, if your country does not fight for you.
    5. Re:Beware of BlackBerry shills by hawleyg · · Score: 2

      What does BlackBerry need to defend here? This isn't about BlackBerry security - it's about the third party PGP apps that some have put around it according to TFA.

      Gosh, I must be a shill. Go find your tinfoil hat.

      --
      Cheers, Glen
  3. Key is forensics. by Anonymous Coward · · Score: 5, Interesting

    They aren't cracking PGP. This came from the forensics department. By far the most likely scenario is that they're able to recover either the key from memory/flash, or the unencrypted plaintext.

    Also, people still use Blackberrys?

  4. Not necessarily by nospam007 · · Score: 4, Interesting

    Nobody said anything about 'cracking'.
    They were able to 'read' the messages after hitting the user with a wrench to get the password.

    1. Re:Not necessarily by LichtSpektren · · Score: 2

      Nobody said anything about 'cracking'. They were able to 'read' the messages after hitting the user with a wrench to get the password.

      Well, if you want to be pedantic... What TFS literally says is "Police in two countries have claimed that they can read encrypted data from BlackBerry devices". I myself can also read encypted data--it reads like random white noise, but I can read it!

  5. I doubt it by ooloorie · · Score: 5, Interesting

    They almost certainly can't "crack PGP"; they may, however, have found flaws in the way Blackberry uses PGP. Or perhaps they are simply referring to the fact that they can intercept data as it is being decrypted on the device.

    1. Re:I doubt it by Rinikusu · · Score: 3, Interesting

      It wouldn't surprise me if the app saves the plaintext somewhere on the filesystem, creates an encrypted copy for mailing, and then just does a soft delete. With SSD/Flash memory write algorithms, it could be a very long time before that gets overwritten.

      --
      If you were me, you'd be good lookin'. - six string samurai
    2. Re:I doubt it by wbr1 · · Score: 2

      It wouldn't surprise me if the app saves the plaintext somewhere on the filesystem, creates an encrypted copy for mailing, and then just does a soft delete. With SSD/Flash memory write algorithms, it could be a very long time before that gets overwritten.

      Incorrect. At least with SSDs (also flash memory), you cannot overwrite an existing block, it has to be erased first. To make sure writes are speedy, the firmware normally actually clear blocks immediately or are queued for rapid deletion during idle time when a file is deleted. This is in contrast to a spinning disk where the entry in the file table is deleted but the blocks remain to be overwritten (or recovered) later.

      See: http://www.forensicmag.com/art...

      --
      Silence is a state of mime.
  6. Why? by CimmerianX · · Score: 3, Insightful

    I'm curious as to why any agency would announce that it could read these messages publicly? The bad guys now won't use this perhaps? It's akin to the national argument over Snowden revealing the collection of phone records and everyone screaming how the bad guys will now have this info and that put everyone at risk.

  7. Police say a lot of things by JoeyRox · · Score: 3, Informative

    Some of it to coerce citizen behavior, like convincing people that the encryption on their phone's isn't effective so that they wont use it.

  8. Military grade by fahrbot-bot · · Score: 3, Funny

    ... BlackBerry devices that are being marketed as having "military-grade security."

    To be fair, Blackberry / RIM never said whose military.

    --
    It must have been something you assimilated. . . .
  9. Why does everyone seem to believe this. by frovingslosh · · Score: 3, Insightful

    I'm no Blackberry fan. I would never trust the company and I sure don't use one. But I'm surprised that everyone just seems to accept the claim. I expect that if there were any secure device out there that several gub'mints would be actively telling people "oh, we can crack that", a message which comes across as "Don't use that if you want to keep your communications private" and ends up steering people to devices that the snoops really can crack. Maybe they can crack it, but if so why tell us about it? I don't have enough trust in any government to believe this blindly.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  10. Re:Military grade by MightyYar · · Score: 5, Funny

    Military grade just means it won't change for 30 years or so. :)

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  11. Re:"so-called BlackBerry PGP devices" by hankwang · · Score: 2

    "So-called" is a literal translation of Dutch "zogenaamd". The Dutch version doesn't suggest that the speaker disagrees with whatever follows. The author meant to introduce a name that may not be familiar to the reader.

    --
    Avantslash: low-bandwidth mobile slashdot.
  12. FUD: doesn't affect stock BlackBerry, only modded! by Prune · · Score: 3, Informative
    30 seconds of search showed what I expected: http://gizmodo.com/dutch-polic...

    break a series of encrypted emails held on Blackberrys modified by Canadian firm Phantom Secure

    Conclusion: (a) don't get phones modified by a shady third party with government connections, and (b) don't take Slashdot summaries at face value (but we never learn that one, do we)

    --
    "Politicians and diapers must be changed often, and for the same reason."