Police Say They Can Crack BlackBerry PGP Encrypted Email

schwit1 writes: Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having "military-grade security." The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices. A representative from NFI confirmed that "we are capable of obtaining encrypted data from BlackBerry PGP devices," according to a report from Motherboard. On Tuesday, the Royal Canadian Mounted Police (RCMP) also told Motherboard they can crack encrypted messages on PGP BlackBerrys.

There's a reason...

[tysonedwards]

It's called "Pretty Good Privacy".

Re:There's a reason...

[LichtSpektren]

PGP works great for Linux users. If I had to make a guess as to why it's not working so great for BB customers, I would just take a stab in the dark and say it's related to the fact that BB's CEO openly defends putting backdoors in phones and computers for "lawful access" by governments.

Beware of BlackBerry shills

[LichtSpektren]

BlackBerry has an intense cadre of Internet shills that likely will be defending them within about a day or two. Just watch.

For any sane person that cares about their privacy and safety, this should be the nail in the coffin for BB.

Re:Beware of BlackBerry shills

[drew_kime]

2. Law enforcement says "don't use Blackberry because we cracked it". Stress on the "don't use Blackberry" part ?

That's what seems odd to me. Why would police disclose that they're able to do this? Isn't this the kind of capability you'd want to keep under wraps? Almost seems like they want people to avoid BB. I wonder why.

Re:Beware of BlackBerry shills

[ShanghaiBill]

Why would police disclose that they're able to do this?

The police did not make an official statement about it. The information leaked out. The ability to decrypt was implied in a court document. It may have also been a cop or two bragging to a journalist "off the record".

Key is forensics.

They aren't cracking PGP. This came from the forensics department. By far the most likely scenario is that they're able to recover either the key from memory/flash, or the unencrypted plaintext.

Also, people still use Blackberrys?

Not necessarily

[nospam007]

Nobody said anything about 'cracking'.
They were able to 'read' the messages after hitting the user with a wrench to get the password.

I doubt it

[ooloorie]

They almost certainly can't "crack PGP"; they may, however, have found flaws in the way Blackberry uses PGP. Or perhaps they are simply referring to the fact that they can intercept data as it is being decrypted on the device.

Re:I doubt it

[Rinikusu]

It wouldn't surprise me if the app saves the plaintext somewhere on the filesystem, creates an encrypted copy for mailing, and then just does a soft delete. With SSD/Flash memory write algorithms, it could be a very long time before that gets overwritten.

Why?

[CimmerianX]

I'm curious as to why any agency would announce that it could read these messages publicly? The bad guys now won't use this perhaps? It's akin to the national argument over Snowden revealing the collection of phone records and everyone screaming how the bad guys will now have this info and that put everyone at risk.

Police say a lot of things

[JoeyRox]

Some of it to coerce citizen behavior, like convincing people that the encryption on their phone's isn't effective so that they wont use it.

Military grade

[fahrbot-bot]

... BlackBerry devices that are being marketed as having "military-grade security."

To be fair, Blackberry / RIM never said whose military.

Why does everyone seem to believe this.

[frovingslosh]

I'm no Blackberry fan. I would never trust the company and I sure don't use one. But I'm surprised that everyone just seems to accept the claim. I expect that if there were any secure device out there that several gub'mints would be actively telling people "oh, we can crack that", a message which comes across as "Don't use that if you want to keep your communications private" and ends up steering people to devices that the snoops really can crack. Maybe they can crack it, but if so why tell us about it? I don't have enough trust in any government to believe this blindly.

Re:Military grade

[MightyYar]

Military grade just means it won't change for 30 years or so. :)

FUD: doesn't affect stock BlackBerry, only modded!

[Prune]

30 seconds of search showed what I expected: http://gizmodo.com/dutch-polic...

break a series of encrypted emails held on Blackberrys modified by Canadian firm Phantom Secure

Conclusion: (a) don't get phones modified by a shady third party with government connections, and (b) don't take Slashdot summaries at face value (but we never learn that one, do we)