BlackBerry Backup Encryption Cracked
A Russian company called Elcomsoft, which had previously released a tool for recovering iPhone backups from a PC, has now succeeded in cracking the BlackBerry backup system as well. While data traveling to and from RIM’s BlackBerry Enterprise Servers is apparently plenty secure, the regular backups that BlackBerry devices store on a computer are vulnerable to a brute password recovery attack. With the company’s Elcomsoft Phone Password Breaker, one can reportedly crack a BlackBerry backup file password of seven letters in length in about half-an-hour, using a machine powered by an Intel Core i7.
The reason for this insecurity, according to Elcomsoft’s Vladimir Katalov, is that unlike Apple, which uses 2,000 iterations of a so-called standard key-derivation function in its AES-encrypted iOS 3.x backups (and 10,000 iterations in iOS 4.x), RIM only uses a single iteration. Plus, the company’s devices apparently pass data to and from the BlackBerry Desktop Software completely unencrypted, further heightening the security risk.
This development comes at a time when RIM is actually under fire in several countries for computer systems that are considered too secure by certain governments, such as India and the United Arab Emirates. Specifically, these countries want easier wiretapping access to communications made over BlackBerry devices, arguing that criminals and terrorists are using them for plots about which authorities cannot effectively eavesdrop.
