BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 09-29-2011, 03:26 PM   #21
the-economist
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Please Login to Remove!

Quote:
Originally Posted by daphne View Post
Anyone who clicked the link and read the page that Juwaack posted would have seen that it works on iOS. So you didn't read the link?

Also I posted that it works on iOS before JSanders posted. Did you not read that either?

The last time I checked iOS was an operating system for Apple mobile devices.
I didn't read anything. Got the company name from the title, picked up my blackberry and called them. Then i got answers to my questions, then i bought their product.

Yourself and the other mod seem to be the only people in the whole thread more interested in Apple Inc products. I suggest you call elcomsoft and ask them about the platform you're using.
IOS for me is what runs in Cisco routers.
Offline  
Old 09-29-2011, 04:23 PM   #22
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

That kind of ignorance ("I didn't read anything --the-economist") can also be called pure stupidity.
Blind fanboism.
Trolling.
Offline  
Old 09-29-2011, 04:33 PM   #23
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Trolling with a generous dose of BS at that. I wrote "iOS" not "IOS". The troll knows the difference unless he truly is stupid. And do say, he already had the phone number in his device? If not, he read something to get the number.

The statements some of these fanboi tolls use to argue their points are truly ridiculous.
__________________
Report spam text messages to 7726
#BlackBerry by choice
Offline  
Old 09-29-2011, 04:34 PM   #24
the-economist
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by JSanders View Post
That kind of ignorance ("I didn't read anything --the-economist") can also be called pure stupidity.
Blind fanboism.
Trolling.
I really can't see the reason behind the personal attacks against me from the moment you joined the thread, but yeah, whatever, have fun..
Offline  
Old 09-29-2011, 04:49 PM   #25
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by daphne View Post
And do say, he already had the phone number in his device? If not, he read something to get the number.
Yea, at this point he's just 'lying'.
Offline  
Old 09-29-2011, 04:50 PM   #26
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by the-economist View Post
I really can't see the reason behind the personal attacks against me from the moment you joined the thread, but yeah, whatever, have fun..
I think you were the first to throw out the work 'troll', at me, when I was not the first to mention Apple.

Learn to read.
Offline  
Old 09-30-2011, 10:39 AM   #27
jmwking
Talking BlackBerry Encyclopedia
 
Join Date: Mar 2006
Location: DC
Model: 9550
Carrier: Verizon
Posts: 338
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

I'm not getting into calling people names or questioning where the fault lies. This sounds like a real problem.

Suppose someone chooses for their password a short, same case, letters-only password - which is fairly typical if you have to enter it every time you want to use your BB.

Anyone finding (or otherwise acquiring) the device can use this software to get into your blackberry, your personal info, and - by extension, I guess - your connection to whatever is available through your BES.

Again, this sounds like a real problem. First and foremost, everyone should either remove encryption from their media card, or change a password to one that's quite annoying - and strong.

The finger-pointing and name-calling can wait.

-jk
Offline  
Old 09-30-2011, 10:49 AM   #28
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by jmwking View Post
change a password to one that's quite annoying - and strong.
Exactly! Agreed.

And anyone who has used ANY computer in the past decade and not heard that ^^ message is deaf and dumb to begin with.
Offline  
Old 10-03-2011, 01:50 PM   #29
the-economist
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by jmwking View Post
Again, this sounds like a real problem. First and foremost, everyone should either remove encryption from their media card, or change a password to one that's quite annoying - and strong.
It is a real problem. A mixed case annoying and strong password is near unusable if it needs to be entered every time the device needs unlocking. There is always a tradeoff between security and usability.

I bought the software from the company mentioned in the thread. My letters/numbers 4-digit unlock code was spit out in seconds. The SD card is not even needed, any encrypted single little file from the card does the job.
This needs to be addressed urgently.
Offline  
Old 10-03-2011, 04:57 PM   #30
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Oddly enough the developer of the app doesn't even say it works in the way you describe. Perhaps you're not trooful with us again?
Offline  
Old 10-03-2011, 08:53 PM   #31
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by the-economist View Post
It is a real problem. A mixed case annoying and strong password is near unusable if it needs to be entered every time the device needs unlocking. There is always a tradeoff between security and usability.

I bought the software from the company mentioned in the thread. My letters/numbers 4-digit unlock code was spit out in seconds. The SD card is not even needed, any encrypted single little file from the card does the job.
This needs to be addressed urgently.
Please clarify your last sentence. First you say the SD card isn't needed, then you say "any encrypted single little file from the card does the job". That doesn't make sense the way it you've stated it.

Also, I hope you know that saying "it needs to be addressed urgently" here has no effect on what happens at RIM. RIM doesn't own this forum or read this forum. You should direct your concerns and suggestions to RIM in that respect.
__________________
Report spam text messages to 7726
#BlackBerry by choice
Offline  
Old 10-03-2011, 10:36 PM   #32
jmwking
Talking BlackBerry Encyclopedia
 
Join Date: Mar 2006
Location: DC
Model: 9550
Carrier: Verizon
Posts: 338
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

I don't encrypt my card (there's nothing sensitive on it) and I have no idea whether his test is accurately reported. However, if the OS encrypts files one by one rather than encrypting the entire card, it seems plausible the software would only need a single file to decrypt and deduce the password.


Regardless of who may read this board, RIM does need to address it, and soon. It's a major vulnerability.

If I were responsible for a BES installation and keeping corporate data safe, I'd be quite worried.

-jk
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-04-2011, 04:11 PM   #33
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default

Quote:
Originally Posted by jmwking View Post
I don't encrypt my card (there's nothing sensitive on it) and I have no idea whether his test is accurately reported. However, if the OS encrypts files one by one rather than encrypting the entire card, it seems plausible the software would only need a single file to decrypt and deduce the password.


Regardless of who may read this board, RIM does need to address it, and soon. It's a major vulnerability.

If I were responsible for a BES installation and keeping corporate data safe, I'd be quite worried.

-jk
Posted via BlackBerryForums.com Mobile
It is the file(s) that is encrypted and not the card. If you have had encryption disabled and then it is enabled, only files that are written after are encrypted. And when encryption is then disabled, those encrypted files remain encrypted, and files written after encryption is disabled are not encrypted.

From what I read of the software, all you need is a file from the card, which of course means you do need the card to get the file.

What I think I understand is that if you want to be able to move the card to another BlackBerry and read the encrypted files on that other BlackBerry, then there isn't anything else RIM could have done. All other solutions require information on the handset, such as using the device key setting, or a so-called "salt," which would mean the user could only read the the encrypted files on the original BlackBerry.

The real true practical solution to protect the BlackBerry handset password from discovery in this instance is to either not enable encryption using only the device password, or to use a very strong password if you do.

I personally don't see a problem with a strong password for me and the way I use a BlackBerry. If I had a 5 minute time out forced on me it might be a different story. But setting a reasonable time out and manually locking my BlackBerry when I think I need to works for me.

I hesitate to think it's a big deal for RIM because from what I understand I don't know what else they could have done for users who want to encrypt but still want to swap cards between BlackBerrys. It is a big deal for those users, however, but they've created the problem if they are using weak passwords.
Posted via BlackBerryForums.com Mobile

Last edited by aiharkness; 10-04-2011 at 04:14 PM..
Offline  
Old 10-05-2011, 04:19 AM   #34
the-economist
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by daphne View Post
Please clarify your last sentence. First you say the SD card isn't needed, then you say "any encrypted single little file from the card does the job". That doesn't make sense the way it you've stated it.
Doesn't need the card, needs an encrypted file from the card. Clear now?
Offline  
Old 10-05-2011, 10:14 AM   #35
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

No, that doesn't make sense. Do you mean it needs an encrypted file on the device or on the media card? If it needs an encrypted file on the media card, then it needs the card also.

See the post above yours:
Quote:
From what I read of the software, all you need is a file from the card, which of course means you do need the card to get the file
emphasis mine
__________________
Report spam text messages to 7726
#BlackBerry by choice
Offline  
Old 10-05-2011, 03:45 PM   #36
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Minor point, but that probably should have been, "all you need is an encrypted file from the card..."
Posted via BlackBerryForums.com Mobile
Offline  
Old 10-06-2011, 12:33 PM   #37
jmwking
Talking BlackBerry Encyclopedia
 
Join Date: Mar 2006
Location: DC
Model: 9550
Carrier: Verizon
Posts: 338
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

It doesn't really matter whether cloak-and-dagger types are hacks a single encrypted file so he can access your phone while your back is turned, or someone just goes after your BB with the card still inserted, hacks it, and gets while the gettin's good. It could be corporate espionage or law enforcement or your soon-to-be ex.

It all comes back to the same point: if someone simply acquires your blackberry - by whatever means - that has an encrypted data card or perhaps even just an encrypted file, then all your data, phone, and any BES access are all vulnerable to exploitation.

The only two safe options are to either not encrypt (and change your password if you leave any encrypted files behind) or use an annoyingly secure password (which lots of folks just won't).

The remarkably fool-proof BB protection of wiping of your phone after 10 failed tries (generally safe even with a short, easy password) no longer applies if you encrypt your data card. Regardless of semantics, this issue is a Big Deal and should get attention.

-jk
Offline  
Old 10-06-2011, 12:47 PM   #38
penguin3107
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by jmwking View Post
The only two safe options are to either not encrypt (and change your password if you leave any encrypted files behind) or use an annoyingly secure password (which lots of folks just won't).

The remarkably fool-proof BB protection of wiping of your phone after 10 failed tries (generally safe even with a short, easy password) no longer applies if you encrypt your data card.
Just a little clarification...
This is only true if you choose to encrypt your media card using the handheld password as the key.
It is possible to encrypt to the device itself, and not the password.
If the encryption keys are based on the device ID as opposed to the handheld password, then this vulnerability goes away.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 10-07-2011, 09:45 AM   #39
the-economist
CrackBerry Addict
 
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

Quote:
Originally Posted by penguin3107 View Post
.
If the encryption keys are based on the device ID as opposed to the handheld password, then this vulnerability goes away.

100% agree , no question about it. Problem is when a security feature is exploitable (which is rather common in the software world and nothing close to the drama some posts in the thread made it to be) the solution is vendor acknowledgement and patching of the vulnerability rather than the user running in circles trying to protect themselves from a poorly executed implementation.

You and i and some thousands of forum users may be some technically inclined. That doesn't extend to the whole of the platform's userbase.

The "vulnerability gone away" solution should only come down through the official vendor channels that manage the codebase of said software. In this case that means Research In Motion Ltd.
Offline  
Old 10-12-2011, 08:57 AM   #40
juwaack68
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
Default Re: Elcomsoft breaks BB password by hacking encrypted media card

BlackBerry Security Incident Response Team Responds to Elcomsoft Brute Force Password Attack - BerryReview
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads for: Elcomsoft breaks BB password by hacking encrypted media card
Thread Thread Starter Forum Replies Last Post
Fix for Media Player Not Scanning For Music, Stuck on Scan, or Constant Reboots John Clark Media Center 49 07-30-2012 01:43 PM
Media card encryption problem luc-mobile General BlackBerry Discussion 1 12-17-2010 06:02 PM
BB noob here- Problem inserting media card reclary General 8300 Series Discussion - Curve 13 05-28-2008 09:12 AM
Need help with the media card for my BB desi_doll General 8100 Series Discussion - Pearl 19 01-14-2008 03:24 PM
Locked Password disable - locked media card access debby1 General 8100 Series Discussion - Pearl 11 02-13-2007 06:06 PM


Agilent E8403A VXI Mainframe + E8491B, E4808A, 7x E8461B Modules with WARRANTY picture

Agilent E8403A VXI Mainframe + E8491B, E4808A, 7x E8461B Modules with WARRANTY

$3900.00



TEKTRONIX TM5006A 6 BAY MAINFRAME.  (chassis Mainframe only) picture

TEKTRONIX TM5006A 6 BAY MAINFRAME. (chassis Mainframe only)

$200.00



HP 3488A HPIB Switch / Control Unit Mainframe picture

HP 3488A HPIB Switch / Control Unit Mainframe

$24.99



Tektronix TM5003 Power Module Mainframe Chassis picture

Tektronix TM5003 Power Module Mainframe Chassis

$225.00



Computer Conversions Corp. Main Frame Board RTSS-4 picture

Computer Conversions Corp. Main Frame Board RTSS-4

$375.00



Chroma 6312A DC Electronic Load Mainframe with 63102A 2A/20A 16V/80V 1 picture

Chroma 6312A DC Electronic Load Mainframe with 63102A 2A/20A 16V/80V 1

$700.00







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.