Theory: How Memory Cards Can Be Made 100% Safe & Secure In a BlackBerry
 

Interseting Topic Alert:

Many of you know how RIM makes BlackBerry security a very high priority.

Discussion has begun on how memory cards can be made 100% safe and secure:
Removable Memory For BlackBerry

(The nutshell: Treat a flash memory card strictly as a semipermanent "memory upgrade module" - much like PC memory modules - and install it SIM-card-style behind the battery so it does not get lost - plus use existing memory Content Scrambling to make it 100% secure just like the built-in flash memory. Just imagine "File Free 512,426,048 Bytes Free" in Options->Status, when you start wanting to install massive stuff in the future such as GPS maps, real estate databases, video tours, massive medical databases, or other stuff that may become popular in the future. The memory card would be encrypted and totally unusable and non-portable in other BlackBerries or card readers)

Ongoing discussion, started by a forum member, about accomplishing 100% safely and 100% securely implemented memory upgrades, for future BlackBerry models (using flash media as a "memory upgrade module" instead) - Click Here to go to the "Removable Memory" Thread.

Mark is this enough for RIMM to see it, or would we have better results with a petition type drive having members sign it digitally and then forwarding it to them. I think you have a tremendous idea there and it looks like a seed was just planted, now we have to nurture it and watch it grow.

I can't claim credit for the idea, others have. I am just trying to make this more visible and easier to understand why it can be 100% secure to add flash memory to a BlackBerry, with absolutely no chance of data theft.

I'm the one pointing the spotlight and raising the profile of this idea by posting in here, as well as writing a detailed rebuttal to those people who say memory is insecure/easily lost/bad idea (False! All total non-issues once you treat it as a "semi-permanent user-installable flash memory upgrade")

Actually, according to MobileRC, it might be that RIM already knows this - click here. I'm merely encouraging further discussion.

Also, BlackBerryForums knows that many employees from RIM does monitor these forums from time to time. Especially when BlackBerryForums articles show up in blogs, etc.

Sure... obvoiusly RIM knows this... but take it's top ten customers and ask the CIO's and Security Officers whether they want any type of removable anything on the handheld. We already know what the answer is...

RIM is catering to the people who got them to this point. RIM is in constant contact with all of it's major accounts... One of my friends spends almost all his time at one of the big banks in Toronto just dealing with management and issues that are escalated from TSupport.

Until the big RIM customers decide that removable storage is OK, we aren't going to see it. I am sure RIM cares about our opinions, but do you really think a few hundred hacker/tweaker type from here are going to influence *any* type of decision RIM makes? Like seriously... there are a few thousand of us here, but only a few hundred who really are active. Do you think even 1000 of us will sway a RIM decision as opposed to say... the US Government who have 100,000 devices?

I think it's time to stop beating a dead horse, stop talking about any type of removable storage, stop talking about cameras and accept what we have. If removable storage is a big deal for people, they should get one of the many other mobile handhelds that support it.

I really am getting sick and tired of all these proof of concept and case study type threads that pretty much result in crying about a feature RIM will not include in their handhelds.

It's time to lay this one to rest guys... it just isn't going to happen anytime soon.

cd.

I'm not sure I would be quite so discouraged, but your basic point is well taken. RIM will include removable storage when their large customers decide it's OK. And their large customers will decide it's OK when the killer app comes along that requires the memory. It's sure not going to be MP3s, videos, or ebooks. Probably not GPS maps or real estate databases either.

I think it should be an option. The device could work with the card or not. Couple things that might make it more secure.

1. Make the slot togglable via BES policies. This way, if a user has a company device or a device on a company BES, the admins can decide whether or not they are allowed to insert and use a memory card.

2. Maybe make an option to disable/erase the card on removal. If the card is wiped every time the card is removed from the device, this would certainly cut down on a lot of risks such as lost/stolen cards.

3. To make them useful, you would almost need to use a standard memory card format such as one of the mainstream ones used widely by digital cameras nowadays. That way you could utilize the ability to plug the card into your computer, copy files you want over, and then plug it into the device. This would most likely be consumer and not a corporate action, though I could see how real-estate companies would widely benefit from the ability to download a new listings database every morning before they head out and have it easily accessible on the road. Then update it by simply plugging the card back into their PC at the end of the day.

Just my opinions though.

Honestly I don't see this becoming reality in the corporate world though. Memory cards, no matter how encrypted, are succeptible. There will ALWAYS be someone out there who can crack them and exploit it. But I think with options 1 and 2, that would be able to limit the devices from being able to use them.

That attitude won't get ya far man. What if someone had said "nano-technology is just too small. We should stop researching it because it isn't going to happen anytime soon." Or... "Travelling near the speed of light is just too fast. We should stop theorizing how to do it simply because it won't happen quick enough."

I'm quite sure RIM keeps an eye open around here for a more "consumer"-based opinion of blackberries, as well as those admins that regularly post about what they would like to see in upcoming releases.

Possibly, the more people here brainstorm about how to make this a reality, the more ideas RIM will get for actually implementing a solution.

Think outside the bun
 

At one time the world was flat. Attitudes can change, once we used gas lights to luminate our homes, today we use a vast number lighting decices, most of which came about from people thinking outside the box and attitudes changing.

I'm not saying RIM should go out tomorrow and revamp their whole way of business, but one thing to consider is when they first came out BB's, they didn't have intergreated phone...now we have BB's with phones (For better or worse)

I say tie in accessing the memory like a SIM card in a GSM phone. When my Blackberry is idle for one hour, it locks. Have the security system lock the memory card too. Not as for removable memory, make it smart. Like with a SIM card, if I were to put it into another Blackberry, it transfers my settings and whatnot (including security) and then the Blackberry will ask for my password before anyone can access it. As for putting it into a different device, i.e. a SD to PC Card adapter, password protect it. I have a compact flash card that before I can mount it, I have to input my password. It's AES-128bit ecryption so it's pretty powerful security. Even then, they could use some of the new 448 bit suff out there. Maybe I make it more simple than it is... but RIM is innovative, they can pull it off.

I think my opinion is right on. I am sure that RIM knows exactly how to implement removable storage, in fact I would be that they have even built prototypes with removable storage. The fact of the matter is the big customers don't want it. RIM will not make a device with a feature that the big customers don't want.

Here's what will happen... RIM will release a blackberry with removable storage, execs will like all the toys that come along with the 'newest and fastest' handheld. Now they will demand one from the company. Maybe they don't have BES, how do you protect the card. There is no encryption that can't be cracked. The NSA most likely does it best, but I am sure some of these post cold war soviets know a thing or two about crypto as well, and you can be damn sure they wouldn't mind making a few bucks.

I have never said it wouldn't be possible, and I am sure RIM has thought about pretty much every angle, and most likely have a pretty good way to do this all figured out already but until the right people say 'yes, let's do it'. It's not going to happen.

Why don't we start a letter writing campaign to the US Gov't and see if we can relax the security policy a little bit so that employees and contractors can have removable media in any building. I'm sure most of the military contractors wouldn't mind some common removable media that can be put into any number of cameras or laptops.

It's not a matter of convincing RIM to add this, it's a matter of convincing RIM customers. I have heard a number of you speak about being government contractors and such. Can you take any device you want into every site you enter, even if it has removable media? Military Bases? Intelligence Offices?

It's not about me having a poor atitude, it's about me having a realistic approach to why this will not happen anytime soon. It isn't RIM, it's the customers. We are a very small percentage of users, in the big picture we are just drops in the bucket, our opinion and brainstorming will never infuence RIM decisions.

cd.

That wouldn't work. By the time the card is removed the opportunity to erase it is gone.


But if the data is encrypted then at least it's safe from prying eyes.



The other issues are:

Speed - how does a SD card compare in terms or read and write speed to the onboard BB memory?

Stability - hands up everyone who's had problems with memory cards. There are some very poor SD card manufacturers around and if the BB is using it as internal memory and it suddenly drops the FAT, what happens next?

Sure it would. Have a policy option, set through the BES manager, that if the card is removed, all info ON THE CARD is automatically wiped. That way, anyone removing the card, or losing it, does not have to worry about the data being compromised.

I think he is asking how do you erase the card after it is removed from the device. Unless it has it's own little processor and battery that will sense when the card is no longer connected you can't really do anything to the card.

Right - you remove the card, how does the BB remove the data? The card is already gone.

You could of course have the ejection feature software controlled. So you can insert the card "manually" but you eject the card using a software eject option as opposed to the physical approach. That would require additional components inside the BB, programming, and be vulnerable to failure or hack. But it's an option.

Something along those lines. I'm sure it wouldn't need to be much really. Probably not much more technology than the old zelda nintendo game took to same games really.

Or possibly... have a small battery or timer that lasts maybe 20 mins. If it is not inserted either into the last blackberry it was taken out of, or into a PC with a matching encryption key, it wipes itself.

But then you're talking about a new storage card design in an already flooded market. Expensive.

I think that plain cryptographic methods can be made sufficiently strong enough (using a combination of PIN, the specific BES server, the specific device, among other things) to be "trusted" if the card is removed; it becomes essentially useless.

Cryptographic methods exist today, such as certificates, etc, which can make an extremely strong and specific link between a specific memory card and a specific BlackBerry/specific BES. This would be much more secure than a password, because you would also need the actual 'infrastructure' in order for the card to function, making cracking by mimicking impratical. Military grade cryptography could be used (Which I seem to recall is 2048 bit).

In this case, removal of the card would render, the card essentially useless -- not even readable even by knowing the correct password! It would be much more secure than that. (Yes, as barjohn say, some draconian stuff by NSA may do the trick, if they are already managing to decode stuff stored in BlackBerry memory)

Take the card out -- essentially useless random gibberish
Put the card in a card reader -- essentially useless random gibberish
Put the card in another BlackBerry -- essentially useless random gibberish
Dump the card byte-by-byte into a computer -- essentially useless random gibberish
Only when it is put back in the original BlackBerry with the original BES -- the card has correct data

Not absolutely necessary to delete data on the card before removal. Deleting would be preferred, but it would not be a security disaster because not even using a password would recover the data. You'd need the actual device and infrastructure for it to work. Removal from a BES could even also render the card useless too. Possessing the card and attempting to read the existing data off it, would be roughly similiar to trying to snoop encrypted airwaves by the military. Data would look like random gibberish of bytes with pretty strong cryptography, which would be essentially secure for all today's pratical purposes (except possibly maybe NSA, or such, as barjohn indicated)

Do not forget that there's a semipermanent SIM-card-style memory card format called RS-MMC and MicroSD. This is sort of a "memory upgrade module" for BlackBerry. This format is the one likely to be used.

Not an issue. New 150X SD cards are several times faster than the flash memory built into BlackBerry.

Valid issue.

Also, remember, it's MicroSD or RS-MMC not SD ... Memory cards would be installed SIM-card-style behind the battery semi permanently. Remember, we're talking about treating a memory card like a memory upgrade instead. It makes no sense to go SD when you can use a tiny SIM card style memory upgrade instead, since RIM isn't going to allow data portability on a memory card anyway for security reasons.

I was thinking of the 160x cards when I wrote that, but if you look at the market there are two issues:

1 - the device bus needs to support the bandwidth.
2 - the speeds are asymmetric when reading and writing.

I know you have an iPAQ so if you've benchmarked any SD cards in that you'd see a significant difference in read and write.

So with the correct architecture I'm sure it could work - I would just hope that we get the correct architecture :)