BlackBerry Forums Support Community - View Single Post - Theory: How Memory Cards Can Be Made 100% Safe & Secure In a BlackBerry

Mark Rejhon · 09-26-2005, 04:43 PM

I think that plain cryptographic methods can be made sufficiently strong enough (using a combination of PIN, the specific BES server, the specific device, among other things) to be "trusted" if the card is removed; it becomes essentially useless.

Cryptographic methods exist today, such as certificates, etc, which can make an extremely strong and specific link between a specific memory card and a specific BlackBerry/specific BES. This would be much more secure than a password, because you would also need the actual 'infrastructure' in order for the card to function, making cracking by mimicking impratical. Military grade cryptography could be used (Which I seem to recall is 2048 bit).

In this case, removal of the card would render, the card essentially useless -- not even readable even by knowing the correct password! It would be much more secure than that. (Yes, as barjohn say, some draconian stuff by NSA may do the trick, if they are already managing to decode stuff stored in BlackBerry memory)

Take the card out -- essentially useless random gibberish
Put the card in a card reader -- essentially useless random gibberish
Put the card in another BlackBerry -- essentially useless random gibberish
Dump the card byte-by-byte into a computer -- essentially useless random gibberish
Only when it is put back in the original BlackBerry with the original BES -- the card has correct data

Not absolutely necessary to delete data on the card before removal. Deleting would be preferred, but it would not be a security disaster because not even using a password would recover the data. You'd need the actual device and infrastructure for it to work. Removal from a BES could even also render the card useless too. Possessing the card and attempting to read the existing data off it, would be roughly similiar to trying to snoop encrypted airwaves by the military. Data would look like random gibberish of bytes with pretty strong cryptography, which would be essentially secure for all today's pratical purposes (except possibly maybe NSA, or such, as barjohn indicated)

Do not forget that there's a semipermanent SIM-card-style memory card format called RS-MMC and MicroSD. This is sort of a "memory upgrade module" for BlackBerry. This format is the one likely to be used.

09-26-2005, 04:43 PM	#18
Mark Rejhon Retired BBF Moderator Join Date: Aug 2004 Location: Ottawa, Ontario, Canada Model: Bold Carrier: Rogers Posts: 4,870	I think that plain cryptographic methods can be made sufficiently strong enough (using a combination of PIN, the specific BES server, the specific device, among other things) to be "trusted" if the card is removed; it becomes essentially useless. Cryptographic methods exist today, such as certificates, etc, which can make an extremely strong and specific link between a specific memory card and a specific BlackBerry/specific BES. This would be much more secure than a password, because you would also need the actual 'infrastructure' in order for the card to function, making cracking by mimicking impratical. Military grade cryptography could be used (Which I seem to recall is 2048 bit). In this case, removal of the card would render, the card essentially useless -- not even readable even by knowing the correct password! It would be much more secure than that. (Yes, as barjohn say, some draconian stuff by NSA may do the trick, if they are already managing to decode stuff stored in BlackBerry memory) Take the card out -- essentially useless random gibberish Put the card in a card reader -- essentially useless random gibberish Put the card in another BlackBerry -- essentially useless random gibberish Dump the card byte-by-byte into a computer -- essentially useless random gibberish Only when it is put back in the original BlackBerry with the original BES -- the card has correct data Not absolutely necessary to delete data on the card before removal. Deleting would be preferred, but it would not be a security disaster because not even using a password would recover the data. You'd need the actual device and infrastructure for it to work. Removal from a BES could even also render the card useless too. Possessing the card and attempting to read the existing data off it, would be roughly similiar to trying to snoop encrypted airwaves by the military. Data would look like random gibberish of bytes with pretty strong cryptography, which would be essentially secure for all today's pratical purposes (except possibly maybe NSA, or such, as barjohn indicated) Do not forget that there's a semipermanent SIM-card-style memory card format called RS-MMC and MicroSD. This is sort of a "memory upgrade module" for BlackBerry. This format is the one likely to be used. __________________ Thanks, Mark Rejhon Author of XMPP extension XEP-0301: www.xmpp.org/extensions/xep-0301.html - specification www.realjabber.org - open source Last edited by Mark Rejhon; 09-26-2005 at 04:45 PM..
Offline