|
|
|
09-29-2011, 03:26 PM
|
#21
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Please Login to Remove!
Quote:
Originally Posted by daphne
Anyone who clicked the link and read the page that Juwaack posted would have seen that it works on iOS. So you didn't read the link?
Also I posted that it works on iOS before JSanders posted. Did you not read that either?
The last time I checked iOS was an operating system for Apple mobile devices.
|
I didn't read anything. Got the company name from the title, picked up my blackberry and called them. Then i got answers to my questions, then i bought their product.
Yourself and the other mod seem to be the only people in the whole thread more interested in Apple Inc products. I suggest you call elcomsoft and ask them about the platform you're using.
IOS for me is what runs in Cisco routers.
|
Offline
|
|
09-29-2011, 04:23 PM
|
#22
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
That kind of ignorance ("I didn't read anything --the-economist") can also be called pure stupidity.
Blind fanboism.
Trolling.
|
Offline
|
|
09-29-2011, 04:33 PM
|
#23
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Trolling with a generous dose of BS at that. I wrote "iOS" not "IOS". The troll knows the difference unless he truly is stupid. And do say, he already had the phone number in his device? If not, he read something to get the number.
The statements some of these fanboi tolls use to argue their points are truly ridiculous.
|
Offline
|
|
09-29-2011, 04:34 PM
|
#24
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by JSanders
That kind of ignorance ("I didn't read anything --the-economist") can also be called pure stupidity.
Blind fanboism.
Trolling.
|
I really can't see the reason behind the personal attacks against me from the moment you joined the thread, but yeah, whatever, have fun..
|
Offline
|
|
09-29-2011, 04:49 PM
|
#25
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by daphne
And do say, he already had the phone number in his device? If not, he read something to get the number.
|
Yea, at this point he's just 'lying'.
|
Offline
|
|
09-29-2011, 04:50 PM
|
#26
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by the-economist
I really can't see the reason behind the personal attacks against me from the moment you joined the thread, but yeah, whatever, have fun..
|
I think you were the first to throw out the work 'troll', at me, when I was not the first to mention Apple.
Learn to read.
|
Offline
|
|
09-30-2011, 10:39 AM
|
#27
|
Talking BlackBerry Encyclopedia
Join Date: Mar 2006
Location: DC
Model: 9550
Carrier: Verizon
Posts: 338
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
I'm not getting into calling people names or questioning where the fault lies. This sounds like a real problem.
Suppose someone chooses for their password a short, same case, letters-only password - which is fairly typical if you have to enter it every time you want to use your BB.
Anyone finding (or otherwise acquiring) the device can use this software to get into your blackberry, your personal info, and - by extension, I guess - your connection to whatever is available through your BES.
Again, this sounds like a real problem. First and foremost, everyone should either remove encryption from their media card, or change a password to one that's quite annoying - and strong.
The finger-pointing and name-calling can wait.
-jk
|
Offline
|
|
09-30-2011, 10:49 AM
|
#28
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by jmwking
change a password to one that's quite annoying - and strong.
|
Exactly! Agreed.
And anyone who has used ANY computer in the past decade and not heard that ^^ message is deaf and dumb to begin with.
|
Offline
|
|
10-03-2011, 01:50 PM
|
#29
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by jmwking
Again, this sounds like a real problem. First and foremost, everyone should either remove encryption from their media card, or change a password to one that's quite annoying - and strong.
|
It is a real problem. A mixed case annoying and strong password is near unusable if it needs to be entered every time the device needs unlocking. There is always a tradeoff between security and usability.
I bought the software from the company mentioned in the thread. My letters/numbers 4-digit unlock code was spit out in seconds. The SD card is not even needed, any encrypted single little file from the card does the job.
This needs to be addressed urgently.
|
Offline
|
|
10-03-2011, 04:57 PM
|
#30
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Oddly enough the developer of the app doesn't even say it works in the way you describe. Perhaps you're not trooful with us again?
|
Offline
|
|
10-03-2011, 08:53 PM
|
#31
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by the-economist
It is a real problem. A mixed case annoying and strong password is near unusable if it needs to be entered every time the device needs unlocking. There is always a tradeoff between security and usability.
I bought the software from the company mentioned in the thread. My letters/numbers 4-digit unlock code was spit out in seconds. The SD card is not even needed, any encrypted single little file from the card does the job.
This needs to be addressed urgently.
|
Please clarify your last sentence. First you say the SD card isn't needed, then you say "any encrypted single little file from the card does the job". That doesn't make sense the way it you've stated it.
Also, I hope you know that saying "it needs to be addressed urgently" here has no effect on what happens at RIM. RIM doesn't own this forum or read this forum. You should direct your concerns and suggestions to RIM in that respect.
|
Offline
|
|
10-03-2011, 10:36 PM
|
#32
|
Talking BlackBerry Encyclopedia
Join Date: Mar 2006
Location: DC
Model: 9550
Carrier: Verizon
Posts: 338
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
I don't encrypt my card (there's nothing sensitive on it) and I have no idea whether his test is accurately reported. However, if the OS encrypts files one by one rather than encrypting the entire card, it seems plausible the software would only need a single file to decrypt and deduce the password.
Regardless of who may read this board, RIM does need to address it, and soon. It's a major vulnerability.
If I were responsible for a BES installation and keeping corporate data safe, I'd be quite worried.
-jk
Posted via BlackBerryForums.com Mobile
|
Offline
|
|
10-04-2011, 04:11 PM
|
#33
|
BlackBerry God
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
|
Quote:
Originally Posted by jmwking
I don't encrypt my card (there's nothing sensitive on it) and I have no idea whether his test is accurately reported. However, if the OS encrypts files one by one rather than encrypting the entire card, it seems plausible the software would only need a single file to decrypt and deduce the password.
Regardless of who may read this board, RIM does need to address it, and soon. It's a major vulnerability.
If I were responsible for a BES installation and keeping corporate data safe, I'd be quite worried.
-jk
Posted via BlackBerryForums.com Mobile
|
It is the file(s) that is encrypted and not the card. If you have had encryption disabled and then it is enabled, only files that are written after are encrypted. And when encryption is then disabled, those encrypted files remain encrypted, and files written after encryption is disabled are not encrypted.
From what I read of the software, all you need is a file from the card, which of course means you do need the card to get the file.
What I think I understand is that if you want to be able to move the card to another BlackBerry and read the encrypted files on that other BlackBerry, then there isn't anything else RIM could have done. All other solutions require information on the handset, such as using the device key setting, or a so-called "salt," which would mean the user could only read the the encrypted files on the original BlackBerry.
The real true practical solution to protect the BlackBerry handset password from discovery in this instance is to either not enable encryption using only the device password, or to use a very strong password if you do.
I personally don't see a problem with a strong password for me and the way I use a BlackBerry. If I had a 5 minute time out forced on me it might be a different story. But setting a reasonable time out and manually locking my BlackBerry when I think I need to works for me.
I hesitate to think it's a big deal for RIM because from what I understand I don't know what else they could have done for users who want to encrypt but still want to swap cards between BlackBerrys. It is a big deal for those users, however, but they've created the problem if they are using weak passwords.
Posted via BlackBerryForums.com Mobile
Last edited by aiharkness; 10-04-2011 at 04:14 PM..
|
Offline
|
|
10-05-2011, 04:19 AM
|
#34
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by daphne
Please clarify your last sentence. First you say the SD card isn't needed, then you say "any encrypted single little file from the card does the job". That doesn't make sense the way it you've stated it.
|
Doesn't need the card, needs an encrypted file from the card. Clear now?
|
Offline
|
|
10-05-2011, 10:14 AM
|
#35
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
No, that doesn't make sense. Do you mean it needs an encrypted file on the device or on the media card? If it needs an encrypted file on the media card, then it needs the card also.
See the post above yours:
Quote:
From what I read of the software, all you need is a file from the card, which of course means you do need the card to get the file
|
emphasis mine
|
Offline
|
|
10-05-2011, 03:45 PM
|
#36
|
BlackBerry God
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Minor point, but that probably should have been, "all you need is an encrypted file from the card..."
Posted via BlackBerryForums.com Mobile
|
Offline
|
|
10-06-2011, 12:33 PM
|
#37
|
Talking BlackBerry Encyclopedia
Join Date: Mar 2006
Location: DC
Model: 9550
Carrier: Verizon
Posts: 338
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
It doesn't really matter whether cloak-and-dagger types are hacks a single encrypted file so he can access your phone while your back is turned, or someone just goes after your BB with the card still inserted, hacks it, and gets while the gettin's good. It could be corporate espionage or law enforcement or your soon-to-be ex.
It all comes back to the same point: if someone simply acquires your blackberry - by whatever means - that has an encrypted data card or perhaps even just an encrypted file, then all your data, phone, and any BES access are all vulnerable to exploitation.
The only two safe options are to either not encrypt (and change your password if you leave any encrypted files behind) or use an annoyingly secure password (which lots of folks just won't).
The remarkably fool-proof BB protection of wiping of your phone after 10 failed tries (generally safe even with a short, easy password) no longer applies if you encrypt your data card. Regardless of semantics, this issue is a Big Deal and should get attention.
-jk
|
Offline
|
|
10-06-2011, 12:47 PM
|
#38
|
BlackBerry God
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by jmwking
The only two safe options are to either not encrypt (and change your password if you leave any encrypted files behind) or use an annoyingly secure password (which lots of folks just won't).
The remarkably fool-proof BB protection of wiping of your phone after 10 failed tries (generally safe even with a short, easy password) no longer applies if you encrypt your data card.
|
Just a little clarification...
This is only true if you choose to encrypt your media card using the handheld password as the key.
It is possible to encrypt to the device itself, and not the password.
If the encryption keys are based on the device ID as opposed to the handheld password, then this vulnerability goes away.
|
Offline
|
|
10-07-2011, 09:45 AM
|
#39
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by penguin3107
.
If the encryption keys are based on the device ID as opposed to the handheld password, then this vulnerability goes away.
|
100% agree , no question about it. Problem is when a security feature is exploitable (which is rather common in the software world and nothing close to the drama some posts in the thread made it to be) the solution is vendor acknowledgement and patching of the vulnerability rather than the user running in circles trying to protect themselves from a poorly executed implementation.
You and i and some thousands of forum users may be some technically inclined. That doesn't extend to the whole of the platform's userbase.
The "vulnerability gone away" solution should only come down through the official vendor channels that manage the codebase of said software. In this case that means Research In Motion Ltd.
|
Offline
|
|
10-12-2011, 08:57 AM
|
#40
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
|
|