Quote:
Originally Posted by Jim Galbally
now can anyone tell me what someone would have to do to a password protected, non-encrypted blackberry in order to get the data off of it? yes thats right, take the thing apart, pry off the memory chips, slap em on chip readers, decode the bumpft and then read the data off.
hardly something the average joe who found the phone on the train is going to be doing.
in my opinion password protection is SUFFICIENT and content protection is overkill.
as for encrypting addressbook entries, why on earth would people turn this on if it is not a regulatory requirement? it was only included for certain MOD/DOD requirements in the US
|
First, Sometime ago, I worked at a well-known but now gone mobile phone manufacturer. Here, we had special attachment toolkits, which looked like a set of needles. With such a toolkit you can attach directly to the flash chips on embedded devices. You do not have to separate the chip from the board through this. So no sophisticated technology here and quite common in mobile phone industry ...
Second, Blackberry will use standard flash chips by the common vendors (Samsung, Intel, Hynix, ...). Access protocols are well known here - so the last obstacle might be indeed the file system. Just an ASCII dump might give you valuable information ...
Third, It might be worth encrypting the adress book as there are industries where contacts are worth hard cash (potential customers, competitors, ...).
But your mileage may vary - security is always strongly connected to risk analysis and should never be considered as an end in itself. So, if your data is not that important, the problems or restrictions introduced with content protection might have more impact than the actual gain in security ...
Just my 2ct ...