|
|
|
09-29-2011, 11:03 AM
|
#1
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Elcomsoft breaks BB password by hacking encrypted media card
Please Login to Remove!
Read this very carefully...
ElcomSoft Recovers BlackBerry Device Passwords
It doesn't say they can hack your BB password directly from the device, but rather if your media card is encrypted using the device password. They are hacking the media card, NOT the device.
Simple answer - either don't encrypt your media card or encrypt it another way, such as device key + device password.
No need to panic. BB has not been hacked.
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
09-29-2011, 11:34 AM
|
#2
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by juwaack68
No need to panic. BB has not been hacked.
|
It hasn't?! Encryption on the card is an OS feature. Obviously flawed is being used as an attack vector to reveal the handset's password and everything it protects. The OS, the handset, the encryption, the filesystem on the card are all made by RIM. So who's been hacked then?
|
Offline
|
|
09-29-2011, 11:38 AM
|
#3
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
The card is being hacked, not the device. Without the card being encrypted in a certain way, the hacking they are doing would not gain access to the device.
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
09-29-2011, 11:47 AM
|
#4
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by juwaack68
The card is being hacked, not the device.
|
The card hasn't been hacked at all. The encryption on the card (a RIM product) has been attacked and that results in the handset being compromised.
Following your logic if i break into your house through a window, your premises' security is not compromised because i didn't structurally compromised the walls by breaking through the bricks of the building.
|
Offline
|
|
09-29-2011, 11:58 AM
|
#5
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by the-economist
The card hasn't been hacked at all. The encryption on the card (a RIM product) has been attacked and that results in the handset being compromised.
|
True, this also means the DEVICE has not been 'hacked'. Without the encryption on the card (and a certain type of encryption), the card could not be attacked/hacked, either.
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
09-29-2011, 12:13 PM
|
#6
|
New Member
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,104
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
My question is which device, OS, etc was hacked? Was it OS 4.x, 5, 6, 7? If it was an earlier OS, has this issue been corrected in more recent OSes?
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
|
Offline
|
|
09-29-2011, 12:20 PM
|
#7
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by juwaack68
True, this also means the DEVICE has not been 'hacked'.
|
If certain criteria is met (extremely common for users to have device password protection enabled on the card) the DEVICE is compromised. Not only that but it extends to all information stored in the handset and in the case of Blackberry Wallet could potentially compromise banking accounts and/or whatever confidential info is protected under BB Wallet.
|
Offline
|
|
09-29-2011, 12:23 PM
|
#8
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
*sigh*
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
09-29-2011, 12:32 PM
|
#9
|
Stuck In The '70's Mod
Join Date: Feb 2006
Location: The 'burbs east of Seattle.
Model: 9810
Carrier: T-Mobile
Posts: 7,600
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Let's go back to the house window analogy. If you used the open bedroom window to break into my house, but I have locked the bedroom door from the outside, you ceratinly have gained access to my bedroom-but no where else in my house.
__________________
1st Step in Troubleshooting: Do you have a BlackBerry Data Plan?
2nd Step in Troubleshooting: Pull the Battery.
|
Offline
|
|
09-29-2011, 12:35 PM
|
#10
|
BlackBerry God
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by ndub33
Let's go back to the house window analogy. If you used the open bedroom window to break into my house, but I have locked the bedroom door from the outside, you ceratinly have gained access to my bedroom-but no where else in my house.
|
Bad analogy.
Recovering the device password off the media card does in fact give you access to the entire device. Once you know what the password is, the device is compromised. (Assuming you have physical possession of said device.)
Make no mistake about it... if this software does what it says it does, it's a security problem and headache that RIM is going to need to face.
The last thing they need is more bad press... so just the fact that this news is "out there", whether confirmed or not, is going to be a big deal for RIM.
|
Offline
|
|
09-29-2011, 12:38 PM
|
#11
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
There's no disputing that getting the password from the media card gives you access to the device.
However, the 'hack' happened on the card, NOT the device. That's the difference. Either way, it's not good, but the device itself was not hacked, per say.
It's as if I locked my house, but left a key under the flower pot on the front door. A 'hack' would mean someone picked the lock to get in. However, because they found the key under the flowerpot the key was not 'hacked'. Still bad they got in the house, but how they got there is different.
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
09-29-2011, 12:45 PM
|
#12
|
New Member
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,104
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
I agree with Penguin, no matter how you look at it, it is bad for RIM and their reputation for security.
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
|
Offline
|
|
09-29-2011, 12:50 PM
|
#13
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.
1) The handset + the OS are RIM products.
2) The filesystem + the encryption are RIM products.
3) The feature that allows the user to protect the card using the device password is a RIM product.
4) Getting the device password via ANY possible attack vector compromises Blackberry security.
From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a RIM flaw, juwaack wants to blame the SD card. That's a dumb magnetic medium. Never promised you or offered any kind of security protection. RIM did both.
Last edited by JSanders; 09-29-2011 at 01:32 PM..
|
Offline
|
|
09-29-2011, 12:59 PM
|
#14
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
The vendor's website says the software works on all versions of the BlackBerry OS and all iOS devices up to 4.x. Price is reportedly $200.
|
Offline
|
|
09-29-2011, 01:32 PM
|
#15
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Yup iPhones too.
And on the BlackBerry, it can only be an alpha password either all lower or uppercase, no password with a numeral or special character or mixed case can be hacked.
|
Offline
|
|
09-29-2011, 01:35 PM
|
#16
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by the-economist
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.
1) The handset + the OS are RIM products.
2) The filesystem + the encryption are RIM products.
3) The feature that allows the user to protect the card using the device password is a RIM product.
4) Getting the device password via ANY possible attack vector compromises Blackberry security.
From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a RIM flaw, juwaack wants to blame the SD card. That's a dumb magnetic medium. Never promised you or offered any kind of security protection. RIM did both.
|
@the-economist, I look at this way:
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.
1) The handset + the OS are Apple products.
2) The filesystem + the encryption are Apple products.
3) The feature that allows the user to protect the card using the device password is an Apple product.
4) Getting the device password via ANY possible attack vector compromises Apple security.
From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a Apple flaw, the-economist wants to ignore this and focus only on RIM. . That's a dumb apple fan boi. Never promised you or offered any kind of security protection. Apple did both.
Works?
By the way, the-economist, Raphael gave me a message to give you.
|
Offline
|
|
09-29-2011, 01:52 PM
|
#17
|
CrackBerry Addict
Join Date: Dec 2008
Location: Airport lounges and starbuxxx
Model: 9900
OS: 7.0.0.296
Carrier: Vodafone Business
Posts: 573
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by JSanders
@the-economist, I look at this way:
We can use analogies to describe security models until we're blue in the face. Things are rather simple though.
1) The handset + the OS are Apple products.
2) The filesystem + the encryption are Apple products.
3) The feature that allows the user to protect the card using the device password is an Apple product.
4) Getting the device password via ANY possible attack vector compromises Apple security.
From the above combined we get that if certain conditions are met (rather common) an attack on files stored on SD compromises blackberry security to device level and exposes all confidential info stored.
It's a flaw, a Apple flaw, the-economist wants to ignore this and focus only on RIM. . That's a dumb apple fan boi. Never promised you or offered any kind of security protection. Apple did both.
Works?
By the way, the-economist, Raphael gave me a message to give you.
|
i'm trying hard to find the word apple or any apple inc products mentioned anywhere in the thread until you started trolling...
|
Offline
|
|
09-29-2011, 01:53 PM
|
#18
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
It wasn't.
But the same software does the same does the same on the iPhone.
Don't tell me you didn't know that. You can't be that daft, can you?
|
Offline
|
|
09-29-2011, 02:29 PM
|
#19
|
EPIC MOD
Join Date: Mar 2006
Location: Virginia Beach
Model: ZED10
OS: DOS 3.1
PIN: INK STICK
Carrier: Tmobile
Posts: 12,214
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
So what have we learned
Use a complex password ie 8lack8eRry2081!!
and well now very difficult to obtain
__________________
ZED 10
|
Offline
|
|
09-29-2011, 02:35 PM
|
#20
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Re: Elcomsoft breaks BB password by hacking encrypted media card
Quote:
Originally Posted by the-economist
i'm trying hard to find the word apple or any apple inc products mentioned anywhere in the thread until you started trolling...
|
Anyone who clicked the link and read the page that Juwaack posted would have seen that it works on iOS. So you didn't read the link?
Also I posted that it works on iOS before JSanders posted. Did you not read that either?
The last time I checked iOS was an operating system for Apple mobile devices.
|
Offline
|
|
|
|