Dutch police claim they can crack PGP-encrypted BlackBerrys

Print Version
Share to a friend

For years, security has been BlackBerry née RIM’s bread and butter. It was the company’s major selling

point in the early smartphone era, when businesses flocked to BlackBerry, and it’s been a major selling

point for both BB10 and the new Android-based Priv. A new report casts doubt on just how secure many

BlackBerry devices actually are, with potentially significant consequences for the company.

Motherboard has published a report on the Netherlands Forensic Institute, in which that organization

claims to have the ability to break PGP-encrypted BlackBerry devices. The NFI handles forensic investigation

into criminal cases, and as such, would be responsible for assisting police cases and discovering what

data might be held on a device.

News of the organization’s abilities first broke in last December, when documents surfaced that

alleged the NFI worked with a private company, Cellebrite, to develop the software in question.

PGP-encrypted BlackBerry devices are sold by a number of vendors, usually with claims that using

PGP offers an additional safeguard against threats.


PGP (Pretty Good Privacy) is a data encryption method that can be used to cryptographically sign emails,

documents, or entire disk partitions. The diagram below shows how PGP functions:

Most of the BlackBerry vendors that offer a PGP-encrypted device appear to guarantee at least 256-bit AES

encryption. So how is Cellebrite breaking into devices? Some clues to the company’s methods were disclosed

in a forensic presentation in June 2014.

If a BlackBerry device isn’t paired to a BlackBerry Enterprise Server (BES),

it may be possible to attack it using chip-off (literally removing chips from the device for

forensic analysis) or through a JTAG debugging connection on older devices.

Devices that are attached to a “friendly” BES server can also be hacked by using the BES to reset

the device’s credentials remotely.


If a device is attached to an unfriendly BES, it’s essentially impossible to crack. From the looks of

the report, however, the Dutch police are still performing a chip-off attack against devices and using a

Cellebrite UFED Physical Analyzer to read the memory chips themselves.

As to whether this is a serious problem for BlackBerry, I’m inclined to think it isn’t.

One of the rules of security is that a sufficiently determined attacker with physical access to the

underlying hardware can almost always punch through any security scheme, given sufficient time and

resources. Most encryption methods focus on making the amount of time required to crack a device

extremely high, but they don’t offer total protection — and removing the memory chips from a product

and plugging them into a separate programming device is about as hardcore as it gets.

This news does indicate, however, that a BlackBerry Enterprise Server offers significant protections that

just using PGP does not — provided the server is “unfriendly” and non-cooperative with legal requests to

unlock the device.


Source: http://www.extremetech.com/mobile/221057-dutch-police-claim-they-can-crack-pgp-encrypted-blackberry