RIM wants to make sure their customers are protected

Oct 7, 2011 10:03 GMT  ·  By

The password cracking tool advertised by Elcomsoft was analyzed by the BlackBerry Security Incident Response Team (BBSIRT ) which wrote a statement regarding the application that allegedly is able to break almost any BlackBerry device password.

We've recently seen the piece of software designed by Elcomsoft for safeword recovery, which could be easily used by ill-intended people to break the protection of Apple and BlackBerry machines.

In reply to our article, BBSIRT provided us with further details on the matter, also advising their customers on how to better protect their devices.

Their response highlights the large number of unlikely to occur situations in which a smartphone could actually be hacked by a criminal mind using the recovery utility.

“The tool uses a brute-force attack to guess the smartphone password by attempting to decrypt the contents of a media card that has been removed from the smartphone. For this tool to do what Elcomsoft claims, an IT administrator or the smartphone user must have chosen to encrypt the contents of the media card with the smartphone password only.

“Furthermore, an attacker must have access to the media card from the smartphone, and the tool would have to successfully guess the password. To then use the password to unlock the smartphone, that attacker would also have to have access to the smartphone,” reads the statement issued by BBSIRT.

To put the minds of BlackBerry enthusiasts to rest, they assure that the security of their systems is taken very seriously, most machines being tested thoroughly by third party security researchers to make sure no vulnerabilities remain unidentified.

RIM advises customers to take the following measures to protect their assets: - enable device data encryption; - media cards should be encrypted by using device key or a combination of a device key and the device password; - use strong passwords; - enable the built-in device firewall.

More information on BlackBerry security is available here