Password Crackers Claim BlackBerry Backup Encryption is Weak

ElcomSoft, a Russian developer of password recovery software, has released a new tool for cracking the password used to encrypt BlackBerry backups, which leverages a weakness in the key-derivation function implementation.

BlackBerry is widely considered the most secure consumer-grade mobile phone due to its advanced data encryption and strict policies that can be enforced remotely.

However, Vladimir Katalov, ElcomSoft's CEO, claims that there is at least one weak spot in the whole BlackBerry security model and that's its backup function.

Like computers, mobile phones require constant backups too. This prevents loosing important information like emails, contacts, calendar entries and so on, if for example, the device gets stolen, lost or seriously damaged.

Phone manufacturers offer special applications, which allows users to back up all or some of the phone data to a computer.

Of course, left unprotected, these copies be susceptible to all kinds of risks. Because of this they are stored in encrypted form.

In most cases the user has to input a password, which will be used to generate the encryption key; the more complex the password, the more secure the key.

Unfortunately, people don't tend to use long, complicated passwords with varying case and special characters, as they are easily forgettable.

As far as BlackBerry is concerned, the backup encryption algorithm uses AES with a 256-bit key, which theoretically is solid enough. However, according to Katalov, there's a problem with the key generation.

"In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one," he explains on the company's blog.

This allows password recovery software like ElcomSoft's Phone Password Breaker, to be used against BlackBerry backups with great success.

Katalov says that even without GPU acceleration, a seven character long password with both uppercase and lowercase letters would be recovered in under three days. But, cracking a single-case password would only take half an hour.