ElcomSoft Co. Ltd. updates Elcomsoft Phone Password Breaker with the ability to recover BlackBerry device passwords protecting BlackBerry smartphones. The recovery is possible if the user-selectable “Security Password” security option is enabled to encrypt media card data. By analyzing information stored on encrypted media cards, Elcomsoft Phone Password Breaker can try millions password combinations per second, recovering a fairly long 7-character password in a matter of hours. With the ability to recover the device password, ElcomSoft does what’s been long considered impossible, once again making Elcomsoft Phone Password Breaker the world’s first.
Elcomsoft Phone Password Breaker offers forensic access to information stored in Apple iPhone/iPad/iPod Touch devices and BlackBerry smartphones and tablets. By unlocking BlackBerry devices protected with an unknown device password, ElcomSoft helps investigators to gain full access to information stored in a significant number of otherwise inaccessible BlackBerry smartphones.
BlackBerry Security Model
Information stored in BlackBerry devices is securely protected with an individual security password (device password). This password is requested every time the device it being turned on, or every time after a certain timeout if Security Timeout option is selected. If a password in typed incorrectly ten times in a row, all information on the BlackBerry smartphone is wiped clear, leaving no chance of subsequent recovery. This is a security feature, and one of the hallmarks of BlackBerry security model. Until today, it was commonly believed there is no way around the security password.
ElcomSoft has proven this belief wrong. If a user-selectable option to encrypt the contents of a removable media card is selected, Elcomsoft Phone Password Breaker can analyze information stored on the media card and derive the original device password without the need to use the BlackBerry device itself.
BlackBerry smartphones have an option to encrypt the contents of a removable media card, making any information stored on it only accessible to an authorized user. The encryption is disabled by default, but many users opt for enabling the extra security layer. To the contrary of this feature’s intent, those opting for extra security may be actually opening a way for investigators to overcome BlackBerry’s hallmark security feature, the device password.
When a BlackBerry user opts for the “Security Password” option to encrypt the contents of their memory card, it opens an interesting avenue for an attack. Since with this security option the media card is encrypted using the device password, it becomes possible to recover the original device password with a simple dictionary or brute-force attack.
While this method only works if the removable media card is encrypted with user selectable “Security Password” option, it’s much better than nothing. ElcomSoft estimates that about 30 per cent of all BlackBerry smartphone users opt to protect their media cards with this option, making their devices open to this attack.
Unlike with Apple iPhone, a BlackBerry device is not required to perform the recovery. A single file from the removable media card is all that’s needed. The password recovery rate is in the order of millions passwords per second, meaning that a fairly long 7-character password can be unlocked in less than an hour if the password consists of characters in a single case (all capital or all lower-case) characters.
Knowing the original plain-text device password, investigators can access all information stored in the original BlackBerry device, or produce a backup file for comprehensive off-line analysis.