On September 30th, we reported that a Russian security company Elcomsoft, has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. In response to this, BlackBerry Security Incident Response Team (BBSIRT) released a small Security guide for Blackberry users:
The Elcomsoft tool uses a brute-force attack to guess the smartphone password by attempting to decrypt the contents of a media card that has been removed from the smartphone. For this tool to do what Elcomsoft claims, an IT administrator or the smartphone user must have chosen to encrypt the contents of the media card with the smartphone password only. Furthermore, an attacker must have access to the media card from the smartphone, and the tool would have to successfully guess the password. To then use the password to unlock the smartphone, that attacker would also have to have access to the smartphone.
For stronger protection, users can choose to encrypt the contents of an optional media card, choose the option to encrypt using a device key or the combination of a device key and the device password. Refer to "Enforcing encryption of internal and external file systems" on BlackBerry devices for more information.
To increase the difficulty of guessing passwords, RIM recommends that users always use strong passwords. A strong password has the following characteristics: includes punctuation marks, numbers, capital and lowercase letters does not include the user name, account name, or any word or phrase that would be easily guessed.
The security of mobile devices and major networked systems is tested by third party security researchers every day. RIM also continually tests the security of its own products, and volunteers its products to recognized industry experts for security testing and certification to help identify possible security vulnerabilities and protect BlackBerry customers against potential security threats.
For information on BlackBerry security Visit : www.blackberry.com/security
The Elcomsoft tool uses a brute-force attack to guess the smartphone password by attempting to decrypt the contents of a media card that has been removed from the smartphone. For this tool to do what Elcomsoft claims, an IT administrator or the smartphone user must have chosen to encrypt the contents of the media card with the smartphone password only. Furthermore, an attacker must have access to the media card from the smartphone, and the tool would have to successfully guess the password. To then use the password to unlock the smartphone, that attacker would also have to have access to the smartphone.
For stronger protection, users can choose to encrypt the contents of an optional media card, choose the option to encrypt using a device key or the combination of a device key and the device password. Refer to "Enforcing encryption of internal and external file systems" on BlackBerry devices for more information.
To increase the difficulty of guessing passwords, RIM recommends that users always use strong passwords. A strong password has the following characteristics: includes punctuation marks, numbers, capital and lowercase letters does not include the user name, account name, or any word or phrase that would be easily guessed.
The security of mobile devices and major networked systems is tested by third party security researchers every day. RIM also continually tests the security of its own products, and volunteers its products to recognized industry experts for security testing and certification to help identify possible security vulnerabilities and protect BlackBerry customers against potential security threats.
For information on BlackBerry security Visit : www.blackberry.com/security