The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Search results for BlackBerry

Canadian Police obtained Master Key to Crack BlackBerry Messenger Encryption

Canadian Police obtained Master Key to Crack BlackBerry Messenger Encryption

April 15, 2016Swati Khandelwal
BlackBerry has long been known for its stance on mobile security, as it was the first mobile phone maker to provide end-to-end encryption. But a new report revealed that the company has provided a master backdoor to law enforcement in its secure devices since 2010. The Royal Canadian Mounted Police (RCMP) have been in possession of a global decryption key for BlackBerry phones since 2010, according to a new report from Vice News published yesterday. The report suggests that the Canadian police used the master key to intercept and decrypt over 1 Million messages sent using its own encrypted and allegedly secure BlackBerry Messenger ( BBM ) service in a criminal investigation over the course of 2 years. Single Encryption Key to Protect All Customers The issue with Blackberry's security mechanism is that the company uses a single global encryption key to protect all its regular customers, though the corporate BlackBerry phones use their own encryption keys generated
BlackBerry Enterprise Servers vulnerable to TIFF Image based Exploit

BlackBerry Enterprise Servers vulnerable to TIFF Image based Exploit

February 19, 2013Wang Wei
If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server (BES) users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry smartphones.  The flaw that been rated as high severity and actual vulnerability in BlackBerry Enterprise Servers resulted from how the server processes image files. Scenario to Exploit Vulnerability :  A malicious person writes a special code and then embeds it in a TIFF image file. The person then convinces a Blackberry smart phone user (whose phone is connected to a corporate BES) to view the TIFF file. As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code. " RIM is not aware of any attacks on or specifically target
Protecting Your BlackBerry Smartphone with Security Wipe

Protecting Your BlackBerry Smartphone with Security Wipe

December 05, 2011Mohit Kumar
Protecting Your BlackBerry Smartphone with Security Wipe The BlackBerry device is a wonderful thing. We load our BlackBerries with various softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature. So what if you want to wipe your BlackBerry clean? There are a number of reasons why you might want to wipe out your Blackberry. Perhaps you have switched jobs and need to submit your BlackBerry into your new IT department so they can set it up for their network. You wouldn't want them to have access to your previous employers data would you? Perhaps you have purchased a new model of BlackBerry and would like to gift your previous model to a friend or sell it on ebay. The same rule applies, you do not want them to see what you were using your Blackberry for
BlackBerry allows Indian government to Intercept emails and Chats

BlackBerry allows Indian government to Intercept emails and Chats

July 13, 2013Mohit Kumar
In 2010 the Indian authorities threatened to shut down BlackBerry's infrastructure unless it agreed to comply with lawful access requirements providing the government a way to intercept messages in order to prevent terrorist attacks. The long time dispute between the Indian government and BlackBerry over monitoring, tracking and interception is now resolved. Blackberry is ready to provide the Indian authorities with a way to lawful intercept consumers' messages sent and received on its platform including mails and peripherals, chats and browsing history on BlackBerry devices. But BlackBerry Enterprise Server has been left out of the interception solution which means corporate emails won't be under scrutiny. According to an internal document of the Department of Telecommunications (DoT), nine out of 10 telecom networks offering Blackberry services were in the process of making it possible for authorities to carry out intercepts. Blackberry train 5
How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation

How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation

March 10, 2017Swati Khandelwal
The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to protect them from being spied on. You'll be surprised to know how the police actually decrypted those PGP messages. In April last year, the Dutch Police arrested a 36-year-old man on suspicion of money laundering and involvement in selling customized BlackBerry Phones with the secure PGP-encrypted network to criminals that were involved in organized crimes. At the time, the police also seized a server belonging to Ennetcom, the company owned by Danny Manupassa, which contains data of end-to-end encrypted communications belong to a large number of criminal groups. Later, in Januar
Hacking Facebook Accounts Using Android 'Same Origin Policy' Vulnerability

Hacking Facebook Accounts Using Android 'Same Origin Policy' Vulnerability

December 29, 2014Wang Wei
A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy (SOP). The Android Same Origin Policy (SOP) vulnerability ( CVE-2014-6041 ) was first disclosed right at the beginning of September 2014 by an independent security researcher Rafay Baloch. He found that the AOSP (Android Open Source Platform) browser installed on Android 4.2.1 is vulnerable to Same Origin Policy (SOP) bypass bug that allows one website to steal data from another. Security researchers at Trend micro in collaboration with Facebook have discovered many cases of Facebook users being targeted by cyber attacks that actively attempt to exploit this particular flaw in the web browser because the Metasploit exploit code is publicly available, which made the exploitation of the vulnerability much easier. The Same Origin Policy is one of the guidin
BlackBerry Security Guide by Incident Response Team (BBSIRT)

BlackBerry Security Guide by Incident Response Team (BBSIRT)

October 06, 2011Mohit Kumar
BlackBerry Security Guide by Incident Response Team ( BBSIRT ) On September 30th, we reported that a Russian security company Elcomsoft , has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. In response to this, BlackBerry Security Incident Response Team (BBSIRT) released a small Security guide for Blackberry users: The Elcomsoft tool uses a brute-force attack to guess the smartphone password by attempting to decrypt the contents of a media card that has been removed from the smartphone. For this tool to do what Elcomsoft claims, an IT administrator or the smartphone user must have chosen to encrypt the contents of the media card with the smartphone password only. Furthermore, an attacker must have access to the media card from the smartphone, and the tool would have to successfully guess the password. To then use the password to unlock the smartphone, that attacker would also have to
BlackBerry Enterprise Server vulnerable to malicious image file

BlackBerry Enterprise Server vulnerable to malicious image file

August 14, 2011Mohit Kumar
BlackBerry Enterprise Server vulnerable to malicious image file There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network. The company has issued a patch for the BES flaws and says that they are at the top of the severity scale in terms of exploitability. The vulnerability in both the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent is related to the way that the components handle PNG and TIFF image files. Exploiting the vulnerabilities can be as easy as sending a malicious PNG or TIFF file to a BlackBerry user. In some scena
Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

May 11, 2017Swati Khandelwal
The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit (NHTCU), dedicated team within the Dutch National Police Agency aims to investigate advanced forms of cyber crimes, carried out investigation and found that the phone brand "PGPsafe" was selling customized BlackBerry and Android smartphones with the secure PGP-encrypted network to the "possible criminal end users." PGP (Pretty Good Privacy) is an open source end-to-end encryption standard that can be used to cryptographically sign emails, documents, files, or entire disk partitions in order to protect them from being spied on. Selling custom security-focused encrypted phones does not involve any crime itself, but Dutch police have discovered evidence, which indicates over the years such phones had been sold to organized criminals involved in
BlackBerry Z10 Privilege Escalation Vulnerability

BlackBerry Z10 Privilege Escalation Vulnerability

June 18, 2013Mohit Kumar
BlackBerry Z10 users should be aware that there is a privilege escalation vulnerability. The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled, identified as BSRT-2013-006 (CVE-2013-3692) According to the advisory , an escalation of privilege vulnerability exists in the software 'BlackBerry® Protect™' of  Z10 phones, supposed to help users delete sensitive files on a lost or stolen smartphone , or recover it again if it is lost. " Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the BlackBerry Protect website, intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe. " The company says that version 10.0.9.2743 is not affected and that they have found no evidence of attackers exploiting this vulnerability in
Billions of Smartphone Users affected by Heartbleed Vulnerability

Billions of Smartphone Users affected by Heartbleed Vulnerability

April 13, 2014Swati Khandelwal
Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40
BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots

BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots

August 09, 2011Mohit Kumar
BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots Hacking crew team TriCk – TeaMp0isoN today hack and deface the blog website of BlackBerry against London riots, One of the leading Mobile Company. They post a message also on homepage, as given below . Also There were calls on Tuesday to shut down the BlackBerry Messenger service which is thought to have helped mobilise looters in the riots in London. Mirror of Hack can be seen here . Message posted by TeaMp0isoN on Blog site : This hack is a response to this statement by RIM: "We feel for those impacted by this weekend's riots in London. We have engaged with the authorities to assist in any way we can. As in all markets around the world Where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement and regulatory officials. Similar to other technology providers in the UK we comply with The Regulation of Investigatory Powers Act and co-operate fully with the Home Office an
Malware Campaign Targeting BlackBerry

Malware Campaign Targeting BlackBerry

August 23, 2012Mohit Kumar
Websense ThreatSeeker Network intercepted a malware campaign targeting BlackBerry customers. These fake emails state that the recipient has successfully created a BlackBerry ID. According to Security Labs , those users who are targeted receive an email with the subject line " Your BlackBerry ID has been created ." The email encourages users to follow instructions in the attached file on how to " enjoy the full benefits " of their ID. The malware comes attached to an email that is an exact copy of the email you receive when creating a new BlackBerry ID. It teases you by asking you to download an attachment that allows you to fully appreciate the BlackBerry user experience. Those who open the attached .zip file will drop a handful of executable files that will modify the system registry to start malware programs upon the machine's next startup.
Indian government get access to BlackBerry messages

Indian government get access to BlackBerry messages

April 09, 2012Mohit Kumar
Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM's Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted that
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security

Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security

September 30, 2011Mohit Kumar
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said that before it developed the product, it was believed that there was no way to figure out a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said. " ElcomSoft Phone Password Breaker " does exactly what it says, enabling its users to recover plain-text passwords governing encrypted backups for BlackBerry smartphones and PlayBook tablets. (The password-breaking tool also works on Apple devices running iOS, such as iPhones and iPads.) The new feature is wrapped into Elcomsoft's Phone Password Breaker. It costs £79 ($123) for the home edition and £199 for the fu
Opera Says ~ Google Beats Facebook On Mobile Web !

Opera Says ~ Google Beats Facebook On Mobile Web !

December 23, 2010Mohit Kumar
Opera releases data generated by its users each month. In November 2010, Opera notes that its Mini browser saw significant increases in unique users, pages viewed and data consumed. Some 80 million people used the Opera Mini browser in the month of November, viewing 44.6 billion pages. According to Opera, its server-side compression crunched down 6.3 petabytes of data. Year-over-year, Opera Mini's page-view growth climbed 103.1%. The number of unique users swelled by 28.4%, with the average user viewing 422 web pages per month. The average user consumed 10MB of data, and the average web page was just 2Kb.  Facebook was the king of the mobile internet hill in 2009, according to Opera, maker of the Opera Mini and Mobile browsers for handsets. This year, Google regained the top spot worldwide. Globally, the top 10 web sites as ranked by Opera are 1. Google; 2. Facebook; 3. Vkontakte.ru; 4. Youtube; 5. Odnoklassniki.ru; 6. Yandex.ru; 7. Yahoo; 8. My.opera; 9. Mail.ru;
Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data

Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data

June 04, 2018Swati Khandelwal
After being embroiled into controversies over its data sharing practices , it turns out that Facebook had granted inappropriate access to its users' data to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung. According to a lengthy report published by The New York Times, the social network giant struck data-sharing partnerships with at least 60 device manufacture companies so that they could offer Facebook messaging functions, "Like" buttons, address books, and other features without requiring their users to install a separate app. The agreements were reportedly made over the last 10 years, starting before Facebook apps were widely available on smartphones. Most notably, the publication suggests that the partnerships could be in breach of a 2011 consent decree by the Federal Trade Commission (FTC), which barred Facebook from granting other companies access to data of users' Facebook friends without their explicit consent
NSA: Steve Jobs is the real Big Brother and iPhone buyers are zombies

NSA: Steve Jobs is the real Big Brother and iPhone buyers are zombies

September 10, 2013Mohit Kumar
As we reported yesterday that, your Smartphone is a goldmine for the US National Security Agency (NSA), they have the full access to your Data available on your Smartphones including Android , iPhone and Blackberry. But among other Smartphones,  iPhone apparently is the most popular with the National Security Agency. Another NSA presentation leaked by NSA whistle-blower Edward Snowden and published by German paper Der Spiegel , describing Steve Jobs as the real Big Brother and iPhone buyers as the "zombies" . By cracking mobile operating systems and eavesdropping on mobile communications, the data obtained in this way includes contacts, call lists, SMS traffic, notes and location information. " Such as a iPhone picture of a foreign government official who took selfies while watching TV, and a picture of an unknown man, apparently an Afghani fighter, in the mountains of Afghanistan. And remember the iPhone's location bug? That enabled tracking of people over exten
Hackers Exploit BlackBerry Browser Bug !

Hackers Exploit BlackBerry Browser Bug !

March 17, 2011Mohit Kumar
Research in Motion has found a security flaw and recommended that user disable JavaScript in browsers on certain phones, threatening the BlackBerry maker's iron-clad reputation for security. "The issue could result in remote code execution on affected BlackBerry smartphones," the Waterloo, Ontario-based company said. "Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed." The flaw is in the WebKit browser that RIM includes in version 6 of its BlackBerry OS. RIM said hackers can steal data from users' memory cards on some BlackBerry devices. They can also install malware by exploiting the hole, but the company said that even if attacked, the phone's emails and contacts would be safe. The publicity is particularly bad for the company who stakes its reputation on the security and privacy of its service. RIM, which has been forced to use more third-party software to compete w
NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices

NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices

September 08, 2013Mohit Kumar
National Security Agency (NSA)  has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the  documents provided by former US intelligence contractor Edward Snowden to the  German news agency Der Spiegel report. A 2009 NSA document states that it can " see and read SMS traffic ". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system. The documents also state the NSA has successfully accessed BlackBerry email data, a system previously thought to be very secure. Recently, two Guardian reporters , the Newspaper primarily responsible with leaking NSA documents, discovered a mystery app on their iPhones . It has no title, no identifying image,
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.