Although RIM has the lock-down on wireless encryption, Russian software security firm ElcomSoft has cooked up a way to crack into computer-stored, password-protected BlackBerry backup files. The Phone Password Breaker software goes for $79 for the home edition and $199 for professional, and offers customers a way to access BlackBerry backups in an average of three days (assuming a seven-letter mixed-case password). As frightening as that possibility might be for security-conscious enterprises, it’s actually kind of interesting how BlackBerry Desktop Software handles data transfer versus iPhone with iTunes, as explained by ElcomSoft’s CEO, Vladimir Katalov:
“Another significant shortcoming is that it’s BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. The Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we’ve been expecting BlackBerry backup protection to be at least as secure as Apple’s, which turned not to be the case.”
Considering how much worry there has been over the security of BlackBerry data the last couple of months, the fact that there is easily-accessible software that takes advantage of such an obvious back-door is just a little disoncerting. Although it varies from company to company, it’s not uncommon for employees to back up their BlackBerry’s message, contact, and file data daily. If they do so on something portable like a laptop, the risk of a breach is significant, even if the handset is remotely killed.
Of course, there are less malicious applications for ElcomSoft’s software; for example, in a missing persons situation, some locally-stored correspondence could provide a hint at where emergency personnel could look.
[InfoWorld via BlackBerrySync]