Deleted messages and encrypted emails can be accessed after cracking a BlackBerry PGP device.
Advertisement
But police in the Netherlands allege that they are able to intercept and decrypt emails sent on some PGP BlackBerry phones – a type of BlackBerry that comes with PGP encryption software pre-installed by third-party vendors.
If you have a custom BlackBerry smartphone, and the reason you bought it was its sophisticated security capabilities, the only silver lining coming out of the report is that someone needs to physically have possession of your device in order to hack it.
That being said it’s interesting that the Dutch have confirmed this, while other agencies that Motherboard has reached out to, like the DEA, FBI, and the UK’s National Crime Agency have declined to comment on these findings.
The Netherlands Forensics Institute’s (NFI) disclosure sheds light on the encryption arms race between law enforcement agencies and those seeking to hide their communications using encryption.
A court in East Brabant in early December 2015 sentenced a defendant to five years in prison based in part on evidence obtained from a BlackBerry PGP device, the blog reported. The report highlights that 279 out of 325 encrypted emails were successfully decoded by Dutch authorities.
Think the PGP encryption on your BlackBerry device is pretty good?
The NFI used Cellebrite’s Universal Forensic Extraction Device (UFED) technology, according to Crime News, which identified a specific version of a desktop tool called UFED4PC.
A man uses his Blackberry mobile device to write a text message in Atlanta, Georgia, USA, January 17, 2014.
However, some devices might be unaffected by chip-off if they are paired with BlackBerry Enterprise Server (BES). PGP BlackBerry smartphones hence are deemed more secure and are sold by many online vendors, though in most cases PGP encryption on BlackBerry smartphones are just used for email communications.
Motherboard reported that NFI may have used a method known as “chip-off”, by extracting memory chips from the device and pulling the data off them to attack it off-line, without any limits on how many password guesses are allowed, or how quickly those guesses can be tried.
Advertisement
“The government recognises the importance of strong encryption for internet security to support the protection of the privacy of citizens, for confidential communication of the government and companies, and for the Dutch economy”, stated an official document from the country’s Ministry of Security and Justice.
