Katalov goes on to explain that backups are good because, well, they are backups. But he also says they are evil because they create a new instance of information that might be private or sensitive. Then he explains the hole in the BlackBerry backup scheme:
Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises.
In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it's BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. The Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we've been expecting BlackBerry backup protection to be at least as secure as Apple's, which turned not to be the case.
What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast -- even without GPU acceleration, we can go over millions of passwords per second.
That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.
Bottom line: If you really need to recover your BlackBerry backup and can't remember your password, there's still hope. At the same time, if you let the backup file out of your control and into the hands of an attacker, you're in deep trouble.
This article, "You can no longer rely on encryption to protect a BlackBerry," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.