Dutch police hack into ‘uncrackable’ Blackberry

This new revelation has become a cause of worry for many Blackberry users who until now have been using their device for forwarding many secret messages and emails with the belief that their full communication is secured and encrypted.

The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices.

The NFI, a body that provides forensic evidence to Dutch police, was not willing to explain how it decrypted messages from the devices, although it seemed that it needed physical access to handsets.

Law enforcement agencies including the UK’s National Crime Agency as well as the Federal Bureau of Investigation and the Drug Enforcement Administration did not confirm to Motherboard whether they could decrypt Blackberrys, as “confirming or denying this capability provides information on tactics, techniques and procedures that we can’t discuss”. It was the company’s major selling point in the early smartphone era, when businesses flocked to BlackBerry, and it’s been a major selling point for both BB10 and the new Android-based Priv. This process requires the use of software that is made by Cellebrite, a private company headquartered in Israel. The report highlights that 279 out of 325 encrypted emails were successfully decoded by Dutch authorities. That’s a pretty high success rate, especially considering that BlackBerry devices are thought by many people to be about as bulletproof as smartphones get. These devices are used only for receiving and sending emails and messages.

SecureMobile.ME, a BlackBerry PGP device vendor, pointed out at one of its blog last August 2014, which gave some details of obtaining data from mobile phones.

If a BlackBerry device isn’t paired to a BlackBerry Enterprise Server (BES), it may be possible to attack it using chip-off (literally removing chips from the device for forensic analysis) or through a JTAG debugging connection on older devices.

“We wrote about this years ago”.

While Phillips said that one of the best ways of protecting a device is to have a complex password; however, Crime News suggests that password length is not important for the decryption method they have used.

“The government recognises the importance of strong encryption for internet security to support the protection of the privacy of citizens, for confidential communication of the government and companies, and for the Dutch economy”, stated an official document from the country’s Ministry of Security and Justice.

The latest report from NFI has ignited a spark that will definitely witness a lot of debate in the PGP-encryption space in the near term.