Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

We can read encrypted emails on BlackBerry devices, Dutch team says

Despite an encrypted email service called PGP available on BlackBerry smartphones, forensic investigators in the Netherlands said they can read encrypted messages sent on the devices, according to Motherboard.

The Netherlands Forensic Institute (NFI), which assists law enforcement with the retrieval of forensic evidence, said that using software from Cellebrite it has recovered deleted messages and read encrypted emails on these custom devices.

On its site, BlackBerry stated it uses RSA 4096 bits with AES 256, a standard encryption protocol, on its PGP platform, but the NFI did not make available the particular technique it used to access the encrypted messages.

However, it's been reported that one possible workaround – though only with access to the device – involves removing a memory chip from the unit's circuit board, dumping its data and, armed with a hash of the user's password, brute forcing it, a so-called chip-off.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds