BlackBerry Storm
So what do you do when you can’t eavesdrop on your citizens personal and private communications? Just ban the service or device allowing this atrocious thing called privacy of course.
It is now official, the Saudi Communications and Information Technology Commission has informed local cell service providers in Saudi Arabia that all BlackBerry device service must be terminated within the next few days. Apparently the Saudi government does not like the fact that it cannot intercept and decrypt emails and other messages sent using the BlackBerry messenger and email service.
Earlier this week, the UAE also cancelled all RIM BlackBerry service on their local cell providers networks for the exact same reason. The UAE had attempted to get users to install spyware on their BlackBerry’s which would have sent unencrypted emails for storage and review at a central location. Maybe they should have just waterboarded some of these BlackBerry users. Waterboarding is a popular pastime in these modern times when people don’t say or do what you want them to.
So what sort of encryption options does RIM provide on their BlackBerry devices?
I myself own a BlackBerry and am really only familiar with their local data and memory encryption options. Local storage encryption options can be set so that the following are all encrypted and unreadable without the correct passphrase:
- Messages
- Address book
- Calendar
- Memos
- Tasks
The secondary storage device on the phone, a microSD card can also be fully encrypted.
So if you’re storing documents, music, photos and various other media it will be unreadable to anyone who happens to pop the card out of the phone and try to read it on their computer.
Just try and get your photos that have been encrypted off of your BlackBerry. All photos taken while you’d had the local content protection/encryption active will not decrypt upon terminating the encryption. What a pain but at least I know that it’s just me and whoever I want seeing them.
There’s a password keeper application where you can store passwords, PIN numbers and other various data that is also encrypted. I still don’t like the idea of anything but my brain holding my passphrases and PIN numbers though, so I don’t use it.
So, in a nutshell, you can fully encrypt the local data on the BlackBerry device. After numerous failed logins (this can also be a custom amount) the device will initiate a wiping application which will perform a single pass wipe that writes over all of your personal data. Rendering it unrecoverable. Pretty handy. These features are probably enough to get you beat in some secret prison somewhere until you give up the password.
I have mine set to a very low amount of failed login attempts before it initiates a wipe and I have found that they have implemented an anti “drunk and put the wrong password in too many times wiping my device” feature. I first noticed this after trying probably 20-30 times to enter my password when I realized I had been on my last attempt since attempt number two. I noticed that it now said to type out the word “blackberry” before it allowed me to try one last time. Great feature in my opinion.
According to information on RIM’s homepage about wireless data security, data from applications such as BlackBerry messenger is encrypted from a BlackBerry Internet Server to your BlackBerry device. You can read more about it on RIM’s Wireless Data Security section.
I’d love to hear reader opinions on this decision by the Saudi government.
I’ve dabbled in cell phone forensics myself and I’ve not found a way to actually acquire any useful data from an encrypted BlackBerry without the correct password.
This is opposed to the iPhone, which you can fairly easily pull an entire and full image of the phones hard drive, password protected or not.
No related posts.
I have never been able to get a bunch of my pictures off of my black berry. I change the extension to jpg but they dont’ show up…
I have to wonder how many other countries will do this… it is pretty sad
Hey Bugs, it is very sad indeed. As for the pictures on the BlackBerry, I don’t waste my time with them anymore but you can email them to yourself. Otherwise I have not found a way to get them off.
This is kind of mind blowing when you think about a country banning a device just because it allows people to get passed the eavesdropping. I’m sure something like this has happened in the USA but I can’t think of an equivalent.
Now what about the iphone?
I would DIE without my blackberry. I’m an addict.
I hate to ever defend Apple but I don’t think the iPhone insecurity is still true with iOS 4. They’ve come a long way and are ready to take on Blackberry for the enterprise market.
You could be right with iOS 4 rabbit. I’ve not had a chance to exam an iPhone with iOS 4 yet. However, with the older version, apparently the disk is encrypted (don’t quote me on this shit, I have a deep hatred for Apple that is both unexplainable and irrational and a lot of Apple related material is constantly pushed into the unallocated sectors of my brain), but the OS decrypts the data for you when you initiate a DD copy from the phone to a PC. The process I go through is first jailbreaking the phone, installing openSSH on the iPhone to start. Then connect that iPhone to a secured wireless network where you’ve a PC which will receive the image. I normally just use an XP machine with Cygwin and openSSH installed. You SSH into the phone and then initiate a DD copy of the physical disk. You can do this with the iPod touches as well.
It’s not completely forensically sound as some data will be over-written when you prepare the phone (unless the owner already prepared it) but you can get a full image of off it. Then there are all sorts of nasty artifacts left on it. Just to give you an idea… that nifty and smooth sliding feature that the iPhone performs entails snapping a screenshot of the current screen. So les say ol’ Susan is cheating on her husband but constantly deleting all SMS. Well, it’s more than likely there’s an actual screenshot of her texting that exists on the phone.
Another great artifact are the voicemails which are stored locally on the phone that can be extracted. I can’t remember the filetype off the top of my head but it’s a common low quality audio format, with a constant header. So you can perform a keyword search or header search through the iPhone image to find all the partial/deleted and active voicemails.
Some people think that being able to pull off deleted voicemails is fun and exciting sounding but when you’ve over 300 to listen to, and you do have to listen to every single one of them, and they’re all girl gossip about clothes and boyfriends and husbands and kids HOLY FUCK SHUT UP DON’T YOU BITCHES TALK ABOUT ANYTHING ELSE
“HOLY FUCK SHUT UP DON’T YOU BITCHES TALK ABOUT ANYTHING ELSE”
Lawl
I can imagine it now, “Hey Peggysuueeeebear, just wanted to let you know that the shirt I borrowed from you was a REAL HIT at the get-together. I talked with Bobby and he said he wants me back and will do anything. I have him under my finger, girlfriend. Anywaaaaayyyys, call me back later peggybear, I have to go get my nails done. Byyyyyeee”
Max, will you be posting anything about the iphone itself sometime? I’m interested now.
Perhaps, Alex. I don’t own an iPhone though and I’d want to to have screenshots and pictures and all that fancy jazz.
If someone else would like to submit content though, that’d be great. Maybe I could give out shirts as a reward
As far as i know, the ban is not imposed to the device itself. but the service offered by RIM. I guess internet access in saudi is centralized via greatwall just like in china. using black berry however, all internet traffic will be tunneled to RIM headquarter (canada?) therefor blackberry user can by pass internet restriction from the goverment. Of course maybe there is some concerns for eavesdropping.
Hey Zakki, yeah I believe the main concern was over blackberry messaging service itself in the end. It sounds like maybe they worked out a deal the last I read about it. The Saudi government wanted RIM to grant them access to the data so that they could perform their stately duties and protect the cattle by monitoring for “terrorist activity”.
The UAE and Kuwait also jumped on the bandwagon I remember reading. I’m sure the pheds in America are all over this as well, or maybe they’ve always had some sort of access. You’d hope not since many small businesses rely on the services for communication and don’t host any blackberry enterprise server themselves. In this day and age though, I think you should just assume someone is listening and take the precautions if you feel the need.
Sorry to be the bearer of bad news to iPhone fans but breaking iPhone encryption is still ridiculously easy…
http://www.sit.fraunhofer.de/en/forschungsbereiche/projekte/Lost_iPhone.jsp
- MEK