Police in two countries have claimed that they can read encrypted data from BlackBerry devices that are being marketed as having “military-grade security.”
The story originally broke when Dutch website Misdaadnieuws (Crime News) published documents from the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, stating that police were able to access deleted messages and read encrypted emails on so-called BlackBerry PGP devices.
A representative from NFI confirmed that “we are capable of obtaining encrypted data from BlackBerry PGP devices,” according to a report from Motherboard.
On Tuesday, Motherboard further reported on a similar result by the Royal Canadian Mounted Police (RCMP).
The PGP stands for Pretty Good Privacy, a program for encrypting and authenticating data that is often used to encrypt email.
PGP BlackBerry devices, however, are not sold by BlackBerry, but by resellers like GhostPGP, which customizes BlackBerry devices with PGP encryption.
GhostPGP says on its website that it has been offering “military-grade encryption solutions on the BlackBerry device for more than 15 years without a single breach in security,” and a company spokesman told Motherboard that its services are “not affected” and had not been compromised.
Nevertheless, NFI and the RCMP said they have been able to decrypt messages from PGP BlackBerrys, although they won’t say exactly how.
Motherboard reported that NFI may have used a method known as “chip-off,” by extracting memory chips from the device and pulling the data off them to attack it off-line, without any limits on how many password guesses are allowed, or how quickly those guesses can be tried.
Whatever technique the Dutch police used, it required physical access to the device, according to Motherboard.
And it’s not 100% effective – NFI had been able to decrypt only 279 out of 325 encrypted emails in the criminal case described by the Dutch crime news website.
In a statement to the BBC, BlackBerry said it could not comment without knowing any details about the device or “the nature of the communications that are said to have been decrypted.”
BlackBerry and backdoors
These revelations come at a time when some governments are considering laws to require encryption backdoors in order to fight crime and terrorism.
Perhaps ironically, the Netherlands has come out against backdoors, with a new policy that says the government will not seek restrictions on the development or use of encryption within the country.
For BlackBerry, this story raises uncomfortable questions for the company, such as, “Are law enforcement agencies exploiting a zero-day security vulnerability?”
Alternatively, “Is there an intentional backdoor that law enforcement has discovered?”
BlackBerry has faced questions before about whether it was providing backdoors for intelligence and law enforcement agencies, including reports that the UK intelligence agency GCHQ had compromised BlackBerry devices to spy on world leaders at the G20 summit in 2009.
Unlike stalwart backdoor opponents Apple and Google, BlackBerry has taken a more conciliatory tone when talking about government access and encryption.
Last month, BlackBerry CEO John Chen said in a provocative blog post that “our privacy commitment does not extend to criminals,” and indicated that it was a company’s duty, “within legal and ethical boundaries,” to help law enforcement.
Also last month, BlackBerry announced it would be pulling its operations out of Pakistan because the government of that country had ordered BlackBerry to shut down unless it provided access to its BES servers.
However, BlackBerry announced on 31 December 2015 that it had reached an agreement with Pakistan to remain in the country, after Pakistan “accept[ed] BlackBerry’s position.”
BlackBerry says its position on backdoors has always been “no backdoors.”
Although it’s reaffirmed that position many times, the questions about BlackBerry’s backdoor policy haven’t gone away.
Image of cellphone keyboard courtesy of Shutterstock.com.
JR
There are people that still have Blackberrys? That is so 90s.
Paul Ducklin
Star Wars is so 1970s, and that hasn’t got in the way :-)
xlsdx
“our privacy commitment does not extend to criminals”
So that’s a “yes”.
Marcelo
What a misleading article just to bring confusion… if the claim is correct than the article should be “Police can crack ANY PGP email” (Android/iPhone/Windows/BlackBerry). The difference is that from a BlackBerry to another BlackBerry no police can crack the native encryption.
Andrew Ludgate
I don’t think they’re cracking PGP here; it seems more like they’re accessing the phone and bypassing the login decryption, or somehow accessing the private key on the device. Otherwise they wouldn’t require physical access to be able to do this.
PGP is susceptible to public key attacks, but as long as the encryption key is big enough and the algorithm is recent enough, it’s highly unlikely that they’re cracking their way directly into the encryption.
Maybe the devices cache the decryption key in memory that’s accessible via a debug pin?
Paul Ducklin
I changed the headline.
th0th
Not necessarily… perhaps ghostpgp’s implementation of PGP on the bberry is flawed… No idea where you came up with that last statement…
Mike
From the sound of it, the story is that the police found a third party blackberry with extra software on it and security flaws.
Paul Ducklin
Or they got lucky with left-over data in RAM or flash; or with a poorly-chosen passphrase; or with emails that were composed or saved via some other app that kept a recoverable copy.
As stated above, I changed the headline to say that they “read the data,” to avoid implying that “PGP is broken.” As for the article being misleading, I thought I edited it pretty carefully to make it clear that the cops got some (a lot, actually!) of data off at least one lawfully-seized phone that was supposed to be secure.
I don’t consider the article “misleading”, as Marcelo claims, and I disagree that if the claim is true it should be true that *any* email can be cracked. (Even if there were an intrinsic cryptographic flaw in PGP, or in the implementation used in this case, it wouldn’t necessarily allow all ciphertext to be recovered, because the flaw might be exploitable only under specific circumstances, such as the length of the message, or bit pattern in the timestamp, or any of a number of esoteric conditions.)
Lastly, I myself avoid making statements such as “from a BlackBerry to another BlackBerry no police can crack the native encryption.” I think it’s extremely unlikely, but when it comes to crypto, “never say never.” If you could do that, we’d all still be using DES, because 256 is such a HUGE number…heck, it’s close to 100 quadrillion :-)
Jack Wilborn
I guess the simple facts are that if they access to the hardware they can probably break it. How long might be another question… Back doors are ancient (dead) history to me and I’m in my 60’s, now only losers do it. Since they aren’t talking or giving away how they are doing it, I don’t know how much of a useful comment any of us can make. In the USA, you are not a criminal until convicted.
a george
Not a criminal til conviction, but they sure will hold you against your will til said convictions are dismissed.
SirMengler
BlackBerry doesn’t sell devices with PGP encryption. So clearly we are speaking about some third party software which handles storing of the encryption keys and data poorly. The fact that it’s from a BlackBerry is irrelevant since they use flash RAM just like iPhone and Android devices and it obviously didn’t have the storage encryption enabled.
Sounds like these guys are trying to get some credit for doing something that they didn’t.
Paul Ducklin
In the case of the Dutch guys, at least, I read the document to be a legalistic statement to help the court understand the evidence without giving everything away. I think it is unfair to suggest it’s boasting, for all that the cops must have been pretty pleased it worked out for them.
Yooji
Actually they do sell them with PGP. It requires a BES12 server however if it’s an OS10 device. Once the phone is activated on BES, you will see a new menu in the email settings that allows you to set up encryption (S/MIME or PGP)
chiefexecutiveawesome
“Or they got lucky with left-over data in RAM or flash; or with a poorly-chosen passphrase; or with emails that were composed or saved via some other app that kept a recoverable copy.”
Think you nailed it with that statement right there Paul.
Paul Ducklin
I’m sure there are others, but I couldn’t think of them off-hand :-) There’s many a slip twixt the crypto and the lip…
Leslie Hartmier
It would be interesting to find out what Blackberry phone(s) they were decrypting. My Bold, Torch (not used anymore) and my Q10 (my backup phone, if necessary, although since the SIM and MicroSD are encrypted with the same hardware key that the entire phone is, I’d need a replacement SIM, and to wipe the SD card), maybe, since they don’t have a cryptographic key at the hardware level like my Priv, but it seems kinda disingenuous to vaguely just say that they cracked a Blackberry. (Note: not even saying it’s not a Priv they cracked, nor that the Priv is uncrackable, since if it’s an electronic device that can be encrypted, then it’s an electronic device that can be decrypted (maybe it takes six minutes, maybe it take six centuries, but there is no 100% uncrackable digital device) – obviously, I don’t know)
Still, if what they’re not telling us is that it’s a Blackberry Pearl 8100 with BBOS 4.0 from 2006 that they cracked for the delicious emails found inside, I’m suitably unimpressed, and prone to point and laugh. (I doubt it is, but you never know)
Anonymous
I just read the Vice article. The RCMP don’t actually say anything.
Paul Ducklin
In the Vice article, there’s a quote from, and a link to, a document from the Ontario Supreme Court of Justice, in the matter of Her Majesty the Queen versus John Tsekouras.
The court document is here:
https://www.canlii.org/en/on/onsc/doc/2015/2015onsc1470/2015onsc1470.html?resultIndex=1
And it contains this text, reported in part in Motherboard:
“This encryption was previously thought to be undefeatable. The RCMP technological laboratory destroyed this illusion and extracted from this phone 406 e-mails, 25 address book entries and other information all of which had been protected. These materials are collected in Exhibit 8.”
So, perhaps it wasn’t the RCMP that directly told Motherboard, but the end result was the same. Nevertheless, I haved edited the story accordingly.
Anonymous
Of course BB and/or Ghost PGP has the keys so they can decrypt anything they want to. Always use stand alone PGP!
Anonymous
What anonymous said. Who is the real anonymous though. :) I bet american police can do the same thing, but they are not saying anything.
Meso
Nfi is not law enforcement but a forensic research Institute
Anonymous
I hear some law enforcement are trying to sell their own encrypted blackberry on the streets.
Anonymous
The real story:
“The Rat Took the Deal
After being questioned, threatened, and persuaded by the authorities the suspect gave up his device password. Authorities claim to have “cracked/hacked” the PGP algorithm.”
PGP is still very much secure, its the people that use it that arent.
Myntex
The reason the messages were able to be de-crypted was due to extremely negligent PGP hosting policies. They were storing all the private encryption keys on their servers along with a record of all the messages. These are two EXTREMELY bad things to do when hosting PGP Encryption.
This wasn’t a case of anything being hacked, this would be equivalent to saying your PC got hacked when you left a Post-It note on your monitor with your password on it.
Reputable PGP Service providers do not store their users messages, or more importantly their private keys on their servers.
This was a case of neglect, not a case of anyone being hacked.
MisterMeister
do you know if ghostpgp have this problem fixed?