Dutch Police confirms that they can obtain encrypted messages sent from secured BlackBerry PGP mobile phones.
BlackBerry devices are long-known in the smartphone industry for the high security features it offers to customers. Many organization and government agencies use BlackBerry phones as one of the most secured ways of telecommunications.
However, BlackBerry will have to develop more security features in its phones as the Netherlands Forensic Institute (NFI) has released a report that confirms even encrypted data from BlackBerry phones can be cracked and can be used by organized criminal groups.
"We are capable of obtaining encrypted data from BlackBerry PGP devices," said Tuscha Essed, a press officer from the NFI.
The NFI assists law enforcement agencies in Netherlands for retrieving forensic evidence and the agency deals with a major chunk of the overall forensic investigations related to criminal cases in the country.
In December 2015, a Dutch blog going by the name Misdaadnieuws, or Crime News, has released NFI documents that revealed encrypted emails and deleted messages can be recovered from BlackBerry PGP phones. This process requires the use of software that is made by Cellebrite, a private company headquartered in Israel.
The Crime News report (translated) suggests that very little is known about the cracking process adopted by NFI. The report highlights that 279 out of 325 encrypted emails were successfully decoded by Dutch authorities. Moreover, encrypted messages can only be deciphered when a device is physically present.
Essed confirms to Motherboard that they will not release detailed information about the process of cracking BlackBerry PGP phones as the information may assist criminal groups to research the method and use it inappropriately.
BlackBerry devices with PGP-encryption are easily available online and are mainly advertised as phones used for secured communications rather than regular phones with fancy features.
SecureMobile.ME, a BlackBerry PGP device vendor, pointed out at one of its blog last August 2014, which gave some details of obtaining data from mobile phones. One of the methods, referred to as the chip-off method, requires the removal of the memory chip from the phone's circuit board and then dumping the data it contains.
The blog also unveiled that SecureMobile products were unaffected by chip-off because they have been paired with BlackBerry Enterprise Server (BES).
"We wrote about this years ago. This affects ALL mobile devices including Android offerings! Weak passwords will ALWAYS be the weak link," said Jay Phillips of Motherboard.
Phillips added that Cellebrite may have found an alternate method to extract encrypted data from BlackBerry PGP phones, which is not known to others. While Phillips said that one of the best ways of protecting a device is to have a complex password; however, Crime News suggests that password length is not important for the decryption method they have used.
Many BlackBerry PGP phone vendors have also confirmed to Motherboard that their devices are secured and cannot be compromised.
The latest report from NFI has ignited a spark that will definitely witness a lot of debate in the PGP-encryption space in the near term.
Photo: Kārlis Dambrāns | Flickr