The robust security of Research in Motion’s (RIM) BlackBerry devices was recently demonstrated in an awkward situation when Therese Rein, the wife of foreign affairs minister Kevin Rudd, accidentally wiped his device.
While Rudd’s BlackBerry was wiped after the password was entered incorrectly too many times on his device, Sydney-based mobile forensic expert and National Surveillance and Intelligence managing director, Navid Sobbi, believes that all is not lost for the couple.
“Normally, with BlackBerries, they are secure devices and they have a couple of layers of encryption on the phone, so when something gets deleted there are options on the phone where you can store the data off-site and you can get the data back,” Sobbi said.
“However, since the device is secure, you will need certain codes to put in to get back certain numbers or deleted items.”
Sobbi warns that depending on how the data was deleted, people whose BlackBerry has been wiped might find themselves in an awkward position of starting from scratch with the device.
“If something has been deleted from a BlackBerry securely, it may no longer the retrievable,” Sobbi said.
“I have equipment here that can extract pretty much anything off a phone except from BlackBerries, because that's how secure they are.”
RIM’s BlackBerry devices have become renowned for their high level of security and encryption, but for that same reason retrieving lost data from RIM’s phones has become increasingly complicated.
“The layers of encryption on a BlackBerry enable it to not allow us to do a physical data dump off the device, as every time we go to extract anything off the phone’s memory, there’s a layer of encryption that will give us is basically binary or hexadecimal codes that we can’t extract because it’s all encrypted,” Sobbi explained.
Fortunately, manufacturers are always reverse engineering the BlackBerry, iPhone and other phone software so that forensic experts such as Sobbi can decrypt it.
However, every time RIM updates their software, the encryption is also updated, and the release of the latest BlackBerry 7 OS has restarted the cycle for looking for new ways to decrypt and retrieve BlackBerry data.
The challenge lies in encryption levels, as BlackBerries use symmetric key encryption that is designed to protect the data that is in transit between BlackBerry devices and to the servers.
“It’s designed to provide strong security, help protect data and make sure data doesn’t get leaked out,” Sobbi said.
“The encryption algorithm they use consists of a couple of layers, the main one being Advanced Encryption Standard (AES) and the second one is Data Encryption Standard (DES).”
Sobbi sees these encryptions as practically the most secure for a phone, and not many phones have that level of encryption unless certain software is installed, such as software by Gold Lock which is very secure and used by the Department of Defence.
The backing-up of data on BlackBerry devices have become contentious issues recently in countries such as France and the United Arab Emirates, where RIM’s device was banned due to the fact that the data was sent overseas.
“The reasoning for UAE’s and France’s ban was due to the sensitive nature of what they do in the government and everything gets sent off-site, there is always the fear factor of whether other government agencies or hackers will be able to access this information, because people do send very sensitive information over the BlackBerry network,” Sobbi said.
Because RIM has their one main server based in Canada, Sobbi believes the best way for them to mitigate the problem would be to put their servers into certain countries that have these lingering issues, such as France.
“UAE has now allowed BlackBerry’s to be used because RIM has given them the guarantee that all the data is secure,” Sobbi said.
In addition to the issues in the UAE and France, RIM has also experienced staff cuts and doubts over the company's strategy and leadership in recent times, resulting in a general slowdown in device shipments.
The Canadian vendor hopes to turn things around with BlackBerry 7 OS, which features an improved BlackBerry Browser and the aforementioned upgraded security.
While Ovum principal analyst, Tony Cripps, sees RIM’s two new BlackBerry Bold devices and three new touch screen Torch models sporting the latest BlackBerry 7 OS as some of most important devices in the vendor’s history, he expects their success will largely depend on whether third parties will write and deploy applications or content to those devices.
“Given that smart devices are increasingly sold to consumers as much on a promise of what those devices can deliver in terms of applications and services as they are on their design, RIM needs to be lobbying big consumer brands hard to embrace and promote BlackBerry 7 OS as much as it can,” Cripps said.
According to Cripps, how successful RIM is in wooing developers to develop for the new platform could prove crucial in deciding the fate of RIM's latest devices, and even its longer term future.
For business that are considering deploying smart phone devices and ensuring the security of their sensitive data, Sobbi sees the new range of BlackBerry 7 phones, and BlackBerries in general, as a good, secure option.
“However, when I advise clients in high positions such as in the government, we also offer them the Gold Lock software,” Sobbi said.
“What it does is store everything off-site, so nothing gets stored on the phone, not even contact lists or SMS messages, and all phone calls are made similar to a VOIP system and the encryption key changes every three seconds.”
Sobbi adds that if the phone gets lost or the data is wiped in the same fashion as it was by Kevin Rudd’s wife, the phone does not get affected as whatever was on the phone is also stored on a cloud server somewhere.