This part of the presentation accentuates data backup on smartphones, and provides an overview of popular password management applications for BlackBerry.
On Apple iOS, to be able to create a backup you need your phone to be unlocked. This can be done either by entering your passcode on the phone, or if your phone is already paired with a computer on which you are trying to create a backup. Also, there is optional encryption of the backup, and on the iOS platform we believe it is done in a proper way, because encryption is enforced by the device. So, once you configure your device to produce encrypted backups, it will always encrypt a backup before sending it to the computer.
To disable this encryption, you will need to specify the original backup password which you had entered. This backup password is only requested when you try to restore from the backup, not when you create a backup. This actually creates a usability problem for many users. For example, when half a year ago iOS 5 was released it was initially released in a version where you couldn’t update the operating system, you needed to do device restore. So, essentially, everything is wiped out from the device, and then iTunes restores your last backup on the initially installed iOS 5. This created problems because many users turned out to have had backup encryption switched on at some point in the past, but since they are not asked for the password they just don’t remember it. And there were lots of people saying something like: “iTunes has a bug, it switched on encryption on its own, I never specified the password,” and so on. And when you ask these people some questions, it turns out that the password was 1234, or their cat’s name, or their neighbor’s name. We have difficult time explaining to them why iTunes knows their cat’s name.
On the BlackBerry platform, backup encryption is pretty much the same, in that you still need the device password for BlackBerry to be able to create a backup. It is not possible to pair a BlackBerry with a PC, so you will need to enter it every time you create a backup. There is also optional encryption of the backup, but it’s done in a somewhat strange way – it is not enforced by the device, it’s performed by the desktop application. So, if you have a BlackBerry device and you know the password, the backup encryption will not be a problem for you because you can just bypass it, instruct the desktop application not to encrypt anything. But still, if you only have the encrypted backup then you need to recover the password, and this can be quite difficult because there is really slow transformation involved.If you don’t have the backup but you have the device, there are some scenarios where you may be able to obtain the required files from the device itself. On iOS platform this is possible through three different ways.
First of all, you can use the AFC protocol via which iTunes talks to the device when it syncs applications, that kind of thing. There are programs that can access the application sandboxes on the phone and transfer files between the phone and your PC, so you can pair your phone with the computer to transfer certain application folders.
Well, of course we still believe jailbreaking is a bad thing because it reduces security, so if you have a jailbroken phone and there is an SSH server running, you can access pretty much every file on the device remotely. It’s also possible to obtain files this way.
It’s also possible to get the required files through mobile forensics way of doing things, which is called physical imaging. When you obtain a bit-to-bit image of the iPhone disks, again, you can decrypt that and get the required files.
On BlackBerry it’s more difficult because, again, there are solutions to perform physical imaging of BlackBerries, but they all require device password. So, on BlackBerry platform it’s up to device password: whether you know it or not. On Apple iOS there are different scenarios.
In the first example on the image, the grey area is the plaintext data which we want to encrypt, and numbers 7, for example, in the first line are the bytes, each byte having the value of 7, and we have 7 of them – this is how it works. There is one special case when our plaintext already fits evenly in the block size – in this case we just add an additional block consisting of padding only.
What this allows us to do is quickly reject wrong keys. So, when we’re trying different keys and performing decryption, we can actually decrypt only the last block and check if the padding is correct. In the worst case scenario, if there is only one byte of padding, this will give us the survival rate of keys of 1 key in 256, which is actually very good. This padding essentially provides some sort of known plaintext attack, limited but still…And a great thing is it allows gaining better password recovery rates. This trick is used for many different applications in our research.BlackBerry Wallet is our second application to be reviewed. There are two versions. Version 1.0 was used with OS 5; it was not included with the operating system, but it was a free download from the App World, I guess. This one is pretty straightforward. It stores the double hash of the password; password verification is very fast: 6 Million on CPU and about 300 Million on GPU. This is actually very fast, and I’m not sure why “Research In Motion” did this. Again, there is no randomness, no salt involved, so if you really want to do this fast you can always build Rainbow Tables for this particular type, and recover passwords in minutes and seconds. Version 1.2 was a little different, it’s definitely better than Version 1.0, but still it’s not good enough, in our opinion. It took the approach similar to that of the Password Keeper, so it is using the PBKDF2 with a random number of iterations – between 50 and 100. I’m not sure why it’s still using that amount of iterations, but still it’s much better than 3. The estimated recovery speed is 200,000 on CPU and about 3 Million on GPU. By today’s standard, this is very-very fast. Just to give you an idea, password cracking for Microsoft Office 2007 documents is like 1000-5000 passwords per second, so it’s nowhere near millions. And here we have devices with a small keyboard, where you cannot really type a complex passphrase, and the recovery speed of millions of passwords per second. This is basically it about BlackBerry password managers.