You might recall that a few days ago, we passed along a report stating that the Netherlands Forensic Institute had decrypted emails taken from a BlackBerry device
. In a response posted today on its blog, BlackBerry responded by saying that its phones are "as secure as they have always been." The company says that it does not have information about the device employed, how it was configured and other factors pertaining to the claim.
The source of the story, Motherboard
, cited Crime News
as saying that a BlackBerry 9720
was employed. The phone used PGP encryption and was purchased from one of a number of vendors who sell so-called PGP enhanced BlackBerry handsets. These phones typically include custom-built, security focused software which includes encrypted email.
BlackBerry said that the ability of the NFI to crack the encryption might have nothing to do with the way the BlackBerry handset was designed. The manufacturer said that an unsecure third party app, or the "deficient security behavior of the user" could have been responsible. The NFI is an organization that works with law enforcement.
BlackBerry added in its response that it does not have a back door on its devices, and its phones do not store device passwords. As a result, it does not share such passwords with law enforcement agencies or anyone else. There is speculation that software from Cellebrite was used to decrypt the email, or that a memory chip was removed from the device and the data subsequently dumped.
You can read the entire response from BlackBerry, below.
"There have been recent media reports that police-affiliated groups in the Netherlands have been able to 'crack' the encryption protecting e-mails and other data that are stored on BlackBerry devices.
BlackBerry does not have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have details on the nature of the communications that are claimed to have been decrypted.
If such an information recovery did happen, access to this information from a BlackBerry device could be due to factors unrelated to how the BlackBerry device was designed, such as user consent, an insecure third party application, or deficient security behavior or the user.
Furthermore, there are no backdoors in any BlackBerry devices, and BlackBerry does not store and therefore cannot share BlackBerry device passwords with law enforcement or anyone else. In other words, provided that users follow recommended practices, BlackBerry devices remain as secure and private as they have always been."-BlackBerry