BlackBerry smartphones have been praised for their security, but a new password-cracking tool released by the Russian security firm ElcomSoft may throw a wrench in their reputation.
"ElcomSoft Phone Password Breaker" does exactly what it says, enabling its users to recover
plain-text passwords governing encrypted backups for BlackBerry smartphones and PlayBook tablets. (The password-breaking tool also works on Apple devices running iOS, such as iPhones and iPads.)
The Password Breaker, ElcomSoft explains on its website, facilitates the retrieval of device backups, which contain "address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache."
Until now, ElcomSoft said, there was no way to crack a BlackBerry password, and the smartphones put up a defense by wiping all their data if a password is typed incorrectly 10 times in a row. But using the tool, essentially anything and everything you do on your BlackBerry or iPhone can be accessed.
"With the ability to recover the device password, ElcomSoft does what's been long considered 'impossible,'" the company wrote.
"ElcomSoft Phone Password Breaker is able to recover such passwords and their variations quickly and efficiently no matter which language they are in," the company added. "ElcomSoft Phone Password Breaker supports a variety of permutations of dictionary words, trying hundreds of variants for each dictionary word to ensure the best possible chance to recover the password."
Computerworld reported that Password Breaker uses a BlackBerry's removable media card to complete its task, and only works if the BlackBerry owner has enabled the feature to encrypt the data stored on the card. The encryption feature is disabled by default, but, according to Computerworld, 30 percent of BlackBerry users have it enabled for "extra security."
Like other forensic software packages, ElcomSoft's Password Breaker, which costs $199, is designed to make it easier for law enforcement to access data stored on phones. But anyone, not just enforcement agencies, can purchase Password Breaker.