[Dshield] Thoughts on Blackberry Security?

Chad Giulini chad.giulini at gmail.com
Wed Oct 6 21:34:17 GMT 2004

IIRC Blackberry is using a shared key DES or 3DES encryption.  Keys
are unique per unit and stored on the unit and on the BES server.

You will need to configure the units to lock and require a password. 
The default install had no auto-lockout and no password requirement. 
When passwords are required, the unit will accept 10 attempts and then
reformats itself. This is supposed to be a secure erase with no
recovery of data from the unit possible.  I can't vouch for whether
that is true or not.

I recommend staying on top of your account rep to get the
documentation and access to RIM support to have your questions
answered before implementing.

Hope this helps.


On Wed, 6 Oct 2004 14:04:34 -0700, Fitton, Robert (Bob)
<rfitton at laborready.com> wrote:
> On Wed Oct 6, Wayne Beckham said:
> >SOOOOO, their email, is being sent clear text.
> >Problem #2 - I read that a blackberry has no passwords,
> >local data encryption, etc.
> >a stolen blackberry is a thief's dream.
> I'm new to the blackberry recently issued to me, but it does have a
> password.  It times out and locks after a preset length of idle time
> (max is one hour - I have to keep unlocking the damn thing).  How good
> it is (whether you can get around it easily) I do not know.
> Bob
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list