We (ElcomSoft) are still working on BB 10 backup decryption – in fact, almost completed. Backups generated by BlackBerry Link are encrypted using the key generated by BlackBerry servers, provided the BlackBerry ID, password, and device ID. The first and third components can be obtained from the backup itself, and if you have the the password, then we are able to get the encryption key and decrypt the backup …
I'm on BlackBerry's legacy OS (BlackBerry 6 to be specific). On BlackBerry 6, backups are saved to my laptop. Though I haven't done any research on how Link works, as a BlackBerry user this concerns me. It doesn't sound good for the BB10 user. It sounds a bit like it could somehow be used to implement a back door by BlackBerry. Is the key really generated by the servers or did you mean by the device? Please elaborate …
I'm on BlackBerry's legacy OS (BlackBerry 6 to be specific). On BlackBerry 6, backups are saved to my laptop. Though I haven't done any research on how Link works, as a BlackBerry user this concerns me. It doesn't sound good for the BB10 user. It sounds a bit like it could somehow be used to implement a back door by BlackBerry. Is the key really generated by the servers or did you mean by the device? Please elaborate …
The key is generated by BB servers, but as I already noted – using the following information
- BlackBerry ID
- password (for BB ID)
- device ID
There are some concerns there, right. First, there is no user-controllable encryption on backups. Second, backup cannot be restored to the other device (neither even viewed). And finally, BlackBerry (I mean the company) can always decrypt your backup (assuming, of course, that they get physical access to it).