Information Technology Reference
In-Depth Information
device, the BlackBerry Dispatcher decrypts the message using the device trans-
port key and then decompresses the message. The BlackBerry uses AES or Triple
DES as the symmetric key cryptographic algorithm for encrypting data. By de-
fault, the BES uses the strongest algorithm that both the BES and BlackBerry
devices support for the BlackBerry transport layer encryption. More information
on data protection can be found at
http://btsc.webapps.blackberry.com/btsc/view-
ment.do;jsessionid=E8567E865DBC9668D3F8740BEB9D65E6?externalId=KB13160&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
.
•
Protection of data and encryption keys on the device
: If the content protection
option is turned on, BlackBerry devices can be configured to encrypt data stored
on the device. By default, a locked BlackBerry device was created to use
AES-256 encryption to encrypt stored data and an ECC public key to encrypt data
that is sent to the locked BlackBerry device (
http://docs.blackberry.com/en/ad-
ing_user_data_on_a_locked_BB_device_834471_11.jsp
)
. Also, BlackBerry is de-
signed to protect the encryption keys that are stored on the device. The device en-
crypts the encryption keys when the device is locked.
•
Better control over the device
: You can use an IT policy to control a BlackBerry
device. The IT policy usually consists of multiple policy rules that manage the se-
curity and behavior of the BES. For example, using the IT policy rules, the fol-
lowing security features on a BlackBerry device can be controlled:
◦ Encryption of data transmitted between the BlackBerry server and the
device
◦ Connections that use Bluetooth wireless technology
◦ Protection of user data stored on the BlackBerry device
◦ Control of protected device resources, such as the camera or GPS, that
are available to third-party applications
In addition to all this, the BES administrator can also reset user passwords for the
BlackBerry device and initialize a remote wipe, which must be considered during
forensic investigations.
BlackBerry security is a huge hurdle for forensic examiners. While a BES administrator
can be used to reset a device password, which may allow an examiner to access the
device, they can also remotely wipe the device. Thus, following steps similar to those for
Android and iOS, the examiner must place the device in airplane mode and disable all re-
mote connections to the device. A BlackBerry wipe initiated via the BES can exist for an
extended period of time. This means that even if the battery is removed from the device
and the BlackBerry boots, the wipe could immediately be sent to a connected BlackBerry.
