Cellebrite Can Extract Deleted BBM Messages from Unencrypted BlackBerrys

 BlackBerry in GOvernment

Quite a few readers sent me this new update from Cellebrite wondering what my take was. Cellebrite has been offering forensics tools for BlackBerry and many other platforms for years. The only thing they are guilty of is never mentioning the huge caveats in their headlining claims. For example, they have now extended their image decoding of a BlackBerrys NAND memory to include BBM group chats and deleted messages. They also go on to say how organized criminals have been using “encrypted BBM communications” to “hide” activities from the police. When you first read this it may sound like a HUGE security breach on BlackBerrys until you read the fine print and FAQs.

Fine Print Caveat #1:

According to Cellebrite’s public FAQ they only support extracting ANY data from a BlackBerry which has NO PASSWORD and thus no encryption. If there is a password set then you need to provide it.

Fine Print Caveat #2

They falsely state that BBM messages are encrypted. As we have clarified in the past BBM messages are not encrypted (more info in this post) but are scrambled using a public key that is on every single BlackBerry. If a criminal really wanted to they could get attached to a BES that does offer full BBM encryption but will not let you BBM anyone outside your BES.

In other words this Cellebrite tool is only useful for forensics purposes on a BlackBerry without a set password (or where you have access to the password) and no encryption enabled. In other words Cellebrite is mostly just going to give forensic specialists access to data they already have access to without Cellebrite. The new claim to giving access to deleted BBM messages seems interesting but I will have to check into that. If I am not mistaken that deletion is completed at the next reboot but I have to confirm.

1 comment on this postSubmit your comment!
  1. Hello.
    I wanted to suggest some corrections and clarifications –

    The related version (although not precisely emphasized in the press release) was not yet made available. As the FAQ relates to the latest official release it is not updated to the new capabilities which will become available soon.

    As for encryption of data saved on the device – if the user enables the content protection option ALL of the user content on the device – BBM included – will be from that moment on encrypted (encryption is dependent on the user passcode among other things).
    This does not implicate on the settings used for the communication protocol.

    Regarding encryption vs. scrambling – this is a philosophical matter that has many comments in your previous post regarding BBM (http://www.berryreview.com/2010/08/06/faq-what-communication-is-encrypted-on-your-blackberry/).

    Finally, it is important to understand that content on a BlackBerry can be encrypted even if the device is currently unlocked (and even if passcode lock was removed just for the purpose of performing a physical extraction).

    Gilad Sahar

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2022’ BerryReview LLC