BlackBerry smartphones have secure messaging as a matter of course, but for some that isn’t enough: there are custom models that are even more secure thanks to PGP-encrypted mail. However, it seems that these locked down models aren’t quite as safe as you’d think. The Netherlands Forensic Institute has confirmed a recent report that it’s capable of scooping up encrypted data from PGP-equipped BlackBerry devices. It’s not discussing the exact techniques involved, but it’s relying on a tool from CelleBrite to get the job done. One possibility is that investigators are guessing the password based on a memory dump, although that normally requires yanking a memory chip off the phone’s motherboard.
If it’s any consolation, police need physical access to crack these BlackBerrys. Their methods also aren’t completely reliable (a small batch couldn’t be cracked), and it’s uncertain that this will work with every single PGP implementation. GhostPGP, for instance, claims that it’s unaffected. All the same, this isn’t very comforting if you bought a customized BlackBerry with the promise of airtight security. And there’s no certainty that only Dutch cops have access — it’s entirely possible that other law enforcement and surveillance agencies know these tricks.