Claims by the Netherlands Forensic Institute (NFI) that it has successfully decrypted emails stored on BlackBerry smartphones have caused bafflement at the Canadian firm.
Documents seen by Dutch blog Crime News show the NFI claiming to have decrypted 275 out of 325 emails encrypted with PGP from a handset in their possession. The NFI reportedly used software from Israeli firm Cellebrite to crack the encryption.
"We are confident that BlackBerry provides the world's most secure communications platform to government, military and enterprise customers," a spokesperson for BlackBerry told The Register.
"However, we can't comment on this claim as we don't have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have any details on the nature of the communications that are claimed to have been decrypted."
Cellebrite sells forensic devices to law enforcement organizations around the world, but the firm makes no mention of particular expertise at cracking BlackBerry handsets. But the trick may be in the reference to PGP.
There are a number of third-party vendors offering BlackBerry phones that have had PGP added to save users the sometimes tedious routine of installing it themselves. It well may be that the handset in question was crackable not because of a BlackBerry flaw but an incorrect implementation of PGP itself.
It's highly unlikely that the Dutch investigators have had any help from BlackBerry in cracking messages. The firm has stood firm against encryption backdoors, even pulling out of markets like Pakistan in the face of government instruction to violate its users' privacy.
As for the NFI, there's no word from them on their technique as yet, and the team isn't likely to be handing over its secrets any time soon. ®