Elcomsoft, the well-known Russian company that makes a range of password-cracking utilities claims that it has found a weakness in the implementation of the 256-bit AES encryption used by the BlackBerry Desktop Software. The encryption is used to protect data backups of tethered BlackBerry smartphones; this discovery leaves data from the BlackBerry vulnerable to exploitation.

Elcomsoft's Vladimir Katalov explained in a blog posting how RIM (NASDAQ: RIMM), strangely, used only one iteration of a standard key-derivation function. In comparison, Apple (NASDAQ: AAPL) used 10,000 iterations in iOS 4.x. Leveraging the mistake, a brute force attack against an archive protected by a 7-character password with moderate complexity could be completed in about half an hour with the top-of-the-line Intel Core i7 processor. The flaw is found in both the PC and Mac version of the program.

While it's hardly the end of the world--hackers first have to get their hands on the encrypted files--this is a blow to the otherwise stellar reputation of RIM's flagship email platform, where security is concerned. As usual, Elcomsoft have implemented the cracking into its Elcomsoft Phone Password Breaker, which company says is able to break into the backup files of the iPad, iPhone and iPod Touch too.

For more on this story:
- check out this article at Network World
- check out this article at Elcomsoft Blog

Related Articles:
Expanded surveillance proposal raises security red flags
Indian government: Local servers from RIM, Google and Skype please
Report: RIM to let Saudi Arabia monitor BlackBerry data
RIM faces pressure to open up BlackBerry smartphones