CANADIAN PHONE MAKER BlackBerry has dismissed claims that Dutch police managed to 'crack' the encryption of emails and data stored on its devices.
In a statement, the firm said: "If such an information recovery did happen, access to this information from a BlackBerry device could be due to factors unrelated to how the BlackBerry device was designed, such as user consent, an insecure third-party application, or deficient security behaviour or the user," the firm said in a statement.
BlackBerry added that it remains focused on privacy and security, and affirmed that there are no backdoors in any of its devices.
"BlackBerry does not store and, therefore, cannot share BlackBerry device passwords with law enforcement or anyone else. In other words, provided that users follow recommended practices, BlackBerry devices remain as secure and private as they have always been," it said.
However, the firm noted that it doesn't know the exact model of phone that was reportedly cracked by Dutch investigators.
"BlackBerry does not have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have details on the nature of the communications that are claimed to have been decrypted."
BlackBerry's retort comes after the Dutch police enabling Netherlands Forensic Institute (NFI) claimed that it has cracked PGP on BlackBerry devices earlier this week.
BlackBerry has a lump on sale called the Priv that boasts unrivalled privacy capabilities, but the crack team of crackers at the NFI said that it ain't a very tough nut to crack, according to a report on Motherboard.
The NFI confirmed its ease of access in an emailed statement, explaining: "We are capable of obtaining encrypted data from BlackBerry PGP devices."
The NFI reportedly pulled apart the communications on a BlackBerry device with some security modifications.
Motherboard tracks this back to documents leaked from the NFI after something happened last year. Those documents reportedly show that the NFI managed to pull 325 emails from one device, and decrypt 279 of them. So it's not an exact science. Unfortunately, the police-linked NFI has not released much detail on the methods used to crack the BlackBerry code.
We called the NFI and a press person confirmed the capability but declined to comment on the methods used or the specific device.
Greg Aligiannis, senior director of Canadian security company Echoworx, is unimpressed by this whole mess and suggested that it reflects badly on the Dutch authorities.
"This news completely contradicts the Dutch government's stance against backdoors, and is likely to concern the public - not to mention BlackBerry customers - who have been led to believe that their privacy is a fundamental right within a democratic society," he said in defence of privacy and secure systems.
"Just because it's law enforcement decrypting personal communications shouldn't make people feel at ease with the situation. Ultimately, an entrance is an entrance for everyone, including cyber criminals." µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted