BlackBerry Bridge App and BlackBerry PlayBook Tablet – Security Technical Overview

Attacks that the BlackBerry Bridge pairing process is designed to preventThe BlackBerry Bridge pairing process is designed to help protect the connection between the BlackBerry PlayBook tablet and BlackBerry smartphone from the following types of attacks:
• Brute-force attack
• Online dictionary attack
• Eavesdropping
• Impersonating a smartphone
• Man-in-the-middle attack
• Small subgroup attack

Brute-force attack
A brute-force attack occurs when a potentially malicious user tries all possible keys and guesses what the encryption key is. The BlackBerry Bridge pairing key is 256 bits long, which makes a brute-force attack computationally infeasible.

Online dictionary attack
An online dictionary attack occurs when a potentially malicious user uses feedback to determine the correct password. For example, during the key agreement protocol, the potentially malicious user might try to guess the shared secret between the BlackBerry PlayBook tablet and BlackBerry smartphone. The ECDH protocol permits the potentially malicious user to only guess the shared secret one time. If the guess is incorrect, the BlackBerry PlayBook tablet user must restart the pairing process, which creates a new shared secret before the potentially malicious user guesses again.

An eavesdropping event occurs when a potentially malicious user monitors the communication that occurs between a BlackBerry PlayBook tablet and BlackBerry smartphone. The goal of the potentially malicious user is to determine the BlackBerry Bridge pairing key on the tablet and smartphone and then use the key to decrypt the data that the tablet and smartphone send between each other. Because the BlackBerry Bridge app uses the ECDH algorithm to generate the BlackBerry BridgBlackBerry Bridgee pairing key, a potentially malicious user must solve the ECDH problem to compute the key. Solving this problem is equivalent to solving the DH problem, which is considered computationally infeasible… Read More In Here