Keeping your BlackBerry Smartphone safe from illegal search and seizure ... and parents

Keeping your BlackBerry Smartphone secure.
By Joseph Holder on 12 Nov 2011 09:06 am EST

In the United States, as I'm sure it is in many parts of the world, we take our right to privacy very seriously. Our Fourth Amendment to our Constitution protects us from unreasonable search and seizure, and we defend that right so vehemently that the simple act of moving a computer mouse to wake a computer from a screen saver mode has been ruled an illegal search.

Strangely though, your mobile device may not have those same protections. In California, a court ruling in January gave officers the go-ahead to search your Smartphone without a warrant. The court based its ruling on existing law and case precedents, but those never considered the possibility of a private citizen carrying a mobile computer with direct connections to the most private parts of their lives on it.

Realizing that the laws in the state needed a bit of an update, the California legislature stepped in to pass a bill, SB 914, to require a duly authorized search warrant be issued before a person's mobile device could be searched. It passed in the state's Assembly and Senate chambers by a 70-0 and 32-4 margin, respectively. However, in mid-October, Governor Jerry Brown vetoed the bill stating that he felt the courts and not the legislature were "better suited to resolve the complex and case-specific issues..."

But even if you did manage to remove from your BlackBerry all details of that Panda smuggling operation you masterminded last summer, government officials aren't the only ones who could be snooping around your Smartphone. Friends, family, co-workers, girlfriends, boyfriends and even parents sometimes get a little nosy. So, inspired by this article, here's how to keep your BlackBerry Smartphone secure.

Put a Password on it

Put a password on it. 

A simple and highly effective way of securing your Smartphone is to simply set it to require a password to unlock. Now true, some will find that entering a password everytime they want to use their phone to be a bit annoying, but that's always the case with security. You'll have to figure out for yourself where the balance between security and ease-of-use lies.

What I really like about using the BlackBerry's native password protection is that several of the phone's functions are still accessible while the phone is locked. While locked, you can still receive calls and make emergency calls. If you tick the correct box, you can make outgoing calls as well.

To set a password for your device, choose Options from the Home screen, then security, and finally password. Or you can just type (or say) password into your BlackBerry's Universal Search, then click or tap "Options" to find the one for device passwords.

How to find where to set the device password. 

Encrypt your SD Card and Device Memory

Do I really need to protect this recipe for a caramel swirl cheesecake? 

For many people, encrypting the data on your Smartphone and microSD card just isn't necessary. After all, the only things stored on my BlackBerry are my emails, a few MP3's, a cheesecake recipe, and other similar items. Additionally, constantly having to encrypt and decrypt information will slow your BlackBerry down. Still, it's not up to me to decide whether you need encryption, so here's how to do it.

Finding the encryption settings is pretty easy. 

From the Home screen, choose Options, then select Security and finally Encryption. There you'll find the options you need to secure the data stored on your device. It's recommended that you use a key (password) that's at least 12 characters long.

Encrypting the contents of the removable SD card is a similar but slightly different story. In a somewhat recent event, Elcomsoft showed that they could retrieve a BlackBerry password from an encrypted SD card. To that, we should add some qualifiers. First off, no software encryption is immune to a brute force attack. Simply try enough combinations of numbers, symbols, and letters, and eventually you'll get the password right. That same attack would fail on the BlackBerry Smartphone itself because you only get 10 chances to get the password correct. After that, the device performs a security wipe, destroying the data stored there.

Secondly, Elcomsoft's method would only be able to get your device's password right if you chose to encrypt your memory card with that same password. Setting the encryption mode to use a Device Key or even Device Password & Device Key effectively eliminates the possibility of someone obtaining your phone's password from an encrypted file.

BlackBerry Protect

BlackBerry Protect is a great addition to your Smartphone. 

Even if you're not worried about some criminal mastermind stealing your phone and using its contents to take over the world, you should install BlackBerry Protect.  We've written about this highly useful program before, so I won't go into great detail. Simply put, BlackBerry Protect is great at helping you find your phone.

I have an annoying habit of leaving my Smartphone in random places about the house. Instead of searching high and low for it, I just log in to the BlackBerry Protect website and click Loud Ring. In moments, my phone is blasting out a most annoying sound that helps me to find it rather quickly.

In that unlikely event that you've totally lost your phone, BlackBerry protect also helps you to back up your data, find and map your Smartphone's GPS location, and wipe the phone's data should it prove to be irretrievable.

Download BlackBerry Protect from BlackBerry App World

Security is at the heart of the BlackBerry experience; Research in Motion is after all the only Smartphone and tablet manufacturer to have received FIPS 140-2 validation for its cryptographic kernel. How you choose to use those features is completely up to you. Now that you have the know-how, how will you secure your BlackBerry?

Reader comments

Keeping your BlackBerry Smartphone safe from illegal search and seizure ... and parents


I've had my device password protected for about the last year. I figured my phone is pretty much like my computer and that's password protected, so why not my BlackBerry? I'm more than happy to enter my password after I left my BlackBerry at the bar on night after a few too many.

Awesome article! Very helpful. I do however, would like to add that if you're like me you may sometimes mess up your password repeatedly until you're almost out of chances! So, to avoid this I downloaded the berryslider from app world. It's like the iPhone's slider lock and just as effective. It's keeps me from exceeding my attempts and locks my phone with just a 4 digit passcode. I'm sure others have stated this. But overall this article is very helpful and reiterating a few facts never hurts! :)

Once you hit your limit of password entries it just tells you to enter "blackberry" to continue and lets you keep trying to enter a password. Essentially you have an unlimited amount of password tries.

Last time I checked encryption kills BlackBerry Protect, so that's a no-go for me. Right now, it's device encryption, unencrypted sdcard and "Find My Phone" from ShaoSoft for when I leave my phone in some random place around the house. With 8GB of internal memory on the 9900 there's plenty of room for things I wanna key safe and sdcard for "idc" things

A well written article.

I too use a slider password (activates in mins) and then activate a password that has a longer time delay. Blackberry Protect in case I need to find/get data/wipe. I did not think to encrypt my SD card though - I just have music/pictures on it. I can definitely see where people use it for business would need that additional protection.

Nothing really to hide here, but better to be safe than sorry.

Smite me o mighty smiter!

Because the meaning of data encryption is to not show your data to other party... Protect backups data to other party...

If it is leagel for a Cop to snoop your blackberry, then it would probebly get you arrested by refusing to give him the password. What there needs to be is an app that gives you one button datawipe as you hand him the phone. Or maybe an option for a second password that whipes instead of unlocks.

on my pc I use truecrypt with hidden drive

so this is even better ;)

In UK you can get arrested for not give your password to the authority.

Thankfully in the country I live it's not, yet.

Also in countries like China a password or even a hidden drive is not helping you (know what I mean?)

I personally dislike the idea so much to let some filthy cop look into my computer or let them install some filthy trojan horse... or put some false evidence in it (hey, we all saw such movies ;) )

That's one reason for me not to travel to US (finger prints, credit card information, bank transactions, BIC/Swift, etc. whats comming with the EU/USA "agreement"; US privacy data protection laws etc. is only for US citizen, snooty )

I protect my BB with a low medium password (only 8-10 characters) as I don't see this as the biggest risk, so only after 30 minutes it pop up.

webbrowsing and bad apps are a lot more risky as all smartphones are not really so secure but do have even more risks as a pc (or mac (if somebody thinks that's "secure" - it's not ;) )

btw did somebody using the standard passwordkeeper on the BB?

There's a feature with BlackBerry Enterprise Server called Duress Notification. It's useful for anyone who is concerned with law enforcement (including foreign) or espionage. If enabled, you move the first character of your password to the end and it sends a secret message to a specific email address (doesn't show data arrows and it doesn't show in sent items.)
For big companies or government departments, this would go to their security staff who could decide whether to start a remote wipe (and also hopefully send help to you.)

Wiping a device instead of just unlocking it in front of law enforcement can get you into more trouble.

I have recently for the first time started using a password on my phone. It hastaken a little getting use to, but with a screen lock (SpeedLock) and a timed (30 min) password protection lock out AND Blackberry Protect AND WheresMyPhone (one of the best!)........I certainly feel as though I'm prepared for any worse case scenario!

Not to turn this into a political discussion or anything, but the Canadian Government is pulling the same kind of crap with a new Bill in the house to allow police real time access to Canadian's internet traffic without a warrant from a judge. Its insane, but with a majority government and little public resistance the Bill will probably pass.

The biggest irony is we friek out about RIM working with the Indian government's request to provide real time access to information, but when our own government does it at home it's perfectly ok.

There is nothing on my phone that I'm worried about the "cops" seeing.
However, I would like the police to have instant access to evidence before it disappears.
I'll gladly let authorities look at my phone if it means they have the right to search the phones of real criminals in a timely manner.

Before you bash the current Canadian government too much, remember they are the one's who are getting rid of the gun registry. The registry, imho, is far more intrusive on the average law abiding citizen then the right for police to search a phone during an investigation.

hopefully you never get >>evidence<< loaded from this nice guy.

It's a posibility, probably not extreme high but in a real free democratic state there shouldn't allow such things.

Well, if an investigation is trying to prove that you were texting prior to an accident etc...a search warrant of phone records will probably be all that's needed. No amount of wiping data from phone will clear that level of detail.

But I do like the idea of menu->"clear history" clean all recent history (texts, emails) from phone so that at first glance, it all looks like you were not using the phone recently. Pre-emptive strike!

Smite me o mighty smiter!

Especially from parents lol. No need to wipe here but the convenient key lock + a supper long pass word full of numbers, Caps and symbols is all I need to protect my "Sensitive data" from parental supervision :P

One little warning for password protection. If you use the exact same password for over your 2 year of 3 year contract of the phone, depend on how often you enter the password, the keyboard buttons may stop working properly due to excessive use of the exact same letters over and over.

For example, if I use mss-ca over and over and over entering each time I need to unlock the phone, at the end of the 3 years long Canadian contracts, I may end up with malfunctioning M,S,-,C,A etc. This happen to me on my Bold 9700 and I had to fix it before sell it.

If you going to use a password, it is better to change it every six months to include letters that I didn't use before. I DON'T KNOW how common this issue is, but it happens to me so... watch out.

I've always used an pass on my phone, one people never guess but it rubs agenst my bag(I don't have a phone sock on it all the time!)

i really have not used the password lock much at all due to the fact that my Blackberry is rarely outside the vicinity of pocket to hand to pocket again.

Typical garbage from the Socialist State of California, it is right of the legislature to make law not the courts. Gov. Brown obviously skipped civics class. I would not allow it without a court order, let them arrest me, I'd fight it until it got into the federal courts, but if it was in the 9th district, I'd have to hope for it to be heard in the Supreme Court. Good idea to password protect your Blackberry, then let them figure it out.

Awesome writeup. I always have my blackberries passworded, with strongest encryption and my media card encrypted. It also keeps my phone from calling out accidentally (minus the emergency call, but this can be taken care of by the soft lock).

I haven't used BlackBerry Protect yet. I'll have to change my encryption settings.

No the law hasn't kept pace with the tech. Figures a major Lib like Brown would veto the bill. Why is that Liberals keep thinking about trampling rights, I thought that was a function of the right. It should be common sense, but we all know that its also gubermint so common sense doesn't apply. Another good reason to avoid Calif.

Are Warrantless Cell Phone Searches Legal?
By Stephanie Rabiner on June 2, 2011 6:53 AM | No TrackBacks
Though state and federal courts are divided on the issue, it seems as though warrantless cell phone searches are spreading across the country at an alarming rate.

How is this even legal?

According to courts in California, Florida and Georgia, warrantless cell phone searches are justified under the "search incident to a lawful arrest" exception to the 4th Amendment's warrant requirement.

Because the Supreme Court has not ruled on the issue of warrantless cell phone searches, there is still a lot of confusion amongst courts and civil rights advocates.

For instance, the Ohio Supreme Court has nixed warrantless cell phone searches, but CNN reports that the California Supreme Court has approved them.

The general consensus amongst courts that have approved the searches is that they are permitted as a search incident to a lawful arrest.

This area of law basically says that upon a lawful arrest, police may search a suspect's person, clothing and the area within his immediate reach in order to ensure safety and prevent the destruction of evidence.

The Supreme Court has also permitted the search of containers found in the suspect's immediate reach.

Courts that have permitted warrantless cell phone searches to preserve evidence, since police can seize a suspect's property when booked, and have even equated cell phones to "containers."

Until the Supreme Court takes a definitive stand on the issue, the future of warrantless cell phone searches will remain uncertain. However, if you are worried about your own cell phone privacy, "lock" your cell phone--you can't be compelled to unlock it without a court order.

"In the United States, as I'm sure it is in many parts of the world, we take our right to privacy very seriously."

Seriously, have you read about the Patriot Act? The US has one of thw worst privacy records in the world!

I'm a nosey parent and require the password or my daughter isn't allowed to have a blackberry or laptop. I even have her facebook and email passwords. She's only 12 and I feel that it's to protect her against internet predators. I check in on things to make sure she's not talking to strangers and they aren't talking to her. I think it's a necessary evil that parent's now a days should do.
That's my opinion and I stick to it.

hm... so your daughter has no lock on her phone. Imagine that she will leave her phone somewhere for couple of minutes. And some evil guy will grab her phone, install some app for tracking to the phone and let it... One day your daughter will be found somewhere just because you? Kids are exchanging lot of sensitive data and keeping them unsecure is not proper way of security. Teach them how to use security things to protect them. BTW Blackberry was never designed as a "daughter" phone...

@borisporosin She said she has access to her daughter's passwords, she didn't say her daughter's phone was not secured. You really need to pay attention to what you read before you pass judgement because now you only look like a fool.

Agreed. I was the same way with my daughter. In a weird sort of way, I think my paranoia taught my daughter caution and helped her to better protect herself.

Of course it takes California to try to make the job even harder for law enforcement. Yay, go criminals!

*shakes head*

You guys are all discussing ways to legally "protect" you from those evil cops from searching your cell phones "upon" arrest...

Um, well, don't know about you guys, but I don't plan to get arrested anytime soon so... I guess I'll leave your advice for people who might "need" it...

evil cops, lost or stole phone, bad colleagues, .. there are several people who are interested into your data... I personally do not care about the cops, I care about the data...

As Juggalo20 wrote, BlackBerry Protect will not work if you enable device encryption.

However, disabling encryption to allow you to use Protect (as rcheung135 suggests) is not improving your security. A better solution is to use the SmrtGuard app, which has pretty much all the same functionality, and works even with encrypted devices. If you don't need the backup option, you can use the free version and still have remote locate & wipe.

My security solution:

BB passcode
Device encryption (except contacts - so that I can see callers' names when locked)
No SD encryption (just my photos, nothing sensitive like e-mails)
SmrtGuard (non-paid)

I use my BB through my corporate Enterprise server - they force us to use a password, also forced to change password every 30 days.