It is our intention in sharing this information that Blackberry and others will make changes to implement better security practices. These issues have been secured so there is no risk in exposing this data. Blackberry users, the Internet, and world as a whole deserves to have their data secure and taken care of by the companies we put trust in.
BlackBerry has always had a strong name for being secure. It disappoints us that in our research we found the use of incredibly insecure passwords.
These passwords are used to secure personal, corporate, government, military, and defense data.
The passwords Blackberry used:
These passwords were in use to secure the encryption keys in BlackBerry's Flagship BES12 iOS mobile application, this is concerning, as they might be used elsewhere, and furthermore they were listed in plain text.
Feb 9th, 2016 - we alerted BlackBerry of the issue.
And promptly 30 days later they have fix in place.
Sadly the weak passwords existed From Feb 24th, 2015 - March 9th, 2016.
379 days and were only fixed after we brought it to their attention.
BlackBerry has since removed the weak passwords but has left other insecurities in the most recent app store release.
With Blackberry now entering the field of "cyber security specialists", We hope the work harder to secure their own data as well.