In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2’000 iterations in iOS 3.x, and 10’000 iterations in iOS 4.x, BlackBerry uses only one.
So password verification is (was) so fast/simple that we did not care about implementing it on the GPU — modern CPU is able to crack almost 8 million passwords per second (thanks to multi-threading and AES-NI). We would not call that the vulnerability, but still the weak link.
But new versions of BlackBerry Desktop Software have been released reсently (6.0 for Windows and 2.0 for Mac). And as always, there are bad news and there are good news.
Bad news (for those who forgot his own password): there are 20,000 PBKDF2 iterations now (yes, two times more than in iOS 4! ). That means that even 6-core Intel CPU can crack not more than 2,000 passwords per second only.
Good news (for the same audience): new version of Elcomsoft Phone Password Breaker not only supports the BlackBerry files with new/improved encryption, but supports GPU acceleration as well (previously, it was available for iTunes backups only). With it, we can get about 7,000 passwords per second on NVIDIA GeForce GTX 580, and about 20,000 p/s on ATI Radeon HD 5970. Also, AMD Radeon HD 6970 is now supported (though we have not tested our code on this card, sorry).