Forgot your password?
typodupeerror
Blackberry Communications Privacy

Blackberry 10 Sends Full Email Account Credentials To RIM 191

Posted by timothy
from the good-job-rim dept.
vikingpower writes "How a phone manufacturer making a somewhat successful come-back can shoot itself in the foot: Marc "van Hauser" Heuse, who works for German technology magazine Heise, has discovered that immediately after setting up an email account on Blackberry 10 OS, full credentials for that account are sent to Research In Motion, the Canadian Blackberry manufacturer. Shortly after performing the set-up, the first successful connections from a server located within the RIM domain appear in the mail server's logs. (Most of the story in English, some comments in German.) At least according to German law, this is completely illegal, as the phone's user does not get a single indication or notice of what is being done." (Here's Heise's article, in German.)
This discussion has been archived. No new comments can be posted.

Blackberry 10 Sends Full Email Account Credentials To RIM

Comments Filter:
  • by Anonymous Coward on Thursday July 18, 2013 @09:31AM (#44316799)
    There is an engineer, somewhere within this organization, that thinks this is a good idea. I, the important person (due to my stack of dollar bills), will never purchase such a device.
    • by Anonymous Coward on Thursday July 18, 2013 @09:47AM (#44316943)

      Rule of thumb for corporation ethics: If you have to ask the legal department if something is OK then it is still unethical and consumer unfriendly.

      Or the catchier version: If you can't tell if something is legal without asking a lawyer then your customers can't do it either.

      • by gl4ss (559668)

        and if you have to ask the legal department it's probably illegal in principle anyways... and you know it and are asking for CYA.

    • by pla (258480) on Thursday July 18, 2013 @09:47AM (#44316945) Journal
      What person thinks this is OK?

      Every single non-technical person in the company, who have no clue whatsoever about the implications of this, don't care about all your "paranoid theories", and "just want the damned thing to work!"

      The same people who give their email address to every popup ad that asks for it and then bitch to IT about all the spam they get. And then bitch about all the still-spam-but-of-interest-to-them they stop getting when you turn up the filters on their account. And then bitch about having to remember yet another password when you give them access to manage their own spam filter settings and can't you just be a dear and go in every morning and manually delete the spam they don't want but let the spam they do want through?
      • by Lunix Nutcase (1092239) on Thursday July 18, 2013 @09:52AM (#44317001)

        Protip: This is the way BIS has always worked. A post explaining this from four years ago... [crackberry.com] Heise is way behind the times if they've only just now discovered that this is how BlackBerry email works.

        • by h4rr4r (612664)

          And it was not much better then.

          The first time I saw that I knew I was not getting a blackberry. That was/is a security nightmare.

          At least with IMAP over SSL I can be reasonably sure not too many folks are reading my email.

          • At least with IMAP over SSL I can be reasonably sure not too many folks are reading my email.

            Still depends on how RIM's infrastructure is set up, whether they actually validate the certificates of the mail servers they connect to.

            If not, the passwords are still within the NSA's reach.

            Theoretically, anybody with a blackberry should be able to test this by setting up a mail server with a deliberately bad certificate: if Blackberry can still log in, it means that it doesn't check the certificate!

            • by jkflying (2190798)

              That doesn't say anything, if the NSA was doing MITM they'd probably bounce the bad cert to make it look like everything was fine.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            The first time I saw that I knew I was not getting a blackberry. That was/is a security nightmare.

            That's why RIM offers BlackBerry Enterprise Server. If you don't want RIM tunneling your email, you host your own tunnels. BlackBerry has always worked this way.
            Did you really think that all of the companies that use BlackBerry send their email through RIM's servers?

          • by LordLimecat (1103839) on Thursday July 18, 2013 @11:04AM (#44317745)

            The first time I saw that I knew I was not getting a blackberry.

            Then you didnt do your research very well, because BIS is the ghetto "i cant afford a BES" experience. A proper BES is magnitudes more secure than anything SSL has to offer.

            • by h4rr4r (612664)

              If they think that is ok for their down market product their up market one likely sucks as well.

              I want to see a citation for that last comment. My understanding is BES is totally closed and still sends data via their servers which the outages proved. This means we have no way of knowing how secure it is.

              We all use SSL to do our banking, so clearly it is pretty well tested.

              • by LordLimecat (1103839) on Thursday July 18, 2013 @11:34AM (#44318125)

                likely

                Translation: I know nothing about how BES works, but I wont let my ignorance prevent me from criticizing it.

                For the record, anyone who has administered a BES knows that its a far better experience than anything ActiveSync has ever had, and magnitudes more secure. ActiveSync bases its entire security on a single server certificate, and having your cert chain vetted, and assuming that your trusted CA doesnt get compromised, and your ciphers arent subject to the BEAST attack. BES has per-device keys, and until AES gets cracked, BES wont be cracked.

                • Doesn't BB10 use ActiveSync?

                  Why, yes. Yes it does.

                  http://bizblog.blackberry.com/2012/08/rim-activesync-security/ [blackberry.com]

                  • Which with BES 10 can use the BES Infrastructure with DEVICE SPECIFIC KEYS as an alternative to a VPN. Which BlackBerry's can also use [a VPN] with the BES as a second optional transport in-case the BES goes down. On top of both of these transports the device will function directly over Corporate WiFi cutting out the BES all together when you're on the local network.

                    So Activesync with it's SSL over SRP, so thats TWO layers of encryption being used. ActiveSync's SSL and the BlackBerry transport as a secure t

            • The first time I saw that I knew I was not getting a blackberry.

              Then you didnt do your research very well, because BIS is the ghetto "i cant afford a BES" experience. A proper BES is magnitudes more secure than anything SSL has to offer.

              [citation needed]

              Seriously.
              There's absolutely no evidence to back this up. With SSL and my own server, I'm sure nobody's listening to my connection. The same can't be said for BES, because, seriously, we don't know!

    • by Pieroxy (222434)

      As it turns out, RIM provides a proxy service for email. That's what they do, and everyone has access to this kind of information as BB doesn't hide it but actually advertises it. It may be a bad idea, but it is most certainly not deception. /story.

    • Re: (Score:2, Interesting)

      by peppepz (1311345)
      It's the only way you can implement push email notifications, which once used to be something of Blackberry that people liked. Every other provider of such a service works in the same way.
      • It's not the only way. It's the only "dumb" way, but if Apple, Google and RIM said to the leading mail daemon developers "give your users a way to create a token they can pass on to us to query for new mail notifications", then it could be achieved securely.

  • by Jawnn (445279) on Thursday July 18, 2013 @09:36AM (#44316843)
    Memo: Go get it yourself. Gentlemen, We're tired of having to carry this data mining workload on our networks and servers. Here's the list of user names and passwords that we collected for you. Knock yourself out. Regards, RIM
    • Sir:

      We *had* been wondering why during every unannounced visit to the Blackberry/RIM department in our office, we'd catch them with some with feet up on their desks, lounging around with arms behind their heads, some paper airplanes flying around, or some paper basketball match or dart game going on. They always say some variation of '...working on it" "...I'm on it", or "We managed to produce that list you were asking about". I had always attributed it to their efficiency. Now we know. Appreciate the heads

  • Wow ... (Score:2, Insightful)

    by gstoddart (321705)

    So either RIM feels they should have this, or they're really stupid.

    There is no reason to send your email credentials to RIM ... the local device needs it, but I can't think of a single defensible reason to send your credentials to their servers.

    Why do companies feel they're entitled to this kind of information? Pretty much everyone who owns a BlackBerry should be asking if they can really trust the device.

    • by lachlan76 (770870)
      It's so that they can push to the device from servers that don't support that functionality. This is how my previous (Nokia E71) phone did push email, for instance. But in that case you provided your login details through their website and then connected the phone to your Nokia Mail account, so it was clear what was going on.
      • Re: (Score:3, Insightful)

        by h4rr4r (612664)

        Bullshit.
        IMAP even supports push via IMAP IDLE. There is no good reason for that in this day and age. This is just Blackberry again being behind the times and out of date.

        • Re:Wow ... (Score:5, Insightful)

          by ArsenneLupin (766289) on Thursday July 18, 2013 @10:19AM (#44317287)

          IMAP even supports push via IMAP IDLE.

          Yes, but that only works while you are connected to the server, which needs a (potentially expensive) IP connection.

          True push might "wake up" your phone with a special SMS when a mail is ready, and then the phone only needs to establish the connection when needed, rather than keeping it up permanently, potentially incurring roaming fees.

          • by h4rr4r (612664)

            Which is why things like wait exist and very long connection lifetimes. The phone can go to sleep with that connection running. Keep alives can be a long time apart.

            • Re:Wow ... (Score:4, Informative)

              by ArsenneLupin (766289) on Thursday July 18, 2013 @11:10AM (#44317821)
              If the phone brings down its IP connection while some TCP flows are still open, it might not be able to re-attach to these, as it will most probably get a different IP address once it brings up the physical connection again. Not to mention that the server would have no way of sending a packet to the mobile during this "sleeping" phase...

              If on the other hand it doesn't bring down the IP connection, it might incur roaming fees, depending on commercial offers, contractual setups etc. If user is lucky, and is charged by traffic, then there will be no problem (almost no packets exchanged during idle). If on the other hand, he is billed over time (like some Austrian and Eastern European operators do), he'd still be stuck with a hefty roaming bill...

              • by h4rr4r (612664)

                You use keep alives to tell the network you need to keep this IP, they are very small and very infrequent.

                When you wake to send that, and you only wake a tiny little bit you check for the new email packet.

                I guess in those backwards nations the user will just turn off all forms of push email.

                • You use keep alives to tell the network you need to keep this IP, they are very small and very infrequent.

                  But are they supported universally? I don't believe so, especially given the worldwide IP address shortage...

                  When you wake to send that, and you only wake a tiny little bit you check for the new email packet.

                  But then, it's not really push any longer... If you only "wake" once per hour, you'd still have to wait up to an hour to get that notification. "Real" push systems (based on some out-of-band signalling) might be faster.

                  • by h4rr4r (612664)

                    IPv6 should solve that.

                    My mail to my house is push, the fact that I am not there to read it does not change that. Even out of band will have to be received by something to wake the rest of the device. So that something must be ready to get this message.

      • This seems to me like an optimization for a problem that no longer exists. Is email popular in places where data plans are expensive? My understanding was that texting was far more popular in developing economies, and email polling couldn't account for more than a pittance of my 4GB monthly allowance. So who actually wants this functionality these days?

        • email polling couldn't account for more than a pittance of my 4GB monthly allowance

          Generally push email is used to save on battery consumption not data transfer. And battery life is still a big sticking point even on modern smart phones.

    • by Yetihehe (971185)

      There is no reason to send your email credentials to RIM

      Push notifications about new email?

      • by h4rr4r (612664)

        For what POP3?
        IMAP idle is widely supported in 2013.

        • by alen (225700)

          ms exchange

          • by h4rr4r (612664)

            Which supports ActiveSync, which is push mail and device management. Use that.

            It is also support on several other mail servers, zimbra being the first one I think of.

    • Google does it with wifi passwords. I assume they do it with other credentials too.
      http://arstechnica.com/security/2013/07/does-nsa-know-your-wifi-password-android-backups-may-give-it-to-them/ [arstechnica.com]
      • Re:Wow ... (Score:4, Insightful)

        by gstoddart (321705) on Thursday July 18, 2013 @09:47AM (#44316953) Homepage

        It's a little different, this sends it as soon as you set up the account apparently.

        I've set my Android devices to not use Google's cloud backup because I'm increasingly distrustful of them. That, and keeping the Google+ shit at bay.

        But in this case, it sounds like as soon as you create an account RIM has your password -- that to me is a terribly designed system.

        And RIM wants to make their messaging client available on other platforms? Suddenly it doesn't look like a trustworthy system to me.

    • Re:Wow ... (Score:4, Interesting)

      by ZiakII (829432) on Thursday July 18, 2013 @09:43AM (#44316915)
      So either RIM feels they should have this, or they're really stupid.

      There is no reason to send your email credentials to RIM ... the local device needs it, but I can't think of a single defensible reason to send your credentials to their servers.

      Why do companies feel they're entitled to this kind of information? Pretty much everyone who owns a BlackBerry should be asking if they can really trust the device.


      Looks like you have no clue how RIM e-mail works on Blackberries. Just copy and pasting a quick summary on how their e-mail system works. "Unlike other PDAs, the BlackBerry device does not log into your email account for you, and check for new messages. This pull type email is best related to having a Post Office box. It requires physical action on your part to go and check your mail. You have to get up, drive in your car to the PO Box location, open it up, check for new mail, get back in your car, and drive home. All this time you are expending time and energy. What happens if you are unable to check the box due to the store/post office being closed? You have to wait until the next chance you get, and then check. As you can see this is not a very time/energy efficient way of doing things.


      On the other hand, if you had someone to bring your mail to you, a Postal worker wouldn’t that be a better alternative? All you have to do is sit at home and when the mail arrives you have it. No need to do anything, no need to go anywhere else. This is how the BlackBerry architecture works." (Example From Crackberry.com [crackberry.com]

      For a site apparently loaded with Computer professionals its astounding how many here do not know how BlackBerry e-mail works.
      • Re: (Score:3, Insightful)

        by h4rr4r (612664)

        For such a long comment it is astounding how you don't know how email works in 2013.

        What you are talking about was neat in 1995, today is redundant and a security nightmare. Today we have ActiveSync and IMAP idle. Both of these provide push email without handing your password over to RIM or putting you at risk of no email when they have one of their famous outages.

        • Re: (Score:3, Interesting)

          by bill_mcgonigle (4333) *

          For such a long comment it is astounding how you don't know how email works in 2013.

          I think he knows how modern e-mail works and was explaining how Blackberry works.

          What you are talking about was neat in 1995, today is redundant and a security nightmare. Today we have ActiveSync and IMAP idle. Both of these provide push email without handing your password over to RIM or putting you at risk of no email when they have one of their famous outages.

          Look, we've had IMAP IDLE since 1997, the first RIM pager was in

          • Re:Wow ... (Score:5, Informative)

            by LordLimecat (1103839) on Thursday July 18, 2013 @11:22AM (#44317981)

            But I've been advising companies who deal in secrets (R&D trade secrets mostly) to avoid Blackberry for the entire time I've been doing security consulting (since before I got a Treo) because it was never a secret how Blackberry works.

            Then despite youre really good explanation it seems that YOU dont fully understand it. If you have one of those expensive BES servers, RIM never sees your credentials, your mail, or anything, and you have THE most secure mass-market mobile email system out there.

            BES supports

            • Per-device symmetric encryption (way outclasses SSL which is a security nightmare between compromised CAs, compromised ciphers, and expiring certs)
            • Enforcing memory and device encrption for years prior to anyone else attempting it, let alone getting it right
            • remote device wipe which IOS / android have only recently gotten, and which actually works
            • enforcing any and every option you might want on any or all blackberries in your organization-- want to force all browsing thru a proxy? Or to go through your corporate firewall? Not a problem.
            • Locking down the devices to prevent installation of undesired apps

            Some of these features have been picked up by other device "classes" (IOS, Android), some have been reimplemented badly (ie, device encryption, remote wipe, screen lock), but noone has gotten the comms down as secure as a proper BES.

            If you're advising people to avoid BES for SECURITY REASONS, you shouldnt be in the business of advising people. Foreign governments have famously gotten their feathers ruffled because RIM makes it clear that there is no way to snoop those connections.

            • That's nice marketing material, but if Blackberry is logging into systems with disparate hashing or encrypting schemes, they are handling the cleartext of the comms at some point, and that's where the taps are. There's mathematically no other way to do it.

              When Blackberries were used in the London bombings, they went to the Blackberry server and got the comms. India was in the news last year because they got one installed there for the same reason. It would be shocking if the NSA wasn't getting a feed out

              • That's nice marketing material, but if Blackberry is logging into systems with disparate hashing or encrypting schemes, they are handling the cleartext of the comms at some point, and that's where the taps are.

                Again you dont understand. If you are using BES, it is hooking into a corporate email system-- Exchange or whatever IBM's thing is called (Lotus?). This is a core requirement-- you CANNOT (or could not, as of BES 5) install BES without those. BES also did NOT support logging into third-party mail servers-- its one and only task was to sync corporate email with your blackberry. And it did so by maintaining a secure connection to your local exchange server with an administrative exchange account, and conn

                • Yeah, this is stuff everybody knows. BES is for Exchange, which runs on Windows, which is insecure (better now, but was simply horrible when BES was first popular), plus NSA has an encryption key for signed stuff, or you can use RIM's proxies which opens your otherwise secure (IMAPS/SMTP+TLS) e-mail up to snooping at the Blackberry servers.

                  But, yeah, I agree, everybody has known this for years, which is what my first comment here said. TFA is surprised by this.

            • Foreign governments have famously gotten their feathers ruffled because RIM makes it clear that there is no way to snoop those connections.

              Until RIM lets them.

              How is that secure then?

              • It is technically impossible to snoop on BES traffic even if you have full access to every cell tower and RIM datacenter, unless you either get the per-device AES key, or you crack AES.

                When I say "there is no way" im not talking about "they have a policy", im talking about "it uses a known secure implementation of symmetric key encryption".

            • That's nice and all, but what does BES do with the credentials? Does it always connect to the Gmail account you think it is, then downloading your mail, not uploading your credentials to nsa_drop_box@gmail.com's Notes folder? I keep hearing blah blah blah security! blah, but I don't see any particular reason to trust one corporation with all my personal credentials over another corporation.

              PS: The "locking down the devices to prevent installation of undesired apps" certainly seems like it'd be appealing, bu

            • by gstoddart (321705)

              Foreign governments have famously gotten their feathers ruffled because RIM makes it clear that there is no way to snoop those connections.

              And then they caved [techdirt.com] in [phonearena.com] and allowed it to happen.

              There is a way, and they've started doing it ... so, what were you saying about how super awesome the security is again and how impossible it is to snoop on?

        • Whats a security nightmare is SSL. Its astounding that people advocate ditching clunky blackberries running secure BES with per-device AES keys for slick ActiveSync, and then turn around and complain about security.

          Meanwhile, SSL has had its recommended cipher change how many times in the last few years? And now we're on the creaky RC4 because all other options have been exhausted?

          No, but Im sure ActiveSync is great. Hope you've vetted your trusted root chain on each of your devices, and hope you've foun

          • by h4rr4r (612664)

            I can audit ssl, I cannot audit BES. No their documentation claiming they did AES right does not prove they did.

            Those are all solved problems, have fun resending servicebooks.

        • by tlhIngan (30335)

          What you are talking about was neat in 1995, today is redundant and a security nightmare. Today we have ActiveSync and IMAP idle. Both of these provide push email without handing your password over to RIM or putting you at risk of no email when they have one of their famous outages.

          Except maintaining a persistent IP connection is expensive. Not expensive in the sense of money, but expensive in terms of battery life - instead of the phone being able to go into a low power idle mode ("camping") where it only

      • by gstoddart (321705)

        Unlike other PDAs, the BlackBerry device does not log into your email account for you, and check for new messages.

        So let's highlight what you pasted here ... if it doesn't log into your account for you, WTF does it need the password for?

        On the other hand, if you had someone to bring your mail to you, a Postal worker wouldnâ(TM)t that be a better alternative? All you have to do is sit at home and when the mail arrives you have it

        What an incredibly stupid analogy ... it's an electronic device which can t

      • by Wattos (2268108)

        You show a good example. Would you still think that this model is better if:

        1) The post man can read your mail without you noticing (e.g. the envelope is never damaged)
        2) You have to provide your postman with a key to open your locker? The key might additionally fit into your other lockers (e.g. A lot of people reuse their passwords)
        3) The postman can easily store copies of all the letters you receive without you knowing
        4) The postman travels from your local post office, to a completely different country, w

      • This pull type email is best related to having a Post Office box. It requires physical action on your part to go and check your mail. You have to get up, drive in your car to the PO Box location, open it up, check for new mail, get back in your car, and drive home.

        Meanwhile, back in reality, that "hugely inefficient" polling works like:

        Phone: Hi, mailserver.
        Mail: Hi, phone.
        Phone: I'm Joe. Here's proof.
        Mail: Hi Joe.
        Phone: Do I have any new mail?
        Mail: Nope.
        Phone: KTHXBYE
        Mail: Whatevs.

        ...all at the speed of light and consuming microwatts if scheduled correctly. Decades-old tech like IMAP IDLE makes that even more trivial. No, I'm just not seeing the compelling need for this beyond "that's the way we've always done it and it's magical!".

    • Why do companies feel they're entitled to this kind of information?

      I'll play the devil's advocate here and suggest that RIM might not have done this out of a sense of entitlement, but rather out of a sense of laziness or generally poor programming. This information is not necessarily all that valuable to them anyways.

      Pretty much everyone who owns a BlackBerry should be asking if they can really trust the device.

      The device just came our, and this applies only to the two newest blackberries. The bigger question is how long will it take them to correct this. They have a choice here; they can either say "oops, we didn't mean to do that" and patch it so that this inf

  • Does anyone care? (Score:4, Insightful)

    by dgr73 (1055610) on Thursday July 18, 2013 @09:40AM (#44316877)
    I was in a conference once where all the big players in the security field were sitting and saying "no way we'll build backdoors into our systems, the best guarantee against that is the fact that if it's found out, we'll be killed in the market, nobody will buy from us". But considering how most companies hit by the NSA scandal are still doing brist business, I don't think RIM has anything to fear from anyone except a handful of Slashdotters, who use other types of phones anyway.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Nobody cares. I work IT for a government agency, and our IT department decided (directly against my opinion) that it's basically not worth the effort to hide our data from the US government. Nothing's changed since the NSA scandal confirmed our worst strong suspicions and safe assumptions. Part of it comes from a defeatist view that they can break into anything they want to. I contend that they are _not_ magic and we _can_ keep them out. In some of our dealings it would be disadvantageous for the US governm

  • Standard Procedure? (Score:4, Interesting)

    by nate_in_ME (1281156) <meNO@SPAMnatesmith.me> on Thursday July 18, 2013 @09:46AM (#44316933)
    I haven't done all my reading on the new BB10 setup, but I know previous devices not only used RIM's servers to fetch email before passing it on to the device, but actually tunneled all internet traffic through their system. Now, from the article (or at least Google's translation of it), it sounds like BB10 says that setup is no longer used for the push email. However, are they still tunneling through RIM? The article also seems to make a jump in assuming that RIM is storing this data (who else may be listening in along the way is another discussion entirely). The only reference that I saw in the article was to the connection occurring immediately after setting up the account. This could just as easily point to a "test, then throw away" procedure as part of e-mail setup on BB10. Unless there is additional information showing a series of connections over a period of time after setting up the account, there doesn't appear to be any indication that RIM is actually keeping this data.
    • BB10 devices use ActiveSync to do mail pushes. Now it just goes over the standard 4g/3g networks like iPhones/Androids do. The only connection that I've seen be required to RIM servers is if you use their BES10 software and that's just for policies and suchlike.
  • Didn't read the article of course, but does this guy have a BES server? I thought this was always how BlackBerries worked. If you weren't running BES, then RIM essentially took over that function. Granted, I haven't touched a BlackBerry in like 6 years, so maybe I am only remembering the good times at this point.

    • by h4rr4r (612664)

      Which does not change the fact that with ActiveSync and IMAP idle widely available there is no need for RIM to do this. You already have push Mail and some amount of device management.

      This is likely just some internal RIM folks trying to keep their department funded.

  • Summary in English (Score:5, Informative)

    by schneidafunk (795759) on Thursday July 18, 2013 @09:57AM (#44317051)
    "When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge. A server with the IP 68.171.232.33 which is in the Research In Motion (RIM) netblock in Canada will instantly connect to your mailserver and log in with your credentials. If you do not have forced SSL/TLS configured on your mail server, your credentials will be sent in the clear by Blackberrys server for the connection. Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing inbetween – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks. Canada is a member of the “Five Eyes”, the tigh-knitted cooperation between the interception agencies of USA, UK, Canada, Australia and New Zealand, so you need to assume that they have access to RIMs databases. You should delete your e-mail accounts from any Blackberry 10 device immediately, change the e-mail password and resort to use an alternative mail program like K9Mail.

    Clarification: this issue is not about PIN-messaging, BBM, push-messaging or any other Blackberry service where you expect that your credentials are sent to RIM. This happens if you only enter your own private IMAP / POP credentials into the standard Blackberry 10 email client without having any kind BER, special configuration or any explicit service relationship or contract with Blackberry. The client should only connect directly to your mail server and nowhere else. A phone hardware vendor has no right to for whatever reason harvest account credentials back to his server without explicit user consent and then on top of that connect back to the mail server with them."
    • When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge.

      Your consent is that this has always been managed through a browser and youre providing your credentials to a website (BIS). It has worked this way for the 8 years that I've been in the field unless you use your own BES and do an enterprise activation.

      If you do not have forced SSL/TLS configured on your mail server, your credentials will be sent in the clear

      Holy tautology, batman!

      Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing inbetween – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks

      Well gee, maybe you shouldnt uncheck the "SSL/TLS" box then. Thats sort of why its there.

  • I hope stuff like this, along with the Snowden Files, proceed to destroy the 'Cloud' paradigm. It was a diseased model to begin with and is proving to be nothing more than a Tap for domestic and international spying.

    People deserve privacy, especially in email, and stealing their account credentials ought to be basis enough for a Watergate style investigation. You know full well if some 17 year old did this exact same thing to some politician or movie star, his ass would be roadkill in the court system insi

  • by timftbf (48204) on Thursday July 18, 2013 @10:38AM (#44317491)

    If it's anything like the previous-generation BlackBerries, it's shockingly bad. We bought one for my wife on the strength of it having a physical keyboard, and waded through all the hand-over-your-password BIS nonsense. And, well... I guess it *might* work if you never ever want to look at your mail from anything other than your BB. Once the BB has decided what *its* view of your mailboxes is, good luck in having anything else you do via all your other (IMAP, webmail, whatever) clients have any relationship whatsoever to what you see or do on the BB.

    Hello RIM? That's the *whole* *fucking* *point* of IMAP - the mail stays on the server, and I can get the same view of it from anywhere, not go through all the hoops we used to have to jump through to fake synchronisation on POP3 clients.

    I've since disabled (or deconfigured, or otherwise turned off) the whole BB mail piece, and installed LogicMail, which I heartily recommend. It's a regular IMAP client, it makes IP connections to the mail server, and it all works Just Fine. If she leaves it running, it gets new mail notifications via IDLE. If she closes it, she doesn't get notifications, but it doesn't suck juice or network usage IDLEing. Her choice.

  • Who is to say that Exchange 201x won't do the same thing or doesn't already? Or any number of proprietary systems? You don't know because you can't see what's really happening with closed protocols, software and devices.

  • Linked-In for example, has my email address and sends me email. However, the website sometimes tries to get me to enter my email password to "verify" my account. Just send an email with a clicky to verify, you don't need to log in. I suspect a large number of web sites that require an email address actually try to log in using the password given for the web site. Facebook asks you to give this information, Linked in asks for it under false pretenses, and others.... Can someone please do more testing along t
  • by bshroyer (21524) <bretNO@SPAMbretshroyer.org> on Thursday July 18, 2013 @12:01PM (#44318437)

    Karl Denninger writes up his experience in attempting to replicate the claim. Karl calls BS:

    http://market-ticker.org/cgi-ticker/akcs-www?singlepost=3242634 [market-ticker.org]

    Don't Buy The BS Being Run on BB10 Email Security

    There's a "report" flying around alleging that BB10 phones send unencrypted email passwords to BlackBerry and additionally that BlackBerry immediately connects back to the email server and signs on (which would, of course, require that it knows the password.)

    This is easily tested and since I have a Z10 I decided to do exactly that.

    What am doing here is setting up an account called "test" on my IMAP server to receive email and then will enter the credentials into the phone.

    To make it interesting I will do it over the Cellular Connection rather than over WiFi, so that if the phone wants to do some sort of DNS lookup that my server might block (if it was using my DNS servers as it was connected via WiFi) it'll work.

    Here we go. {full documentation follows}

    • by bshroyer (21524) <bretNO@SPAMbretshroyer.org> on Thursday July 18, 2013 @12:04PM (#44318455)

      Karl continues:

      Let's push the button and see who talks to us.

      Jul 18 10:25:05 NewFS imapd[88446]: Login user=test host=mc35536d0.tmodns.net [208.54.85.195]

      And that's all. (That's the phone's IP address on T-Mobile, incidentally.)

      Now let's look at the SMTP server and see if there's any evidence of a connection from the 68.171 address block -- which belongs to BlackBerry, and which is alleged tries to connect back.

      [root@NewFS /var/log]# grep 68.171 spamblock
      [root@NewFS /var/log]#

      Nothing. Is the 208.54 address there?

      Jul 18 10:09:21 NewFS spamblock-sys[81673]: Starting SSL/TLS negotiation with peer [208.54.85.195]
      Jul 18 10:24:53 NewFS spamblock-sys[88447]: Starting SSL/TLS negotiation with peer [208.54.85.195]
      [root@NewFS /var/log]#

      Why yes there is, as the phone does connect to validate that the connection works (and it tells you it's doing so.) The other line, incidentally, is because there's another email account there (my real one!)

      The phone connected to the SMTP server ("spamblock-sys" is my custom spam filter, which knows how to perform SSL/TLS negotiation) and performs a STARTTLS negotiation exactly as I told it to do.

      Incidentally, it also brings up the server's certificate and asks me if it's ok too.

      But there is no connection back to either service from any other location related to this account setup. Not from BlackBerry, not from some other place, nowhere. Period.

      For those who want a bit more background on the SMTP side the code in question, particularly the SMTP code, is mine. The SMTP server in question ("Spamblock-Sys") was written from the ground up by myself. I know every single line of that code and am not relying on anyone else's word as to what is and is not logged, since I wrote it.

      The IMAP server in question is WU's with moderate modification.

      I have no idea if the guy in Germany is lying or if he is on an account provisioned for BIS (the older BlackBerry handsets) and his mobile provider is intercepting the transaction and passing it to BIS, which is doing what he's talking about.

    • by gweihir (88907)

      Actually, the Heise article clearly states this only happens if you do not use the "advanced" configuration option and if you use the advanced one (and select yourself what kind of connection it is), the transfer of password does _not_ happen. The also state that unfortunately, the "advanced" tag is hidden under the virtual keyboard and so easily overlooked, which is completely true. (Yes, I am a German native speaker and did read the Heise article. Nobody is lying there at all.)

We have a equal opportunity Calculus class -- it's fully integrated.

Working...