Blackberry 10 Sends Full Email Account Credentials To RIM 191
vikingpower writes "How a phone manufacturer making a somewhat successful come-back can shoot itself in the foot: Marc "van Hauser" Heuse, who works for German technology magazine Heise, has discovered that immediately after setting up an email account on Blackberry 10 OS, full credentials for that account are sent to Research In Motion, the Canadian Blackberry manufacturer. Shortly after performing the set-up, the first successful connections from a server located within the RIM domain appear in the mail server's logs. (Most of the story in English, some comments in German.) At least according to German law, this is completely illegal, as the phone's user does not get a single indication or notice of what is being done." (Here's Heise's article, in German.)
What person thinks this is OK? (Score:4, Insightful)
Re:What person thinks this is OK? (Score:4, Insightful)
Rule of thumb for corporation ethics: If you have to ask the legal department if something is OK then it is still unethical and consumer unfriendly.
Or the catchier version: If you can't tell if something is legal without asking a lawyer then your customers can't do it either.
Re: (Score:3)
and if you have to ask the legal department it's probably illegal in principle anyways... and you know it and are asking for CYA.
Re:What person thinks this is OK? (Score:5, Informative)
Every single non-technical person in the company, who have no clue whatsoever about the implications of this, don't care about all your "paranoid theories", and "just want the damned thing to work!"
The same people who give their email address to every popup ad that asks for it and then bitch to IT about all the spam they get. And then bitch about all the still-spam-but-of-interest-to-them they stop getting when you turn up the filters on their account. And then bitch about having to remember yet another password when you give them access to manage their own spam filter settings and can't you just be a dear and go in every morning and manually delete the spam they don't want but let the spam they do want through?
Re:What person thinks this is OK? (Score:5, Informative)
Protip: This is the way BIS has always worked. A post explaining this from four years ago... [crackberry.com] Heise is way behind the times if they've only just now discovered that this is how BlackBerry email works.
Re: (Score:3)
And it was not much better then.
The first time I saw that I knew I was not getting a blackberry. That was/is a security nightmare.
At least with IMAP over SSL I can be reasonably sure not too many folks are reading my email.
Re: (Score:2)
At least with IMAP over SSL I can be reasonably sure not too many folks are reading my email.
Still depends on how RIM's infrastructure is set up, whether they actually validate the certificates of the mail servers they connect to.
If not, the passwords are still within the NSA's reach.
Theoretically, anybody with a blackberry should be able to test this by setting up a mail server with a deliberately bad certificate: if Blackberry can still log in, it means that it doesn't check the certificate!
Re: (Score:2)
That doesn't say anything, if the NSA was doing MITM they'd probably bounce the bad cert to make it look like everything was fine.
Re: (Score:2)
This is why CAs are a bad idea and we should have been using fingerprints for verifying certs.
Re: (Score:2)
Anything they don't know exists.
Anything that has never been digital.
Re: (Score:2)
A networkless computer?
Ultra-delicate files can be handled on offline computers, and moved around in physical devices, and encrypted.
Re: (Score:2)
Unless it's in a one foot thick lead Faraday cage, the computer is not 'networkless'. The machine puts out lots of RF just waiting to be tapped.
Re: (Score:2, Insightful)
The first time I saw that I knew I was not getting a blackberry. That was/is a security nightmare.
That's why RIM offers BlackBerry Enterprise Server. If you don't want RIM tunneling your email, you host your own tunnels. BlackBerry has always worked this way.
Did you really think that all of the companies that use BlackBerry send their email through RIM's servers?
Re:What person thinks this is OK? (Score:5, Insightful)
The first time I saw that I knew I was not getting a blackberry.
Then you didnt do your research very well, because BIS is the ghetto "i cant afford a BES" experience. A proper BES is magnitudes more secure than anything SSL has to offer.
Re: (Score:2)
If they think that is ok for their down market product their up market one likely sucks as well.
I want to see a citation for that last comment. My understanding is BES is totally closed and still sends data via their servers which the outages proved. This means we have no way of knowing how secure it is.
We all use SSL to do our banking, so clearly it is pretty well tested.
Re:What person thinks this is OK? (Score:5, Insightful)
likely
Translation: I know nothing about how BES works, but I wont let my ignorance prevent me from criticizing it.
For the record, anyone who has administered a BES knows that its a far better experience than anything ActiveSync has ever had, and magnitudes more secure. ActiveSync bases its entire security on a single server certificate, and having your cert chain vetted, and assuming that your trusted CA doesnt get compromised, and your ciphers arent subject to the BEAST attack. BES has per-device keys, and until AES gets cracked, BES wont be cracked.
Re: (Score:2)
Doesn't BB10 use ActiveSync?
Why, yes. Yes it does.
http://bizblog.blackberry.com/2012/08/rim-activesync-security/ [blackberry.com]
Re: (Score:2)
Which with BES 10 can use the BES Infrastructure with DEVICE SPECIFIC KEYS as an alternative to a VPN. Which BlackBerry's can also use [a VPN] with the BES as a second optional transport in-case the BES goes down. On top of both of these transports the device will function directly over Corporate WiFi cutting out the BES all together when you're on the local network.
So Activesync with it's SSL over SRP, so thats TWO layers of encryption being used. ActiveSync's SSL and the BlackBerry transport as a secure t
Re: (Score:3)
I dont actually administer BES any more. I have moved on from my prior job where I was a general-purpose consultant who dealt with ~ 60 clients as their sole IT person. I never made money off of BES, and RIM rarely made money off of me as I tended to recommend BES Express (since 90% of SMBs have no need for the paid BES).
Towards the end I stopped recommending BES because the security was way overkill, the SMBs had 0 need for that kind of management, and everyone wanted an Android; Im not the kind of admin
Re: (Score:2)
I don't have time for someone who has no real experience with the product, and believes whatever the vendor tells him. No a couple accounts on BES express is not the same.
BES might be secure, no one knows save for those BES has shown the secret sauce too.
Re: (Score:3)
The first time I saw that I knew I was not getting a blackberry.
Then you didnt do your research very well, because BIS is the ghetto "i cant afford a BES" experience. A proper BES is magnitudes more secure than anything SSL has to offer.
[citation needed]
Seriously.
There's absolutely no evidence to back this up. With SSL and my own server, I'm sure nobody's listening to my connection. The same can't be said for BES, because, seriously, we don't know!
Re: (Score:2)
You must not understand that often emails do not cross servers outside my companies control.
Lots of internal communication is email.
Re: (Score:2, Informative)
Next news on slashdot:
Shocking! Researcher discovers hitting submit on the login page of Gmail actually TRANFERS ALL YOUR CREDENTIALS to Google.
Hey asshole, pay attention. The issue here isn't that a first or second party is getting the password, it's that the third party is...the third party doesn't need it at all. Let me spell it out for you: This would be similar to Mozilla, Microsoft, or Apple transmitting your password to themselves just because you are using their browser.
Indeed, this is how it has always worked on BlackBerry devices, so I'm not quite sure why this is news. Anyone who didn't already understand this simply doesn't have
Re: (Score:2)
Re: (Score:2)
In this case, the email provider is the 3rd party, not blackberry, so it is analogous. You go to the blackberry system via their website or OS and you give them (blackberry) all your email username, passwords and servers so they can go and get your email from a 3rd party. It works the same way that mint.com collects account information from 3rd party sites, for example. You get the email from BIS directly, which in turn gets it from a 3rd party using the account info you provided.
Re: (Score:2)
Exactly.
And its been this way since dirt.
There are other mail systems that do this as well, such as setting up your Gmail account to pop your mail off of other servers. Of course you have to tell them the login and password. But it is a discrete step in the case of Gmail and you are warned about exactly what is going on.
With BBM, its unclear, glossed over, or mentioned in one of those click-through pages that nobody reads, or perhaps not mentioned at all. That might have been ok in the days when RIM was h
Re: (Score:2)
The point is that RIM saving the email credentials is how they've always done it. Yes, BB10 does not have BIS but still does the email push the same way they did for BIS. The statement still stands that Heise is years behind the times if they only now just discovered this is how RIM does email push.
Re: (Score:2)
Re: (Score:2)
As it turns out, RIM provides a proxy service for email. That's what they do, and everyone has access to this kind of information as BB doesn't hide it but actually advertises it. It may be a bad idea, but it is most certainly not deception. /story.
Re: (Score:2)
The story is dumb fuck stupid, no need to be a fanboi to point it out.
Re: (Score:2, Interesting)
Re: (Score:2)
It's not the only way. It's the only "dumb" way, but if Apple, Google and RIM said to the leading mail daemon developers "give your users a way to create a token they can pass on to us to query for new mail notifications", then it could be achieved securely.
To: NSA and other spooks (Score:5, Funny)
From: NSA (Score:2)
Sir:
We *had* been wondering why during every unannounced visit to the Blackberry/RIM department in our office, we'd catch them with some with feet up on their desks, lounging around with arms behind their heads, some paper airplanes flying around, or some paper basketball match or dart game going on. They always say some variation of '...working on it" "...I'm on it", or "We managed to produce that list you were asking about". I had always attributed it to their efficiency. Now we know. Appreciate the heads
Wow ... (Score:2, Insightful)
So either RIM feels they should have this, or they're really stupid.
There is no reason to send your email credentials to RIM ... the local device needs it, but I can't think of a single defensible reason to send your credentials to their servers.
Why do companies feel they're entitled to this kind of information? Pretty much everyone who owns a BlackBerry should be asking if they can really trust the device.
Re: (Score:3)
Re: (Score:3, Insightful)
Bullshit.
IMAP even supports push via IMAP IDLE. There is no good reason for that in this day and age. This is just Blackberry again being behind the times and out of date.
Re:Wow ... (Score:5, Insightful)
IMAP even supports push via IMAP IDLE.
Yes, but that only works while you are connected to the server, which needs a (potentially expensive) IP connection.
True push might "wake up" your phone with a special SMS when a mail is ready, and then the phone only needs to establish the connection when needed, rather than keeping it up permanently, potentially incurring roaming fees.
Re: (Score:2)
Which is why things like wait exist and very long connection lifetimes. The phone can go to sleep with that connection running. Keep alives can be a long time apart.
Re:Wow ... (Score:4, Informative)
If on the other hand it doesn't bring down the IP connection, it might incur roaming fees, depending on commercial offers, contractual setups etc. If user is lucky, and is charged by traffic, then there will be no problem (almost no packets exchanged during idle). If on the other hand, he is billed over time (like some Austrian and Eastern European operators do), he'd still be stuck with a hefty roaming bill...
Re: (Score:2)
You use keep alives to tell the network you need to keep this IP, they are very small and very infrequent.
When you wake to send that, and you only wake a tiny little bit you check for the new email packet.
I guess in those backwards nations the user will just turn off all forms of push email.
Re: (Score:2)
You use keep alives to tell the network you need to keep this IP, they are very small and very infrequent.
But are they supported universally? I don't believe so, especially given the worldwide IP address shortage...
When you wake to send that, and you only wake a tiny little bit you check for the new email packet.
But then, it's not really push any longer... If you only "wake" once per hour, you'd still have to wait up to an hour to get that notification. "Real" push systems (based on some out-of-band signalling) might be faster.
Re: (Score:2)
IPv6 should solve that.
My mail to my house is push, the fact that I am not there to read it does not change that. Even out of band will have to be received by something to wake the rest of the device. So that something must be ready to get this message.
Re: (Score:2)
This seems to me like an optimization for a problem that no longer exists. Is email popular in places where data plans are expensive? My understanding was that texting was far more popular in developing economies, and email polling couldn't account for more than a pittance of my 4GB monthly allowance. So who actually wants this functionality these days?
Re: (Score:3)
email polling couldn't account for more than a pittance of my 4GB monthly allowance
Generally push email is used to save on battery consumption not data transfer. And battery life is still a big sticking point even on modern smart phones.
Re: (Score:3)
There is no reason to send your email credentials to RIM
Push notifications about new email?
Re: (Score:3)
For what POP3?
IMAP idle is widely supported in 2013.
Re: (Score:2)
ms exchange
Re: (Score:2)
Which supports ActiveSync, which is push mail and device management. Use that.
It is also support on several other mail servers, zimbra being the first one I think of.
Re: (Score:2)
http://arstechnica.com/security/2013/07/does-nsa-know-your-wifi-password-android-backups-may-give-it-to-them/ [arstechnica.com]
Re:Wow ... (Score:4, Insightful)
It's a little different, this sends it as soon as you set up the account apparently.
I've set my Android devices to not use Google's cloud backup because I'm increasingly distrustful of them. That, and keeping the Google+ shit at bay.
But in this case, it sounds like as soon as you create an account RIM has your password -- that to me is a terribly designed system.
And RIM wants to make their messaging client available on other platforms? Suddenly it doesn't look like a trustworthy system to me.
Re:Wow ... (Score:4, Interesting)
There is no reason to send your email credentials to RIM
Why do companies feel they're entitled to this kind of information? Pretty much everyone who owns a BlackBerry should be asking if they can really trust the device.
Looks like you have no clue how RIM e-mail works on Blackberries. Just copy and pasting a quick summary on how their e-mail system works. "Unlike other PDAs, the BlackBerry device does not log into your email account for you, and check for new messages. This pull type email is best related to having a Post Office box. It requires physical action on your part to go and check your mail. You have to get up, drive in your car to the PO Box location, open it up, check for new mail, get back in your car, and drive home. All this time you are expending time and energy. What happens if you are unable to check the box due to the store/post office being closed? You have to wait until the next chance you get, and then check. As you can see this is not a very time/energy efficient way of doing things.
On the other hand, if you had someone to bring your mail to you, a Postal worker wouldn’t that be a better alternative? All you have to do is sit at home and when the mail arrives you have it. No need to do anything, no need to go anywhere else. This is how the BlackBerry architecture works." (Example From Crackberry.com [crackberry.com]
For a site apparently loaded with Computer professionals its astounding how many here do not know how BlackBerry e-mail works.
Re: (Score:3, Insightful)
For such a long comment it is astounding how you don't know how email works in 2013.
What you are talking about was neat in 1995, today is redundant and a security nightmare. Today we have ActiveSync and IMAP idle. Both of these provide push email without handing your password over to RIM or putting you at risk of no email when they have one of their famous outages.
Re: (Score:3, Interesting)
For such a long comment it is astounding how you don't know how email works in 2013.
I think he knows how modern e-mail works and was explaining how Blackberry works.
What you are talking about was neat in 1995, today is redundant and a security nightmare. Today we have ActiveSync and IMAP idle. Both of these provide push email without handing your password over to RIM or putting you at risk of no email when they have one of their famous outages.
Look, we've had IMAP IDLE since 1997, the first RIM pager was in
Re:Wow ... (Score:5, Informative)
But I've been advising companies who deal in secrets (R&D trade secrets mostly) to avoid Blackberry for the entire time I've been doing security consulting (since before I got a Treo) because it was never a secret how Blackberry works.
Then despite youre really good explanation it seems that YOU dont fully understand it. If you have one of those expensive BES servers, RIM never sees your credentials, your mail, or anything, and you have THE most secure mass-market mobile email system out there.
BES supports
Some of these features have been picked up by other device "classes" (IOS, Android), some have been reimplemented badly (ie, device encryption, remote wipe, screen lock), but noone has gotten the comms down as secure as a proper BES.
If you're advising people to avoid BES for SECURITY REASONS, you shouldnt be in the business of advising people. Foreign governments have famously gotten their feathers ruffled because RIM makes it clear that there is no way to snoop those connections.
Re: (Score:2)
That's nice marketing material, but if Blackberry is logging into systems with disparate hashing or encrypting schemes, they are handling the cleartext of the comms at some point, and that's where the taps are. There's mathematically no other way to do it.
When Blackberries were used in the London bombings, they went to the Blackberry server and got the comms. India was in the news last year because they got one installed there for the same reason. It would be shocking if the NSA wasn't getting a feed out
Re: (Score:2)
That's nice marketing material, but if Blackberry is logging into systems with disparate hashing or encrypting schemes, they are handling the cleartext of the comms at some point, and that's where the taps are.
Again you dont understand. If you are using BES, it is hooking into a corporate email system-- Exchange or whatever IBM's thing is called (Lotus?). This is a core requirement-- you CANNOT (or could not, as of BES 5) install BES without those. BES also did NOT support logging into third-party mail servers-- its one and only task was to sync corporate email with your blackberry. And it did so by maintaining a secure connection to your local exchange server with an administrative exchange account, and conn
Re: (Score:2)
Yeah, this is stuff everybody knows. BES is for Exchange, which runs on Windows, which is insecure (better now, but was simply horrible when BES was first popular), plus NSA has an encryption key for signed stuff, or you can use RIM's proxies which opens your otherwise secure (IMAPS/SMTP+TLS) e-mail up to snooping at the Blackberry servers.
But, yeah, I agree, everybody has known this for years, which is what my first comment here said. TFA is surprised by this.
Re: (Score:2)
Foreign governments have famously gotten their feathers ruffled because RIM makes it clear that there is no way to snoop those connections.
Until RIM lets them.
How is that secure then?
Re: (Score:2)
It is technically impossible to snoop on BES traffic even if you have full access to every cell tower and RIM datacenter, unless you either get the per-device AES key, or you crack AES.
When I say "there is no way" im not talking about "they have a policy", im talking about "it uses a known secure implementation of symmetric key encryption".
Re: (Score:2)
That's nice and all, but what does BES do with the credentials? Does it always connect to the Gmail account you think it is, then downloading your mail, not uploading your credentials to nsa_drop_box@gmail.com's Notes folder? I keep hearing blah blah blah security! blah, but I don't see any particular reason to trust one corporation with all my personal credentials over another corporation.
PS: The "locking down the devices to prevent installation of undesired apps" certainly seems like it'd be appealing, bu
Re: (Score:2)
BES does not and cannot connect to gmail. It would be great if people who didnt understand BES didnt criticize it for things that arent relevant.
RIM also never gets ANY credentials when you use a BES. See my explanation here:
http://slashdot.org/comments.pl?sid=3989165&cid=44319733 [slashdot.org]
Re: (Score:2)
And then they caved [techdirt.com] in [phonearena.com] and allowed it to happen.
There is a way, and they've started doing it ... so, what were you saying about how super awesome the security is again and how impossible it is to snoop on?
Re: (Score:2)
Whats a security nightmare is SSL. Its astounding that people advocate ditching clunky blackberries running secure BES with per-device AES keys for slick ActiveSync, and then turn around and complain about security.
Meanwhile, SSL has had its recommended cipher change how many times in the last few years? And now we're on the creaky RC4 because all other options have been exhausted?
No, but Im sure ActiveSync is great. Hope you've vetted your trusted root chain on each of your devices, and hope you've foun
Re: (Score:2)
I can audit ssl, I cannot audit BES. No their documentation claiming they did AES right does not prove they did.
Those are all solved problems, have fun resending servicebooks.
Re: (Score:3)
Except maintaining a persistent IP connection is expensive. Not expensive in the sense of money, but expensive in terms of battery life - instead of the phone being able to go into a low power idle mode ("camping") where it only
Re: (Score:2)
So let's highlight what you pasted here ... if it doesn't log into your account for you, WTF does it need the password for?
What an incredibly stupid analogy ... it's an electronic device which can t
Re: (Score:2)
You show a good example. Would you still think that this model is better if:
1) The post man can read your mail without you noticing (e.g. the envelope is never damaged)
2) You have to provide your postman with a key to open your locker? The key might additionally fit into your other lockers (e.g. A lot of people reuse their passwords)
3) The postman can easily store copies of all the letters you receive without you knowing
4) The postman travels from your local post office, to a completely different country, w
Re: (Score:2)
This pull type email is best related to having a Post Office box. It requires physical action on your part to go and check your mail. You have to get up, drive in your car to the PO Box location, open it up, check for new mail, get back in your car, and drive home.
Meanwhile, back in reality, that "hugely inefficient" polling works like:
Phone: Hi, mailserver.
Mail: Hi, phone.
Phone: I'm Joe. Here's proof.
Mail: Hi Joe.
Phone: Do I have any new mail?
Mail: Nope.
Phone: KTHXBYE
Mail: Whatevs.
...all at the speed of light and consuming microwatts if scheduled correctly. Decades-old tech like IMAP IDLE makes that even more trivial. No, I'm just not seeing the compelling need for this beyond "that's the way we've always done it and it's magical!".
Re: (Score:2)
+1 for honesty.
are you sure it is entitlement? (Score:3)
Why do companies feel they're entitled to this kind of information?
I'll play the devil's advocate here and suggest that RIM might not have done this out of a sense of entitlement, but rather out of a sense of laziness or generally poor programming. This information is not necessarily all that valuable to them anyways.
Pretty much everyone who owns a BlackBerry should be asking if they can really trust the device.
The device just came our, and this applies only to the two newest blackberries. The bigger question is how long will it take them to correct this. They have a choice here; they can either say "oops, we didn't mean to do that" and patch it so that this inf
Does anyone care? (Score:4, Insightful)
Re: (Score:2, Interesting)
Nobody cares. I work IT for a government agency, and our IT department decided (directly against my opinion) that it's basically not worth the effort to hide our data from the US government. Nothing's changed since the NSA scandal confirmed our worst strong suspicions and safe assumptions. Part of it comes from a defeatist view that they can break into anything they want to. I contend that they are _not_ magic and we _can_ keep them out. In some of our dealings it would be disadvantageous for the US governm
Standard Procedure? (Score:4, Interesting)
Re: (Score:2)
Does he have a BES? (Score:2)
Didn't read the article of course, but does this guy have a BES server? I thought this was always how BlackBerries worked. If you weren't running BES, then RIM essentially took over that function. Granted, I haven't touched a BlackBerry in like 6 years, so maybe I am only remembering the good times at this point.
Re: (Score:2)
Which does not change the fact that with ActiveSync and IMAP idle widely available there is no need for RIM to do this. You already have push Mail and some amount of device management.
This is likely just some internal RIM folks trying to keep their department funded.
Summary in English (Score:5, Informative)
Clarification: this issue is not about PIN-messaging, BBM, push-messaging or any other Blackberry service where you expect that your credentials are sent to RIM. This happens if you only enter your own private IMAP / POP credentials into the standard Blackberry 10 email client without having any kind BER, special configuration or any explicit service relationship or contract with Blackberry. The client should only connect directly to your mail server and nowhere else. A phone hardware vendor has no right to for whatever reason harvest account credentials back to his server without explicit user consent and then on top of that connect back to the mail server with them."
Re: (Score:2)
When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge.
Your consent is that this has always been managed through a browser and youre providing your credentials to a website (BIS). It has worked this way for the 8 years that I've been in the field unless you use your own BES and do an enterprise activation.
If you do not have forced SSL/TLS configured on your mail server, your credentials will be sent in the clear
Holy tautology, batman!
Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing inbetween – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks
Well gee, maybe you shouldnt uncheck the "SSL/TLS" box then. Thats sort of why its there.
Re: (Score:2)
You forget that the government is telling them they must.
This may be so in Canada or the USA. But the author of the article is in Germany. This, according to German law, is verboten.
It's stealing, basically (Score:2)
I hope stuff like this, along with the Snowden Files, proceed to destroy the 'Cloud' paradigm. It was a diseased model to begin with and is proving to be nothing more than a Tap for domestic and international spying.
People deserve privacy, especially in email, and stealing their account credentials ought to be basis enough for a Watergate style investigation. You know full well if some 17 year old did this exact same thing to some politician or movie star, his ass would be roadkill in the court system insi
BlackBerry mail is very poor (Score:3)
If it's anything like the previous-generation BlackBerries, it's shockingly bad. We bought one for my wife on the strength of it having a physical keyboard, and waded through all the hand-over-your-password BIS nonsense. And, well... I guess it *might* work if you never ever want to look at your mail from anything other than your BB. Once the BB has decided what *its* view of your mailboxes is, good luck in having anything else you do via all your other (IMAP, webmail, whatever) clients have any relationship whatsoever to what you see or do on the BB.
Hello RIM? That's the *whole* *fucking* *point* of IMAP - the mail stays on the server, and I can get the same view of it from anywhere, not go through all the hoops we used to have to jump through to fake synchronisation on POP3 clients.
I've since disabled (or deconfigured, or otherwise turned off) the whole BB mail piece, and installed LogicMail, which I heartily recommend. It's a regular IMAP client, it makes IP connections to the mail server, and it all works Just Fine. If she leaves it running, it gets new mail notifications via IDLE. If she closes it, she doesn't get notifications, but it doesn't suck juice or network usage IDLEing. Her choice.
It's your own fault for using closed protocols (Score:2)
Who is to say that Exchange 201x won't do the same thing or doesn't already? Or any number of proprietary systems? You don't know because you can't see what's really happening with closed protocols, software and devices.
What about web sites? (Score:2)
Debunked - Did anyone actually try verifying this? (Score:4, Interesting)
Karl Denninger writes up his experience in attempting to replicate the claim. Karl calls BS:
http://market-ticker.org/cgi-ticker/akcs-www?singlepost=3242634 [market-ticker.org]
Don't Buy The BS Being Run on BB10 Email Security
There's a "report" flying around alleging that BB10 phones send unencrypted email passwords to BlackBerry and additionally that BlackBerry immediately connects back to the email server and signs on (which would, of course, require that it knows the password.)
This is easily tested and since I have a Z10 I decided to do exactly that.
What am doing here is setting up an account called "test" on my IMAP server to receive email and then will enter the credentials into the phone.
To make it interesting I will do it over the Cellular Connection rather than over WiFi, so that if the phone wants to do some sort of DNS lookup that my server might block (if it was using my DNS servers as it was connected via WiFi) it'll work.
Here we go. {full documentation follows}
Re:Debunked - Did anyone actually try verifying th (Score:5, Informative)
Karl continues:
Let's push the button and see who talks to us.
Jul 18 10:25:05 NewFS imapd[88446]: Login user=test host=mc35536d0.tmodns.net [208.54.85.195]
And that's all. (That's the phone's IP address on T-Mobile, incidentally.)
Now let's look at the SMTP server and see if there's any evidence of a connection from the 68.171 address block -- which belongs to BlackBerry, and which is alleged tries to connect back.
[root@NewFS /var/log]# grep 68.171 spamblock /var/log]#
[root@NewFS
Nothing. Is the 208.54 address there?
Jul 18 10:09:21 NewFS spamblock-sys[81673]: Starting SSL/TLS negotiation with peer [208.54.85.195] /var/log]#
Jul 18 10:24:53 NewFS spamblock-sys[88447]: Starting SSL/TLS negotiation with peer [208.54.85.195]
[root@NewFS
Why yes there is, as the phone does connect to validate that the connection works (and it tells you it's doing so.) The other line, incidentally, is because there's another email account there (my real one!)
The phone connected to the SMTP server ("spamblock-sys" is my custom spam filter, which knows how to perform SSL/TLS negotiation) and performs a STARTTLS negotiation exactly as I told it to do.
Incidentally, it also brings up the server's certificate and asks me if it's ok too.
But there is no connection back to either service from any other location related to this account setup. Not from BlackBerry, not from some other place, nowhere. Period.
For those who want a bit more background on the SMTP side the code in question, particularly the SMTP code, is mine. The SMTP server in question ("Spamblock-Sys") was written from the ground up by myself. I know every single line of that code and am not relying on anyone else's word as to what is and is not logged, since I wrote it.
The IMAP server in question is WU's with moderate modification.
I have no idea if the guy in Germany is lying or if he is on an account provisioned for BIS (the older BlackBerry handsets) and his mobile provider is intercepting the transaction and passing it to BIS, which is doing what he's talking about.
Re: (Score:2)
Actually, the Heise article clearly states this only happens if you do not use the "advanced" configuration option and if you use the advanced one (and select yourself what kind of connection it is), the transfer of password does _not_ happen. The also state that unfortunately, the "advanced" tag is hidden under the virtual keyboard and so easily overlooked, which is completely true. (Yes, I am a German native speaker and did read the Heise article. Nobody is lying there at all.)
Re: (Score:3)
Yeah, which is why I always laugh whenever anyone says they are secure devices.
If they can rationalize this behavior only FSM know what else they are doing.
Re: (Score:2)
But I guess thanks to that nice Mr Snowden, he doesn't have as much to hide any more.
Re: (Score:2)
Yeah, which is why I always laugh whenever anyone says they are secure devices.
What part of "Dont have a BES" didnt you understand?
Theyre secure devices when you purchase and run the server thats designed to manage them. Otherwise, yes, youre having RIM host the BES service ("BIS"), and you're giving them your credentials. Thats irrelevant to 99% of IT departments though, since noone of any significant size bases their mobile infrastructure on BIS.
BES Express went free several years ago and is way more secure than SSL, even if people criticizing blackberries choose to remain ignoran
Re: (Score:2)
No part of it. The fact that it is needed furthers my argument, thanks.
Everyone save a few that work at RIM are ignorant of how BES works, they won't show us. Sure they say nice words, but there is no way to know if any of it is true.
Re: (Score:2)
You could, you know, do some research. How BES works is pretty well documented. You can monitor the connections to know its true.
If you want to spread FUD (which seems to be your intention) I guess I cant stop you, though, so carry on.
Re: (Score:2)
Documentation claims the PS3 is unhackable. We all know how that went.
Not FUD, just simple facts. Things you cannot audit are not something anyone should really call secure. I have done plenty of research after I found out how terribly BES worked as a product and how poorly it communicated to administrators.
Clearly you have some vested interest in the product, so nothing will convince you.
Re: (Score:3)
Maybe the firmware of your device, mine is not running an official one.
If you have to let them store your password it is insecure. It is that simple. A good secure proxy system would be handed a token that identifies them as a user of your account but not you. So that one could actually audit usage and the like. BIS does not do this because it is less of integration and more of a MITM attack.
Re: (Score:2)
I've read all the comments on this thread (at time of posting) and this is the FIRST commenter that actually understands what the problem actually is.
For BB10 devices:
For nonBB10 devices with BES or BIS:
So, yes, if BB10s are sending email creds to RIM, then that's huge fuckup.
My guess is, someone forgot to comment out that lump of code when they switched to ActiveSync support.
Re: (Score:2)
"blackberry has always worked like this."
No, it hasn't. In the past the BES server has credentials for a *single* privileged account that interacts with the mail server. The newest version uses ActiveSync rather than MAPI for that interaction, and it connects with credentials for each individual account. Those credentials are those the article is talking about, and unlike the single BES account, they can be used to access user accounts/data/info anywhere on the network a user can.
Re:lol what (Score:5, Informative)
Actually is has, if you don't have a BES.
If you needed to login to a server that did not have a BES you were forced to hand over your credentials to blackberry since the devices themselves did not talk any other protocols.
They called this service BIS.
Re: (Score:2)
I was wrong; the retained password behavior applies to POP/IMAP accounts, not ActiveSync. Sorry.
Re: (Score:2)
The license fees are not the problem, the problem is the product sucks. About two years ago we announced the end of our BES, as phones were replaced anyone getting a blackberry product would simply not be added to the BES and be forced to live with BIS. Activesync supporting devices would get all the nice calendar and contact features. It took about 6 months to get rid of the last couple stragglers. Turning off that server saved more money in overtime than it did in license fees.
Re: (Score:2)
We were hands off when it broke. Then had to be rebooted for messages to return to one user, causing an outage for the others. Or repushing service books for no good reason, on and on.
The product sucks. There is nothing to really admin anyway. Everything is click the shiny button and pray it works this time. Typical crap windows software.