Skip to main content

BlackBerry 10 makes email passwords for NSA and GCHQ accessible


http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Ffrank.geekheim.de%2F%3Fp%3D2379&act=url

Summary in english:
When you enter your POP / IMAP email credentials into a BlackBerry 10 phone theywill be sent to BlackBerry without your consent or knowledge. A server with the IP 68.171.232.33 Which is in the Research In Motion (RIM) in Canada netblock will instantly connect to your mail server and log in with your credentials. If you do not have forced SSL / TLS Configured on your mail server, your credentials will be sent in the clear by BlackBerry's server for the connection. BlackBerry Malthus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing inbetween - Namely the NSA and GCHQ as Documented by the recent Edward Snowden leaks. Canada is a member of the "Five Eyes", the tigh-knitted cooperation between the interception agencies of USA, UK, Canada, Australia and New Zealand, so you need to assume thatthey have access to RIM's databases. Should you delete your e-mail accounts from any BlackBerry 10 device immediately, change the email password and resort to use of alternative mail program like K9Mail.
Clarification: this issue is not about PIN messaging, BBM, push messaging or any other BlackBerry service where did you expect your credentials are sent to RIM. This only happens if you enter your own private IMAP / POP credentials into the standard 10 BlackBerry email client without having any kind BER, special configuration or any explicit contract or service relationship with BlackBerry. Should the client only connect directly to your mail server and nowhere else. A phone hardware vendor has no right to for whatever reason harvest account credentials back to his server without explicit user consent and then on top of did connect back to the mail server with them.
Recipe for own experiment:
1 set up your own mail server with full logging
2 create throw-away IMAP account
3 enter IMAP account credentials into BlackBerry 10 device, note time
4 checkmail with BlackBerry
5 look in the log files for IP 68.171.232.33 (or others from RIM netblock)
Update:
Since some diehard Blackberry friends doubted the veracity of this discovery here are example log files from dovecot and smtpd. The original domain has been Replaced with "mymailserver.org" and the IP with "217.xxx.xxx.xxx".
I started Configuring the mail account 13:46. As can be seen CLEARLY, long before there is a successful connect from my mobile operator E-Plus (46.115.99.217) did shouldhave happened in the very first place, the BlackBerry server 68.171.232.33 connected back to my mail server apparently trying to figure out the correct configuration for the account, as soon as I had entered user, password and mail server name. And it sucessfully logged in with my email credentials after figuring out the correct SSL / TLS configuration.

Comments

Post a Comment

Popular posts from this blog

The Difference Between LEGO MINDSTORMS EV3 Home Edition (#31313) and LEGO MINDSTORMS Education EV3 (#45544)

http://robotsquare.com/2013/11/25/difference-between-ev3-home-edition-and-education-ev3/ This article covers the difference between the LEGO MINDSTORMS EV3 Home Edition and LEGO MINDSTORMS Education EV3 products. Other articles in the ‘difference between’ series: * The difference and compatibility between EV3 and NXT ( link ) * The difference between NXT Home Edition and NXT Education products ( link ) One robotics platform, two targets The LEGO MINDSTORMS EV3 robotics platform has been developed for two different target audiences. We have home users (children and hobbyists) and educational users (students and teachers). LEGO has designed a base set for each group, as well as several add on sets. There isn’t a clear line between home users and educational users, though. It’s fine to use the Education set at home, and it’s fine to use the Home Edition set at school. This article aims to clarify the differences between the two product lines so you can decide which
1 comment
Read more

Let’s ban PowerPoint in lectures – it makes students more stupid and professors more boring

https://theconversation.com/lets-ban-powerpoint-in-lectures-it-makes-students-more-stupid-and-professors-more-boring-36183 Reading bullet points off a screen doesn't teach anyone anything. Author Bent Meier Sørensen Professor in Philosophy and Business at Copenhagen Business School Disclosure Statement Bent Meier Sørensen does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. The Conversation is funded by CSIRO, Melbourne, Monash, RMIT, UTS, UWA, ACU, ANU, ASB, Baker IDI, Canberra, CDU, Curtin, Deakin, ECU, Flinders, Griffith, the Harry Perkins Institute, JCU, La Trobe, Massey, Murdoch, Newcastle, UQ, QUT, SAHMRI, Swinburne, Sydney, UNDA, UNE, UniSA, UNSW, USC, USQ, UTAS, UWS, VU and Wollongong.
Post a Comment
Read more

Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide)

https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/ Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide) I was always amazed when I read articles published by some hackers related to GSM technology. H owever , playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented. A fter reading various articles related to GSM BTS, I noticed that there were a lot of inconsistent and or incomplete information related to the topic. From this, I decided to write this article, detailing and describing step by step the building process of a portable and operational GSM BTS. Before starting with the “hands on”, I would like to thank all the pioneering Hackers and Researchers who started the studies related to previously closed GSM technology. In particul
Post a Comment
Read more