BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 09-17-2007, 09:47 PM   #41 (permalink)
BlackBerry Extraordinaire
 
jbairdjr's Avatar
 
Join Date: Feb 2005
Location: Lincoln, Ne
Model: 9550
OS: 5.0
Carrier: Verizon
Posts: 1,232
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Please Login to Remove!

Not to pile on, but snatching packets and adding data would be an amazing (impossible?)thing.
But until any specifics are presented, those here wont buy it.
__________________
Blackberry Storm2 (Verizon)
7280-7780-7290-7100g-7250-8703-8830-8330-9530-9550
Offline  
Old 09-17-2007, 10:06 PM   #42 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by coastuser View Post
I am not savvy technically so do not know what a third party application actually means. If you explain it in lay terms, I can respond.
An application that was downloaded and installed by the end-user or pushed to the end-user from a trusted source (carrier via BIS, BES, etc). The particulars of the exploit that is known would be a downloaded application that was knowingly installed by an end user via an email link or directly through the browser while browsing. In other words, it REQUIRED end-user interaction to install the application.


Quote:
Originally Posted by coastuser
PS Most people do not know how to encrypt their email.
The entire transport for BIS and BES emails is already encrypted, although there are extra layers (SMIME, PGP, etc) that you can add to AES and 3DES. Take it for what it's worth, but without a third party application allowing the manipulation of unencrypted messages on the device or the possibility of a compromised messaging server, then it would be practically impossible to manipulate the data while in transport in the exact time frame you had to crack it (unless we can pinhole time and space and all that jazz to fit a few years worth of cracking on high-dollar server farms into a single pre-defined time frame at-will).
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 09-17-2007, 10:29 PM   #43 (permalink)
Talking BlackBerry Encyclopedia
 
eZainny's Avatar
 
Join Date: Apr 2007
Location: Brisbane, Australia.
Model: 8300
PIN: N/A
Carrier: Optus
Posts: 340
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well...


As has already been mentioned, there is one way this can happen...


In fact, I know a certain third-party application that when installed on the BlackBerry will automatically append a few sentences to any emails sent from the device and never tell the user about it (*Cough*, *Cough*)...
__________________
View HTML email today with the Best Selling BlackBerry application: BBSmart Email Viewer
Offline  
Old 09-17-2007, 10:32 PM   #44 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,679
Post Thanks: 4
Thanked 96 Times in 71 Posts
Default

Quote:
Originally Posted by eZainny View Post
In fact, I know a certain third-party application that when installed on the BlackBerry will automatically append a few sentences to any emails sent from the device and never tell the user about it (*Cough*, *Cough*)...
Touche! Now, that's funny!
Offline  
Old 09-17-2007, 10:36 PM   #45 (permalink)
BlackBerry Master
 
djm2's Avatar
 
Join Date: Jul 2007
Model: 9780
PIN: N/A
Carrier: T-Mobile
Posts: 4,634
Post Thanks: 28
Thanked 12 Times in 12 Posts
Default

Wirelessly posted (BlackBerry8830/4.2.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/104)

Good!
__________________
Uncertainty. Something you can count on.
Offline  
Old 09-17-2007, 10:45 PM   #46 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default

Quote:
Originally Posted by coastuser View Post
One last thought. This has been the most hostile and least helpful of any attempt to research an issue I have ever had.
Oh, I am betting that is just not totally true. The most hostile you have ever had? You must not put yourself out in the public very often or you might learn what a real hostile crowd is like!

I am really wondering why this is so very important to your for your friend, that you would take it this far, in your research. You discount all these reasonable people who know much much more about this technology than you.

And how are you so very certain that RIM is investigating this? They have told you so? Hmmm,.. then why your need to come here? Something in the details sounds very fishy here, almost like you are not telling all you know.

Nevertheless, RIM will get to the bottom of it.
Offline  
Old 09-17-2007, 10:56 PM   #47 (permalink)
Talking BlackBerry Encyclopedia
 
eZainny's Avatar
 
Join Date: Apr 2007
Location: Brisbane, Australia.
Model: 8300
PIN: N/A
Carrier: Optus
Posts: 340
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

To add something useful to this conversation...

I'd say what the OP is talking about could be true. Do I think he saw a case of this exploitation with his friend? No.

Whenever anybody thinks something is 100% bulletproof - it always turns out not to be. Especially in the field of computer science. Large complex systems like RIMs architecture are vulnerable on many fronts to exploitation I'm sure. Read any intelligent book on "social hacking" and you'll quickly learn how much information an interested individual can glean just by pretending to be somebody else on the phone, over emails, etc. This is probably the most susceptible front for "unbreakable" systems.

For example, what good is a password lock on a computer if the user has a sticky note attached the monitor with the password written on it? Or is willing to give out their password to anyone who calls on the phone and identifies themself as the "Computer Admin"?

Aside: For any one interested in some of the internal mechanisms of the BlackBerry, in particular pertaining to security, I recommend you download and have a leaf through the following presentation written from the perspective of a "hacker":
http://www.blackhat.com/presentation...H-US-06-FX.pdf

(DL Warning: 18.6MB).
__________________
View HTML email today with the Best Selling BlackBerry application: BBSmart Email Viewer
Offline  
Old 09-17-2007, 11:00 PM   #48 (permalink)
BlackBerry God
 
LunkHead's Avatar
 
Join Date: Jan 2005
Location: Here
Model: 850
OS: 0.0.00001
PIN: kie swear
Carrier: USPS Priority
Posts: 10,973
Post Thanks: 148
Thanked 142 Times in 54 Posts
Default

I agree nothing is 100% and anything is possible (1 in a billion is still a possible)

The mothership could land tonight and we could see invasion of the body snatchers... RIM could say "hey we love our BB users and are going to give them all a free device...

Even a better example of the impossible happening is that I could get a date!!!

Offline  
Old 09-17-2007, 11:06 PM   #49 (permalink)
Talking BlackBerry Encyclopedia
 
eZainny's Avatar
 
Join Date: Apr 2007
Location: Brisbane, Australia.
Model: 8300
PIN: N/A
Carrier: Optus
Posts: 340
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by LunkHead View Post
Even a better example of the impossible happening is that I could get a date!!!


Impossible! BSD users are meant to be single - it would be paradoxical for one not to be
__________________
View HTML email today with the Best Selling BlackBerry application: BBSmart Email Viewer
Offline  
Old 09-18-2007, 06:19 AM   #50 (permalink)
BlackBerry God
 
LunkHead's Avatar
 
Join Date: Jan 2005
Location: Here
Model: 850
OS: 0.0.00001
PIN: kie swear
Carrier: USPS Priority
Posts: 10,973
Post Thanks: 148
Thanked 142 Times in 54 Posts
Default

Quote:
Originally Posted by eZainny View Post
Impossible! BSD users are meant to be single - it would be paradoxical for one not to be
Hahahaha
Offline  
Old 09-18-2007, 06:38 AM   #51 (permalink)
Talking BlackBerry Encyclopedia
 
jddphd's Avatar
 
Join Date: May 2005
Location: Levallois-Perret FRANCE
Model: 9700
Carrier: Orange FR
Posts: 274
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by LunkHead View Post
He'd post them if he could but it's a safety issue...
I could tell you...



...but then I'd have to kill you.


I know one person who could crack the encryption on a Blackberry.

Just by looking it at.




























































__________________
MUST - the independent Manchester United supporters' trust - www.joinMUST.org
Offline  
Old 09-18-2007, 11:38 AM   #52 (permalink)
CrackBerry Addict
 
Jagga's Avatar
 
Join Date: Oct 2004
Location: Toronto
Model: Z10
Carrier: Lord Rogers - 107
Posts: 862
Post Thanks: 6
Thanked 6 Times in 5 Posts
Default

Quote:
Originally Posted by coastuser View Post
Thank you for this reasoned response. I know it is being investigated by RIM and not being dismissed out of hand for which we are very grateful. They are handling it in a very responsible manner so far. They are still working through the particulars and the potential paths. I am not savvy technically so do not know what a third party application actually means. If you explain it in lay terms, I can respond. I only know what happened and am trying to figure out how. I always use my BB and have felt entirely secure. But now have to deal with this.
I'm just VERY curious that RIM wasn't notified or have they been? Also if this expert - FINANCIALLY secured - would have particularly potent information that Microsoft would LOVE to have in order to fight against RIM's market domination ... I'm surprised that if this is such a security issue that it isn't posted on the national news - this would help National security identify and have high exposure to this and have RIM put such a high focus on a resolution to this.

Curious ... was this user on a BIS account or on a BES account? if the latter what version?

Surprised nobody asked this before chopping his head off ?? Also what device & firmware revision is on it?
__________________
Senior help desk administrator (rim_db_admin_sr_helpdesk)
Serious Mobile
Offline  
Old 09-18-2007, 01:14 PM   #53 (permalink)
BlackBerry Extraordinaire
 
003402's Avatar
 
Join Date: Nov 2005
Location: Colorado Foothills
Model: 8330
PIN: S AND NEEDLES
Carrier: VZW
Posts: 1,098
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Coast,

Although you feel your experience here might have been rougher than usual, I don't think you will find a more highly committed, knowledgeable, passionate (about BB) group of people than the folks you are talking to. If there is anything that I have learned here is that they are here to help, and I don't think they are asking you for anything that they wouldn't ask anybody else. For the most part, this is a fact-based, scientific group. They thirst for the knowledge too, if presented with a reasonable set of data. To date, you have not offered anything tangible.

For folks to help you, they need data...as many facts as possible. Explain the situation more fully.

Model, Operating system, explanation of the situation, copy of the email (sanitized of course) all would be helpful. Also, your or your friend's course of action (did you contact RIM? TMO? A computer security expert?) and the response.

Hearsay, rumor, and innuendo cannot help you resolve this. Post the computer expert's name (if he is indeed an expert, he would have to be publicly recognized as one), or his companies bio's. Post links to your research. If you do, you will gain respect from this group, for advancing the cause of BB knowledge. Hell, Lunk might even devote a FAQ to you if you have some credible information.
__________________
"out of chaos comes opportunity"
Offline  
Old 09-18-2007, 01:23 PM   #54 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default

Jagga, the OP states he/she is "certain" RIM is investigating, and honestly, it doesn't truly matter whether BIS or BES, etc., if the OP does not cooperate. They are already certain and convinced it happened, and will not be talked down from the position that it could not have happened.

Again, there is much more here than meets the eye.
Offline  
Old 09-18-2007, 01:50 PM   #55 (permalink)
BlackBerry Extraordinaire
 
Perfect Storm's Avatar
 
Join Date: Dec 2006
Location: Ottawa
Model: 8900
OS: 4.6.1.114
Carrier: Rogers
Posts: 2,467
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

The rumour is (no idea if it's actually true) that the CIA dismantled every aspect of the BlackBerry solution (hardware software and every communication point in between) in an attempt to crack the security. They were unable to do so and thus okayed the US Government adoption of the device.

Whether it's true or not, to date there has been only one released way that I know of to compromise BlackBerry and that has been through stupidly installed 3rd party apps. The fact is that this is the security hole in every system for which there is no true way to avoid.

As many have pointed out already, give some evidence for people to go on. Maybe it's true, but no one will believe you if you just have some BS opinions to throw out. Security "experts" are not always so knowledgeable. When it comes to BlackBerries, you'll find that many of the people here are.
__________________
www.petermac.ca - Photo wallpapers only in BlackBerry Internet Browser
www.BBeXtras.com - Photo wallpapers sent to your BlackBerry
BlackBerry Themes
Offline  
Old 09-18-2007, 03:14 PM   #56 (permalink)
BlackBerry Extraordinaire
 
Join Date: Feb 2006
Model: Charm
OS: 2.1
Carrier: T-Mobile
Posts: 1,071
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I think you guys are all looking into this a little too hard.

Here's my guess. did this altered message say "Sent from my Blackberry Wireless Handheld via T-Mobile"?
Offline  
Old 09-18-2007, 03:18 PM   #57 (permalink)
BlackBerry Master
 
djm2's Avatar
 
Join Date: Jul 2007
Model: 9780
PIN: N/A
Carrier: T-Mobile
Posts: 4,634
Post Thanks: 28
Thanked 12 Times in 12 Posts
Default

Quote:
Originally Posted by rjw3000 View Post
I think you guys are all looking into this a little too hard.

Here's my guess. did this altered message say "Sent from my Blackberry Wireless Handheld via T-Mobile"?
That would be a hoot!
Offline  
Old 09-18-2007, 03:21 PM   #58 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default

haha, it would be a hoot if she were flipping out over only that.
Offline  
Old 09-18-2007, 03:50 PM   #59 (permalink)
BlackBerry Extraordinaire
 
Join Date: Feb 2006
Model: Charm
OS: 2.1
Carrier: T-Mobile
Posts: 1,071
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, you know when it comes to troubleshooting with zero information, you might as well start with the most basic thing. =P
Offline  
Old 09-18-2007, 04:35 PM   #60 (permalink)
Talking BlackBerry Encyclopedia
 
jddphd's Avatar
 
Join Date: May 2005
Location: Levallois-Perret FRANCE
Model: 9700
Carrier: Orange FR
Posts: 274
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm still betting on Chuck.
__________________
MUST - the independent Manchester United supporters' trust - www.joinMUST.org
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.