Thursday, July 18, 2013
0
Blackberry 10 Sends Full Email Account Credentials To RIM
Anyone who has ever used his email account with a current BlackBerry, should think seriously to change his password: When setting up an email account on the BlackBerry 10, It sends the entered credentials to the server in Canada without the consent of the User.
When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge. A server with the IP 68.171.232.33 which is in the Research In Motion (RIM) netblock in Canada will instantly connect to your mailserver and log in with your credentials, a German based security researcher Frank Rieger writes.
If you have not forced SSL/TLS configured on your mail server, your credentials will be sent in the clear by the Blackberrys server for the connection. Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing in-between – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks.
You should delete your e-mail accounts from any Blackberry 10 device immediately, change the e-mail password and resort to use an alternative mail program like K9Mail, Researcher writers.
Clarification: this issue is not about PIN-messaging, BBM, push-messaging or any other Blackberry service where you expect that your credentials are sent to RIM. This happens if you only enter your own private IMAP / POP credentials into the standard Blackberry 10 email client without having any kind BER, special configuration or any explicit service relationship or contract with Blackberry. The client should only connect directly to your mail server and nowhere else. A phone hardware vendor has no right to for whatever reason harvest account credentials back to his server without explicit user consent and then on top of that connect back to the mail server with them.
Recipe for own experiment:
1. set up your own mail server with full logging
2. create throw-away IMAP account
3. enter IMAP account credentials into Blackberry 10 device, note time
4. check mail with Blackberry
5. look in logfiles for IP 68.171.232.33 (or others from RIM netblock)
Update:
Since some diehard Blackberry friends doubted the veracity of this discovery here are example logfiles from dovecot and smtpd. The original domain has been replaced with “mymailserver.org” and the IP with “217.xxx.xxx.xxx”.
I started configuring the mail account 13:46. As can be clearly seen, long before there is a successful connect from my mobile operator E-Plus (46.115.99.217) that should have happened in the very first place, the Blackberry server 68.171.232.33 connected back to my mailserver apparently trying to figure out the correct configuration for the account, as soon as I had entered user, password and mailserver name. And it logged in sucessfully with my e-mail credentials after figuring out the correct SSL / TLS configuration, Reiger writers.
smtpd log:
Jul 17 13:47:12 mymailserver vpopmail[98463]: vchkpw-submission: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:47:12 mymailserver vpopmail[98464]: vchkpw-submission: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:47:13 mymailserver vpopmail[98465]: vchkpw-smtp: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:47:13 mymailserver vpopmail[98466]: vchkpw-smtp: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:48:59 mymailserver vpopmail[98580]: vchkpw-smtp: (PLAIN) login success frank@mymailserver.org:46.115.99.217
dovceot log:
Jul 17 13:47:11 auth(default): Info: vpopmail(frank@mymailserver.org,68.171.232.33): lookup user=frank domain=mymailserver.org
Jul 17 13:47:11 auth(default): Info: client out: OK 1 user=frank@mymailserver.org
Jul 17 13:47:11 auth(default): Info: vpopmail(frank@mymailserver.org,68.171.232.33): lookup user=frank domain=mymailserver.org
Jul 17 13:47:11 auth(default): Info: master out: USER 96457 frank@mymailserver.org uid=89 gid=89 home=/usr/local/vpopmail/domains/mymailserver.org/frank
Jul 17 13:47:11 imap-login: Info: Login: user=<frank@mymailserver.org>, method=PLAIN, rip=68.171.232.33, lip=217.xxx.xxx.xxx, TLS
Jul 17 13:47:11 auth(default): Info: vpopmail(frank@mymailserver.org,68.171.232.33): lookup user=frank domain=mymailserver.org
Jul 17 13:47:11 auth(default): Info: client out: OK 1 user=frank@mymailserver.org
When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge. A server with the IP 68.171.232.33 which is in the Research In Motion (RIM) netblock in Canada will instantly connect to your mailserver and log in with your credentials, a German based security researcher Frank Rieger writes.
If you have not forced SSL/TLS configured on your mail server, your credentials will be sent in the clear by the Blackberrys server for the connection. Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing in-between – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks.
You should delete your e-mail accounts from any Blackberry 10 device immediately, change the e-mail password and resort to use an alternative mail program like K9Mail, Researcher writers.
 |
| Source: www.heise.de |
Recipe for own experiment:
1. set up your own mail server with full logging
2. create throw-away IMAP account
3. enter IMAP account credentials into Blackberry 10 device, note time
4. check mail with Blackberry
5. look in logfiles for IP 68.171.232.33 (or others from RIM netblock)
Update:
Since some diehard Blackberry friends doubted the veracity of this discovery here are example logfiles from dovecot and smtpd. The original domain has been replaced with “mymailserver.org” and the IP with “217.xxx.xxx.xxx”.
I started configuring the mail account 13:46. As can be clearly seen, long before there is a successful connect from my mobile operator E-Plus (46.115.99.217) that should have happened in the very first place, the Blackberry server 68.171.232.33 connected back to my mailserver apparently trying to figure out the correct configuration for the account, as soon as I had entered user, password and mailserver name. And it logged in sucessfully with my e-mail credentials after figuring out the correct SSL / TLS configuration, Reiger writers.
smtpd log:
Jul 17 13:47:12 mymailserver vpopmail[98463]: vchkpw-submission: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:47:12 mymailserver vpopmail[98464]: vchkpw-submission: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:47:13 mymailserver vpopmail[98465]: vchkpw-smtp: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:47:13 mymailserver vpopmail[98466]: vchkpw-smtp: (PLAIN) login success frank@mymailserver.org:68.171.232.33
Jul 17 13:48:59 mymailserver vpopmail[98580]: vchkpw-smtp: (PLAIN) login success frank@mymailserver.org:46.115.99.217
dovceot log:
Jul 17 13:47:11 auth(default): Info: vpopmail(frank@mymailserver.org,68.171.232.33): lookup user=frank domain=mymailserver.org
Jul 17 13:47:11 auth(default): Info: client out: OK 1 user=frank@mymailserver.org
Jul 17 13:47:11 auth(default): Info: vpopmail(frank@mymailserver.org,68.171.232.33): lookup user=frank domain=mymailserver.org
Jul 17 13:47:11 auth(default): Info: master out: USER 96457 frank@mymailserver.org uid=89 gid=89 home=/usr/local/vpopmail/domains/mymailserver.org/frank
Jul 17 13:47:11 imap-login: Info: Login: user=<frank@mymailserver.org>, method=PLAIN, rip=68.171.232.33, lip=217.xxx.xxx.xxx, TLS
Jul 17 13:47:11 auth(default): Info: vpopmail(frank@mymailserver.org,68.171.232.33): lookup user=frank domain=mymailserver.org
Jul 17 13:47:11 auth(default): Info: client out: OK 1 user=frank@mymailserver.org
Categories : Blackberry , Email account Credentials , privacy , RIM
Follow @TheHackersPost
About Author:
Nauman Ashraf is a security researcher, developer and blogger. He is Founder and Chief Editor of The Hackers Post. Follow him on
Twitter
Subscribe to:
Post Comments
(
Atom
)
0 Responses to “ Blackberry 10 Sends Full Email Account Credentials To RIM ”
Post a Comment