[jbairdjr]

Not to pile on, but snatching packets and adding data would be an amazing (impossible?)thing.
But until any specifics are presented, those here wont buy it.

[jibi]

Quote:

Originally Posted by coastuser

I am not savvy technically so do not know what a third party application actually means. If you explain it in lay terms, I can respond.

An application that was downloaded and installed by the end-user or pushed to the end-user from a trusted source (carrier via BIS, BES, etc). The particulars of the exploit that is known would be a downloaded application that was knowingly installed by an end user via an email link or directly through the browser while browsing. In other words, it REQUIRED end-user interaction to install the application.

Quote:

Originally Posted by coastuser

PS Most people do not know how to encrypt their email.

The entire transport for BIS and BES emails is already encrypted, although there are extra layers (SMIME, PGP, etc) that you can add to AES and 3DES. Take it for what it's worth, but without a third party application allowing the manipulation of unencrypted messages on the device or the possibility of a compromised messaging server, then it would be practically impossible to manipulate the data while in transport in the exact time frame you had to crack it (unless we can pinhole time and space and all that jazz to fit a few years worth of cracking on high-dollar server farms into a single pre-defined time frame at-will).

[eZainny]

Well...


As has already been mentioned, there is one way this can happen...


In fact, I know a certain third-party application that when installed on the BlackBerry will automatically append a few sentences to any emails sent from the device and never tell the user about it (*Cough*, *Cough*)...

[John Clark]

Quote:

Originally Posted by eZainny

In fact, I know a certain third-party application that when installed on the BlackBerry will automatically append a few sentences to any emails sent from the device and never tell the user about it (*Cough*, *Cough*)...

Touche! Now, that's funny!

[djm2]

Wirelessly posted (BlackBerry8830/4.2.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/104)

Good!

[JSanders]

Quote:

Originally Posted by coastuser

One last thought. This has been the most hostile and least helpful of any attempt to research an issue I have ever had.

Oh, I am betting that is just not totally true. The most hostile you have ever had? You must not put yourself out in the public very often or you might learn what a real hostile crowd is like!

I am really wondering why this is so very important to your for your friend, that you would take it this far, in your research. You discount all these reasonable people who know much much more about this technology than you.

And how are you so very certain that RIM is investigating this? They have told you so? Hmmm,.. then why your need to come here? Something in the details sounds very fishy here, almost like you are not telling all you know.

Nevertheless, RIM will get to the bottom of it.

[eZainny]

To add something useful to this conversation...

I'd say what the OP is talking about could be true. Do I think he saw a case of this exploitation with his friend? No.

Whenever anybody thinks something is 100% bulletproof - it always turns out not to be. Especially in the field of computer science. Large complex systems like RIMs architecture are vulnerable on many fronts to exploitation I'm sure. Read any intelligent book on "social hacking" and you'll quickly learn how much information an interested individual can glean just by pretending to be somebody else on the phone, over emails, etc. This is probably the most susceptible front for "unbreakable" systems.

For example, what good is a password lock on a computer if the user has a sticky note attached the monitor with the password written on it? Or is willing to give out their password to anyone who calls on the phone and identifies themself as the "Computer Admin"?

Aside: For any one interested in some of the internal mechanisms of the BlackBerry, in particular pertaining to security, I recommend you download and have a leaf through the following presentation written from the perspective of a "hacker":
http://www.blackhat.com/presentation...H-US-06-FX.pdf

(DL Warning: 18.6MB).

[LunkHead]

I agree nothing is 100% and anything is possible (1 in a billion is still a possible)

The mothership could land tonight and we could see invasion of the body snatchers... RIM could say "hey we love our BB users and are going to give them all a free device...

Even a better example of the impossible happening is that I could get a date!!!

[eZainny]

Quote:

Originally Posted by LunkHead

Even a better example of the impossible happening is that I could get a date!!!

Impossible! BSD users are meant to be single - it would be paradoxical for one not to be

[LunkHead]

Quote:

Originally Posted by eZainny

Impossible! BSD users are meant to be single - it would be paradoxical for one not to be

Hahahaha

[jddphd]

Quote:

Originally Posted by LunkHead

He'd post them if he could but it's a safety issue...

I could tell you...



...but then I'd have to kill you.


I know one person who could crack the encryption on a Blackberry.

Just by looking it at.

[Jagga]

Quote:

Originally Posted by coastuser

Thank you for this reasoned response. I know it is being investigated by RIM and not being dismissed out of hand for which we are very grateful. They are handling it in a very responsible manner so far. They are still working through the particulars and the potential paths. I am not savvy technically so do not know what a third party application actually means. If you explain it in lay terms, I can respond. I only know what happened and am trying to figure out how. I always use my BB and have felt entirely secure. But now have to deal with this.

I'm just VERY curious that RIM wasn't notified or have they been? Also if this expert - FINANCIALLY secured - would have particularly potent information that Microsoft would LOVE to have in order to fight against RIM's market domination ... I'm surprised that if this is such a security issue that it isn't posted on the national news - this would help National security identify and have high exposure to this and have RIM put such a high focus on a resolution to this.

Curious ... was this user on a BIS account or on a BES account? if the latter what version?

Surprised nobody asked this before chopping his head off ?? Also what device & firmware revision is on it?

[003402]

Coast,

Although you feel your experience here might have been rougher than usual, I don't think you will find a more highly committed, knowledgeable, passionate (about BB) group of people than the folks you are talking to. If there is anything that I have learned here is that they are here to help, and I don't think they are asking you for anything that they wouldn't ask anybody else. For the most part, this is a fact-based, scientific group. They thirst for the knowledge too, if presented with a reasonable set of data. To date, you have not offered anything tangible.

For folks to help you, they need data...as many facts as possible. Explain the situation more fully.

Model, Operating system, explanation of the situation, copy of the email (sanitized of course) all would be helpful. Also, your or your friend's course of action (did you contact RIM? TMO? A computer security expert?) and the response.

Hearsay, rumor, and innuendo cannot help you resolve this. Post the computer expert's name (if he is indeed an expert, he would have to be publicly recognized as one), or his companies bio's. Post links to your research. If you do, you will gain respect from this group, for advancing the cause of BB knowledge. Hell, Lunk might even devote a FAQ to you if you have some credible information.

[JSanders]

Jagga, the OP states he/she is "certain" RIM is investigating, and honestly, it doesn't truly matter whether BIS or BES, etc., if the OP does not cooperate. They are already certain and convinced it happened, and will not be talked down from the position that it could not have happened.

Again, there is much more here than meets the eye.

[Perfect Storm]

The rumour is (no idea if it's actually true) that the CIA dismantled every aspect of the BlackBerry solution (hardware software and every communication point in between) in an attempt to crack the security. They were unable to do so and thus okayed the US Government adoption of the device.

Whether it's true or not, to date there has been only one released way that I know of to compromise BlackBerry and that has been through stupidly installed 3rd party apps. The fact is that this is the security hole in every system for which there is no true way to avoid.

As many have pointed out already, give some evidence for people to go on. Maybe it's true, but no one will believe you if you just have some BS opinions to throw out. Security "experts" are not always so knowledgeable. When it comes to BlackBerries, you'll find that many of the people here are.

[rjw3000]

I think you guys are all looking into this a little too hard.

Here's my guess. did this altered message say "Sent from my Blackberry Wireless Handheld via T-Mobile"?

[djm2]

Quote:

Originally Posted by rjw3000

I think you guys are all looking into this a little too hard.

Here's my guess. did this altered message say "Sent from my Blackberry Wireless Handheld via T-Mobile"?

That would be a hoot!

[JSanders]

haha, it would be a hoot if she were flipping out over only that.

[rjw3000]

Well, you know when it comes to troubleshooting with zero information, you might as well start with the most basic thing. =P

[jddphd]

I'm still betting on Chuck.