Friday, July 19, 2013

User data: BlackBerry collects unsolicited e-mail passwords - Times Online

Who uses a new BlackBerry mail program, sends all access to the company without realizing it or being able to prevent it.

A new BlackBerry Q10 A new BlackBerry Q10

e-mail program new BlackBerrys transfers without asking user name and passwords to the servers of the company. Thus, it gains access to all e-mail accounts of its users.

Frank Rieger, spokesman for the Chaos Computer Club, has discovered the secret transmission. Rieger had bought a BlackBerry Q10 and set up in the email app to access his mailbox via IMAP.


Rieger operates its own e-mail server. Shortly after the establishment of the BlackBerry App he recorded successful connection attempts from a BlackBerry server in Canada on his own, along with his credentials.

Worse still, the connection also went over the UK and the U.S., so it passes the monitoring infrastructure of British and American intelligence agencies. If the e-mail provider or your own mail server allows only encrypted connections using SSL / TLS can not read the while. But at least BlackBerry gets access to the data.

Patrick Beuth

Patrick Beuth


Patrick Beuth is digital editor at the resort at ZEIT ONLINE. His profile page click here.


H Security has become aware of the problem and the security expert Marc Heuse. After the data transfer takes place in encrypted form.

There is but one way to prevent the transmission of all, it says in H Security : You must set up your email account by clicking the button “Advanced”. This was, by default, hidden by the screen keyboard. To reach it, one must first touch anywhere outside the active text input field.

It is technically not necessary to transfer the data from private e-mail accounts on Blackberry server says Rieger, whose own company GMSK sold tap-proof mobile phones. Only the mail server operators need this data to allow access to the account from your mobile. In this case, they would have had to be sent without having to go to his own mail server. Only those who use BlackBerry services, you must live with that his credentials are sent to the company.

No comments:

Post a Comment