Blackbery has your full IMAP/POP3 creds, next up the Pontiff's headgear and the defecation habits of Ursi
Subject: General Tech | July 18, 2013 - 05:26 PM | Jeremy Hellstrom
Tagged: blackberry, fud
This story at Slashdot looks to be just the kind of FUD to spread to major news networks and talking heads everywhere, so before you get involved in the upcoming discussion know that this is how Blackberry, nee RIM, has always functioned. POP3 and IMAP connections are not done over your BES as ActiveSync traffic and the classic Exchange interface of pre-BB10 were and if you are not using SSL or TLS then you should already know that your credentials are sent unencrypted; if you were not aware of this you should Google SSL and TLS to learn exactly what those security protocols are for.
In a corporate environment, traffic to and from the BES is encrypted actually much more secure than most email traffic over the net and for companies hosting their own BES all Blackberry did was provide direction for network traffic, though this did mean issues at RIM could and did interfere with email delivery. If you had RIM host your BES, then obviously they had all your email credentials stored on a server they owned, though encrypted and not plain text, how else would the BES be able to push email from your Exchange server to your Blackberry.
For POP3 and IMAP traffic, RIM needs your credentials for the same reason, to be able to push email to your device instead of your device having to log into a server and pull email down. ActiveSync is how the new Blackberry OS connects to your Exchange environment and utilizes the security designed specifically for that protocol and thus your login credentials are secured, this 'discovery' does not apply to that traffic. On the other hand, if you are using non-ActiveSync email for your company, do not utilize SSL or TLS and created an email for your administrator account which is associated with a Blackberry ... you should be worried and frankly replaced by someone with a basic grasp of security.
"How a phone manufacturer making a somewhat successful come-back can shoot itself in the foot: Marc "van Hauser" Heuse, who works for German technology magazine Heise, has discovered that immediately after setting up an email account on Blackberry 10 OS, full credentials for that account are sent to Research In Motion, the Canadian Blackberry manufacturer. Shortly after performing the set-up, the first successful connections from a server located within the RIM domain appear in the mail server's logs."
Here is some more Tech News from around the web:
- Mesa 9.2 Can Boost Intel Haswell Graphics 30~40% On Linux @ Phoronix
- Sales at IBM decline 3.3 per cent in Q2, profits hit by layoffs @ The Register
- Intel flogging Atoms for belated push into mobile market @ The Register
- Ubuntu 13.10 Can Outperform OS X 10.9 On Intel OpenGL @ Phoronix
- Gamestick testing video is almost NSFW @ The Inquirer
- Iinterview with Joran Schoonderwoerd from MSI @ Kitguru
- I choose to be spied on @ The Tech Report