Results 1 to 4 of 4

Just upgraded my 8703e and discovered a pretty serious privacy breach. Seems that after applying ... RIM Blackberry 87xx forum

  1. #1
    traveler20's Avatar
    traveler20 no está en línea Stack level 1
    Join Date
    Nov 2007
    Posts
    7

    Lightbulb 8703e Upgrade Revealing Private BB Email Addresses and More

    Advertisement



    Just upgraded my 8703e and discovered a pretty serious privacy breach. Seems that after applying the upgrade, RIM’s mail servers began giving out my BB’s private email account to email senders requesting delivery receipts through Outlook 2003. In this case, it was for each non-primary email account that I had forwarded to the BB for push email. RIM is impersonating me, but sending the receipts back from the BB’s private email account. Besides revealing that that account is being monitored by a Blackberry, it’s also revealing my identity, since each receipt request was getting back three for each one sent (one each for my primary email account, my secondary email account, and my BB’s private email account). The upgrade added delivery and read receipt options within the device (didn’t have that before), but I’ve got all of them turned off for all email accounts. But even with all receipt options turned off, RIM is STILL sending delivery receipts back using my email address and revealing just which Blackberry email accounts are the recipient of each email (could be one or could be three).

    While push email is only fully functional for one email account on a Blackberry, and half-functional for non-primary email accounts (can receive incoming, but can’t respond until the “pull” version of the same email arrives 12 minutes later), this eliminates push email for non-primary email accounts without a mandatory privacy breach every time a sender requests a delivery receipt.

  2. #2
    traveler20's Avatar
    traveler20 no está en línea Stack level 1
    Join Date
    Nov 2007
    Posts
    7

    Re: 8703e Upgrade Revealing Private BB Email Addresses and More

    Did some additional testing and this was only the tip of the iceberg, so to speak. RIM is revealing ANY email forwarding target that reaches ANY email account configured on a Blackberry, private or otherwise. I saw this happen last week when I sent an email to someone’s private Yahoo email account and got a delivery receipt back from their office email address (sent by RIM) along with their full name (at least as their employer knows them).

    I recreated it a few minutes ago by forwarding one email account to another picked up on my BB, and RIM sent back a receipt to the original sender from the forwarding target. That shouldn’t have happened, since I have all delivery and read confirmation receipts turned off within the device.

  3. #3
    traveler20's Avatar
    traveler20 no está en línea Stack level 1
    Join Date
    Nov 2007
    Posts
    7

    Re: 8703e Upgrade Revealing Private BB Email Addresses and More

    I don’t know if anyone else is following this, but I now have a ticket open at RIM to escalate it. Apparently the issue is that the 4.2 device software upgrade has the delivery confirmation receipt option stuck “on,” whether you want it on or not. Since the device itself is generating the receipts, the timestamp on the receipt shows the time when the message landed on the device, and the the headers in the confirmation receipt give a clue to where the subscriber was when the message arrived on their device.

  4. #4
    traveler20's Avatar
    traveler20 no está en línea Stack level 1
    Join Date
    Nov 2007
    Posts
    7

    Re: 8703e Upgrade Revealing Private BB Email Addresses and More

    Just got email confirmation back from RIM last night. RIM wrote the 4.2 device software to force customers' devices to involuntarily respond to the delivery confirmation receipt requests, and can NOT be disabled by the subscriber. RIM is aware that there's a potential for dumping a lot of private customer identity and account details, and will not address it, and will not provide the previous version device software to back-level it.

    By interesting coincidence, RIM's corporate email servers are configured to NOT respond to the same confirmation requests, and as of my tech support phone call with RIM this past Saturday, RIM's Exchange admin apparently has locked out RIM employee's ability to turn them on in their outbound emails (we tested it).

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •