Results 1 to 13 of 13

i dont know if this has been adressed. i could not find it but if ... General Blackberry forum

  1. #1
    NICKY88XX's Avatar
    NICKY88XX no está en línea Stack level 5
    Join Date
    Mar 2007
    PIN/ID
    ask me
    Posts
    1,352

    major bb security flaw....

    Advertisement



    i dont know if this has been adressed. i could not find it but if not im posting again.. sorry.

    all my employees have bbs.. all have computers. all back up. a couple of weeks ago my secretary broke her screen on her bold. and i told her to use my laptop to back her phone up to restore a new one. no problem and she did so. (it was forgotten about)

    today. i had a close encounter with mis-placing my bb so for precaution i have a brand new 8700 and i figured id back up all my bolds info onto the 8700 from my last backup just incase... well i thought it was my back up..

    i plugged in the 8700 hit restore in desktop manager to the last saved backup. no problem everything loaded. when it was done. it said enter new password.. so i figured hmm ok so i entered my password. now the shocking part to me.. all of my secretaries contacts, texts, emails, memos, tasks, calender appts, basically her whole phone minus password keeper was now on my 8700.. its no big deal because she works for me. i whiped the phone, and done..

    but that easy??? all someone needs is a blackberry access to your computer and they can take all of your info from your blackberry and load it to theres. regaurdless if its password protected or not.. this bothers me. i know you should password protect everything. comps. laptops. bbs. but this was to easy. done in less then 5 minutes. and i had every single thing in her phone.... just a warning and be carefull and password protect your computers and never leave them up and running when your not around. im baffled
    www.bbmchat.com sign up today!! come follow me at www.twitter.com/bbmchat and win free blackberry of your choice and cash 1st 1,000 members. spread the word.

  2. #2
    Berryadict's Avatar
    Berryadict no está en línea Stack level 7
    Join Date
    Jul 2008
    Posts
    3,297
    ~via smartphone~
    You'd think it'd only load to the same PIN...remarkable.

  3. #3
    Sirthinks's Avatar
    Sirthinks no está en línea Stack level 5
    Join Date
    Jan 2008
    PIN/ID
    2831A313
    Posts
    1,569
    Quote Originally Posted by Berryadict View Post
    ~via smartphone~
    You'd think it'd only load to the same PIN...remarkable.
    When you do a restore you click on a FILE.... I guess it will restore whichever backup you click on to whichever BB is plugged into it.

    Of course, as a rule, most people don't backup BB's for multiple people on a single laptop. When I walk away from my computer I lock it. The chances of this happening are slim, but it is something that should be looked into.

    RIM.....
    If you want to make an apple pie from scratch, you must first create the universe. - Carl Sagan

  4. #4
    jchapman01's Avatar
    jchapman01 no está en línea Stack level 3
    Join Date
    Oct 2006
    PIN/ID
    24a51ff4
    Posts
    333
    Yeah, that's definitely a problem! Wow! I never thought about that.... I'm definitely gonna be careful about what bb's connect to my computer now and i'm gonna hide all my backups into encrypted folders!

  5. #5
    betavirus's Avatar
    betavirus no está en línea Stack level 2
    Join Date
    Jun 2007
    Posts
    68
    I believe it has been mentioned either here or on other forums. If backing up multiple phone data be sure to keep them in different directories. That way if you need to restore any one of them it is a simple matter of selecting the correct directory and the latest file from that location.

  6. #6
    Sirthinks's Avatar
    Sirthinks no está en línea Stack level 5
    Join Date
    Jan 2008
    PIN/ID
    2831A313
    Posts
    1,569
    Quote Originally Posted by betavirus View Post
    I believe it has been mentioned either here or on other forums. If backing up multiple phone data be sure to keep them in different directories. That way if you need to restore any one of them it is a simple matter of selecting the correct directory and the latest file from that location.
    That is exactly what I do. I do it for ease of organization and lack of confusion. It never even occurred to me that it could be a security issue.
    If you want to make an apple pie from scratch, you must first create the universe. - Carl Sagan

  7. #7
    RoboticGolem's Avatar
    RoboticGolem no está en línea Stack level 3
    Join Date
    Nov 2006
    PIN/ID
    24ab431b
    Posts
    128
    The only place my backup goes is onto an encrypted key that I keep with me. I never thought it would be that easy, but I was alway paranoid of someone brute forcing the backup.

    Now I'm even more paranoid.

    ~via smartphone~

  8. #8
    bajanbastard's Avatar
    bajanbastard no está en línea Stack level 4
    Join Date
    May 2008
    Posts
    510
    Yes. It is that easy. I've updated quite a few berries many not my own and i could easily restore a back up file that was on a different BB on my own. Contacts, messages, PIN numbers, Call logs etc, etc. Its all there in that back up file.
    Device history: 8100 > 8320 > 8900 & 9530. Keep crackin'

  9. #9
    Sirthinks's Avatar
    Sirthinks no está en línea Stack level 5
    Join Date
    Jan 2008
    PIN/ID
    2831A313
    Posts
    1,569
    Quote Originally Posted by bajanbastard View Post
    Yes. It is that easy. I've updated quite a few berries many not my own and i could easily restore a back up file that was on a different BB on my own. Contacts, messages, PIN numbers, Call logs etc, etc. Its all there in that back up file.
    IT is kind of silly, with all the encryption, passwording and keys etc.... That there would be such a blatant hole in the security!!
    If you want to make an apple pie from scratch, you must first create the universe. - Carl Sagan

  10. #10
    Meh!'s Avatar
    Meh! no está en línea Stack level 3
    Join Date
    Dec 2007
    PIN/ID
    PM me...
    Posts
    226
    Holy...That's creepily crazy. Yea, that needs some kind of attention. To load a backup it should store the users pass in the backup, and you should have to have the password in order to restore the backup. Be it same better or another.. CRAZY!

  11. #11
    soulmedic's Avatar
    soulmedic no está en línea Stack level 2
    Join Date
    Jul 2007
    PIN/ID
    24595932
    Posts
    26
    I have a Pearl 8120 and my girlfriend has a Pearl 8130, I perform backups, upgrades and all BB matters on my computer, and I have loaded the wrong info into the wrong phone...easy to do, when the Desktop manager uses a standard naming structure instead of PIN based naming for files.

    I have since then split directories for each phones backups, apps, and software to help keep them seperate.

    I use a TrueCrypt Volume to hold the backup files, to an outsider it looks like a single file, but once accessed through a password, the internal data structure contains folders.
    When it isn't mounted I can copy and move the file, but I am the only person able to access the data.

    Easy and free. Check it out...TrueCrypt.

  12. #12
    rjs87's Avatar
    rjs87 no está en línea Stack level 3
    Join Date
    Sep 2007
    Posts
    337
    You might just want to backup all BBs and save the backup files to thumbdrive and put that in a safe or keep it somewhere secure

    ~via smartphone~
    Last edited by rjs87; 02-04-2009 at 02:00 AM.

  13. #13
    bmanley's Avatar
    bmanley no está en línea Stack level 4
    Join Date
    May 2006
    Posts
    803
    The only security this has is if you have a password set on the device you would have to enter it to connect to the DM. Makes me think that is you have a backup on your computer it was loaded there with the owners permission, should have a way to secure it for loading but they didn't.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •