Forgot your password?

Updated: Report Claims BlackBerry 10 Sends Email Credentials to BlackBerry Servers

Update: BlackBerry’s statement on the report

 Obama dad

You have to love all the craziness going on since the latest round of NSA spying leaks. Many of us working in security know how little privacy we truly have which makes these worries seem comical. The latest report comes from a researcher in Germany that was shocked to find that BlackBerry is sending their email account credentials to BlackBerry’s servers whenever you sets up an email account. He correctly assumes that BlackBerry is doing this to help detect the setup of the email server but he was surprised that BlackBerry did not disclose doing this.

I have asked BlackBerry about this in the past since the whole legacy BlackBerry BIS system is based on BlackBerry storing your email credentials. BlackBerry has a whole configuration database now of how each email server works and autodetecting the best settings. BlackBerry is using that system to help setup your BlackBerry 10 email account. Now the report does have a point that BlackBerry should disclose the fact that they are doing this but my guess is that you will find this somewhere in the user agreement.

On one hand I do think BlackBerry could have an option that allows users to “use BlackBerry’s servers to help optimize the setup of your email account” but that would just complicate the process. BlackBerry has been transmitting user email credentials since the creation of BIS and has been managing to keep them secure for over a decade. Now with BlackBerry 10 they do not even store them so the issue seems to be even less.

Either way I really hope BlackBerry gets in front of this issue with full disclosure on what they are doing with this information. I reached out to them earlier and am awaiting a response.

You can see all the details on Geekheim’s report here. Scroll down for English.

Img credit: Imgur

12 total comments on this postSubmit your comment!
  1. Like I said in N4BB… What’s new here? BIS worked the same way (as you pointed in the article).

    Nobody was complaining then, I don’t see why we should be now.

    It’s not like BlackBerry is known for selling their user’s data.

    • People will do anything to prevent BlackBerry from rising once again. That is the issue, nothing more. Any news that can be made negative will be made negative and plastered all over the internet.

      You still have people claiming BB is on the verge of filing Chapter 11 lol, complete nonsense.

      The only way BlackBerry becomes un-secure is if they get a Court Order to provide info to the Authorities, that’s it. They are un-Crackable.

  2. This article is worthless.

    BIS works this way since day one and users know this. It is groundless to tie this with NSA.

    Post something new please.

  3. I posted it up because of all the tips we were getting about it with users freaking out. I got tired of explaining the situation to all of them separately so I wrote this :)

    Did you find some flaw in what I said? I essentially said someone is blowing smoke about a privacy issue that is nothing new and is something BlackBerry has been doing securely for decades. :)

  4. its been known for a while (disclosed by Michael Clewley) that email setup ‘taps into the RIM server infrastructure’. It was seen as an asset, its potential omission a grave mistake.

    Go figure.

    Any respectable company will provide user information, email password, and email content to gov officials with a warrant signed by a judge. This includes RIM, Gmail, hotmail, etc

  5. “Now with BlackBerry 10 they do not even store them”
    So passwords are not sent to BlackBerry anymore when using IMAP or ActiveSync? Would be a bit strange to still do it since passwords are not sent to BlackBerry when seting up a gmail account.

    • They are sent with the initial autodiscovery if I remember correctly but unlike BIS they are not stored on BlackBerrys servers after that point.

      • Thanks for the clarification :)

      • Do you know for a fact that they are not stored, or are you simply assuming that’s the case because there’s no need to store them? After all, there’s no real need to send them in the first place, and yet they do it without even telling you.

        • They have clarified that they do not store them. On the other hand they do store them for millions of BIS customers so I am not sure exactly what the concern is. BlackBerry has clarified that if you do not want their assistant to help setup the email account you can just use the advanced setup. Maybe they just need to explain that they plan on using your credentials to help you setup your account…

  6. So it isn’t a big deal if there’s no real danger. The user agreement, ha! Its funny how no one ever reads that, we could have agreed to never use deodorant ever again – a bad example but an example none the less.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC