1. danoh's Avatar
    There was a thread a few days ago that really struck me in a personal way. No, I wasn't affected by it as far as my BlackBerry was concerned, but I was affected by it because of what I do for a living.

    Please, if you are concerned about receiving communication from spammers or scammers on your BlackBerry via PIN messaging or BlackBerry Messenger, read the following paper I wrote on the subject.

    If I can save just one member of CrackBerry from getting unsolicited spam via their PIN, then I have served my purpose with this paper.

    If a moderator feels like moving this into the BlackBerry Tips, How To & FAQ Section, please do! Or if this is too controversial, please delete it. I'm just trying to help.

    Thank you.

    CrackBerry.com Forums: User PIN Security
    09-04-09 05:57 AM
  2. Rapid Dr3am's Avatar
    OMG he uses wget and regex to recurse through a site to get public information! He is so 1337!

    I ph34r j00 so much, teach me how to hax0rz n00bs plz!

    Oh wait, if you SPAM someone over PIN then you are easily traceable, and RIM would no doubt disable your PIN after complaints leaving you with a useless device.

    Would you not be better using the same idea to harvest emails like regular spammers and using free systems to spam us all?

    Oh and it's not like BBM even works most of the time.
    09-04-09 06:24 AM
  3. danoh's Avatar
    OMG he uses wget and regex to recurse through a site to get public information! He is so 1337!

    I ph34r j00 so much, teach me how to hax0rz n00bs plz!

    Oh wait, if you SPAM someone over PIN then you are easily traceable, and RIM would no doubt disable your PIN after complaints leaving you with a useless device.

    Would you not be better using the same idea to harvest emails like regular spammers and using free systems to spam us all?

    Oh and it's not like BBM even works most of the time.
    Thank you for reiterating how easy this is to accomplish, which was the main point of the paper.
    09-04-09 06:34 AM
  4. T�nis's Avatar
    Thanks for the article. It's very informative. I have a landline at home, and I just contacted my carrier and told it that if the telemarketing calls didn't stop immediately (particularly the ones from the auto dialers) I would be canceling my service and getting another cell. I authorized the removal of one service which I didn't use and the addition of one other (so the cost of the new service would be a wash). I told the customer service rep that I would try out her suggestion, but, if the situation didn't drastically improve in short order I would be gone anyway. So far, miraculously, the telemarketing calls have stopped, lol. So, I do think your suggestion of contacting RIM and someone else's suggestion of complaining to one's carrier (found in another topic) has merit and can be effective.

    As far as the PINs go here on the site, I wonder if perhaps the forum administration could set it up so that the PINs are only visible to members, and only when a member has reached a predetermined number of posts, like 10 or 20. Perhaps this would make it more difficult for the automatic (script type) harvesters to obtain the data. It would be almost like when one has to enter a captcha code to join a site. Of course, this wouldn't prevent a spammer from pretending to be a good member by making the required number of meaningful posts and then running his script, but maybe it would add an extra layer to frustrate him so he doesn't bother.

    Posted from my CrackBerry at wapforums.crackberry.com
    09-04-09 06:47 AM
  5. Radius's Avatar
    When I had a land line I had a package called "call reveal" which meant the person was stopped before dialing through to my number if they hid any of their personal details.

    It would prompt the user to dial 1 to reveal their info or hang up. Loved that service, almost no telemarketers after that.

    Posted from my CrackBerry at wapforums.crackberry.com
    09-04-09 09:06 AM
  6. T�nis's Avatar
    Yes, Radius, that is what I added. Verizon calls it "call intercept," and it's about $6/month. So far, so good.

    Posted from my CrackBerry at wapforums.crackberry.com
    09-04-09 09:23 AM
  7. todbanner's Avatar
    As far as the PINs go here on the site, I wonder if perhaps the forum administration could set it up so that the PINs are only visible to members, and only when a member has reached a predetermined number of posts, like 10 or 20. Perhaps this would make it more difficult for the automatic (script type) harvesters to obtain the data. It would be almost like when one has to enter a captcha code to join a site. Of course, this wouldn't prevent a spammer from pretending to be a good member by making the required number of meaningful posts and then running his script, but maybe it would add an extra layer to frustrate him so he doesn't bother.

    Posted from my CrackBerry at wapforums.crackberry.com
    This idea makes sense to me! We don't really want to have to give up our Pin exchange because of malicious spammers do we?

    Posted from my CrackBerry at wapforums.crackberry.com
    09-04-09 10:13 AM
  8. Coruptyed's Avatar
    Thanks for the post I haven't been spammed yet but should help others out

    Posted from my CrackBerry at wapforums.crackberry.com
    09-04-09 10:16 AM
  9. avacomputers's Avatar
    Good Paper. Well Written. Thanks for sharing with us.
    09-04-09 10:27 AM
  10. Jancy10's Avatar
    Thanks for the tip!...glad someone is trying to help...
    09-04-09 10:33 AM
  11. Radius's Avatar
    I can't believe you actually got all the PIN's. Perhaps if you posted the complete PINs in one place so we could all see them very easily?
    09-04-09 10:38 AM
  12. Radius's Avatar
    Thanks for the tip!...glad someone is trying to help...
    Good tip, and you may want to give it a try yourself. I can see your PIN still.
    09-04-09 10:39 AM
  13. howie's Avatar
    Yay, I made the list haha

    radius, he posted the full list on that site in first post.
    09-04-09 10:46 AM
  14. TheScionicMan's Avatar
    So you're saying if I post something on the internet in a public forum, that information might be seen and/or harvested by others?
    09-04-09 11:06 AM
  15. iEattehberry's Avatar
    There was a thread a few days ago that really struck me in a personal way. No, I wasn't affected by it as far as my BlackBerry was concerned, but I was affected by it because of what I do for a living.

    Please, if you are concerned about receiving communication from spammers or scammers on your BlackBerry via PIN messaging or BlackBerry Messenger, read the following paper I wrote on the subject.

    If I can save just one member of CrackBerry from getting unsolicited spam via their PIN, then I have served my purpose with this paper.

    If a moderator feels like moving this into the BlackBerry Tips, How To & FAQ Section, please do! Or if this is too controversial, please delete it. I'm just trying to help.

    Thank you.
    Wow great post, thank you for sharing! Also, probably a dumb question, is there a way to "block" a pin using bbm like on aim or yahoo messenger? I know you mentioned the firewall, but that blocks everyone correct? I was wondering if it is possible to block a single user? Thanks!
    gavinn likes this.
    09-04-09 11:08 AM
  16. Radius's Avatar
    Yay, I made the list haha

    radius, he posted the full list on that site in first post.
    I know, I was asking him not to obscure the list though, don't mask out part of it.

    A joke of course.
    09-04-09 11:30 AM
  17. giantfan30's Avatar
    OMG the sky is falling!!!
    09-04-09 11:50 AM
  18. Rapid Dr3am's Avatar
    Has anyone ever got PIN spam?

    I think OP was in a rush to prove that something can be done, to think about if it would be done.

    Until I hear that everyone in Nigeria has a BB, I'm hardly going to be concerned.
    09-05-09 03:50 AM
  19. danoh's Avatar
    Has anyone ever got PIN spam?

    I think OP was in a rush to prove that something can be done, to think about if it would be done.

    Until I hear that everyone in Nigeria has a BB, I'm hardly going to be concerned.
    There's a link to a thread here on CrackBerry that I mentioned. That thread happens to be about people getting spammed via PIN messages and/or BBM on their BlackBerry.

    I'm not in any rush. I'm just attempting to open people's eyes to a problem. Some BlackBerry newbies might not know about this, nor think about putting their information on a public website. I need not prove a thing. The proof that this is happening is already known.

    If you are not concerned, that's fine. It's not my place to make anyone concerned. I just showed what's possible. It's up to the reader to make their own decision about what they want to do.

    But, it's documented that spammers have indeed used PIN messaging before, and will continue to do so.
    Last edited by danoh; 09-05-09 at 06:26 AM.
    09-05-09 06:21 AM
  20. skyboxer's Avatar
    I've heard there are those in indonesia who can change the PIN of their devices at will. This would be a wonderful way to get a list of good PIN numbers to program phones with. Never pay for BB service again, just hijack a PIN.

    Posted from my CrackBerry at wapforums.crackberry.com
    09-05-09 07:00 AM
  21. taeisme's Avatar
    thank you for the info i need to be more careful with my PIN
    09-05-09 07:03 AM
  22. T�nis's Avatar
    Again, thanks for the info. I've found, in many cases when I've sounded the alarm about something, those in denial have reacted as follows:

    1. Disbelief, often accompanied by anger

    followed by

    2. Ridicule ("Get him a tinfoil hat!")

    finally coming around full circle to

    3. "We knew it all along." (That's the part where they repeat to me a year later what I told them two years ago as if they discovered it first.)

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by T�nis; 09-05-09 at 07:47 AM.
    09-05-09 07:44 AM
  23. Smurfy71's Avatar
    Thanks for the info.

    Posted from my CrackBerry at wapforums.crackberry.com
    09-05-09 08:17 AM
  24. anon(1603170)'s Avatar
    not only spam but pin duplication also? or noot? =[
    09-05-09 10:53 AM
  25. Rapid Dr3am's Avatar
    PIN spam? PIN cloning? We all going to have our BB's cloned and then have our identities stolen?

    FUD is a great marketting tool, why not create a Blackberry Security Suite?
    09-10-09 08:50 AM
38 12
LINK TO POST COPIED TO CLIPBOARD