04-18-19 01:02 PM
79 1234
tools
  1. Matt J's Avatar
    Matt J
    @Bla1ze should do an article on the truth behind BBM privacy and security and put all this to rest.
    01-04-19 02:25 PM
  2. Bla1ze's Avatar
    Bla1ze
    CB OG
    Originally Posted by Matt J
    @Bla1ze should do an article on the truth behind BBM privacy and security and put all this to rest.
    It won't put anything to rest though. There's plenty of already existing articles highlighting the issues and concerns with all the various messaging apps. It'll just end up like BB10 article lol. Some will agree with me, and some will say I should be ashamed of myself as a BlackBerry fan for writing such drivel.

    I like to think BBM does the speaking for itself. Just look at the, arguably, dead weight added into the app these days with no way to remove it or opt out of it if you don't need it. eg: AliPay, etc. Look at all the connections it makes..

    http://
    http://139.224.138.243/gateway/ident...ace/initialize
    http://139.224.94.200/gateway/identi...ace/initialize
    http://aphome.id.dev.alipay.net
    http://aphome.id.devbranch1.alipay.net
    http://aphome.id.devbranch2.alipay.net
    http://aphome.id.sit.alipay.net
    http://cn-hangzhou-mas-log.cloud.ali...w/logUpload.do
    http://dana.id
    http://h5test.inc.alipay.net/case/in...3DNO%26pd%3DNO
    http://h5test.inc.alipay.net/perf/h5performance.html
    http://iclientgw.d9767.alipay.net/igw.htm
    http://iclientgw.stable.alipay.net/igw.htm
    http://iclientgw.test.alipay.net/igw.htm
    http://mdap-1-64.test.alipay.net
    http://mdap.alipaylog.com
    http://mobilegw.aaa.alipay.net/mgw.htm
    http://mobilegw.stable.alipay.net/mgw.htm
    http://mobilegw.test.alipay.net/mgw.htm
    http://openapi-1-64.test.alipay.net/gateway.do
    http://openapi.stable.alipay.net/gateway.do
    http://patriot.cs.pp.cn/api/resource.app.detect
    http://schemas.android.com/apk/res-auto
    http://schemas.android.com/apk/res/android
    http://wapcenter.stable.alipay.net/api/app
    http://wapcenter.test.alipay.net/api/app
    https://
    https://a.alipayobjects.com/bridgeapi/1.0/jsready.js
    https://a.m.dana.id/app/android/bbm
    https://a.m.dana.id/app/common/bbm/discover/config.json
    https://a.m.dana.id/app/common/promo...egistered.json
    https://a.m.dana.id/app/common/promo...egistered.json
    https://a.m.dana.id/integration/dev/...er/config.json
    https://a.m.dana.id/integration/dev/...egistered.json
    https://a.m.dana.id/integration/dev/...egistered.json
    https://a.m.dana.id/integration/pre/...er/config.json
    https://a.m.dana.id/integration/sand...er/config.json
    https://a.m.dana.id/integration/sand...ironments.json
    https://a.m.dana.id/integration/sand...egistered.json
    https://a.m.dana.id/integration/sand...egistered.json
    https://a.m.dana.id/integration/sit/...er/config.json
    https://a.m.dana.id/integration/sit/...egistered.json
    https://a.m.dana.id/integration/sit/...egistered.json
    https://a.m.dana.id/promo/cdp/BBMSDK/intropopup.txt
    https://a.m.dana.id/promo/cdp/BBMSDK/qr_merchant.txt
    https://account.bbmessaging.com/api/oauth2/v1/
    https://alipay.com/h5container/h5_page_error.html
    https://alipay.com/h5container/redirect_link.html
    https://alipay.com/h5container/security_link.html
    https://alipay.com/h5container/un_safe.html
    https://alipay.com/h5container/white_link.html
    https://aphome-dev.saas.dana.id
    https://aphome-test.saas.dana.id
    https://aphome-test1-dana.alipaydev.com
    https://aphome-test2-dana.alipaydev.com
    https://aphome.alipaydev.com
    https://appx
    https://appx/af-appx.min.js
    https://asset.bbmessaging.com
    https://authorize/
    https://bbmcall01.smartfren.com/ocs-...oauth/callback
    https://bbmcall01.smartfren.com/ocs/oauth/callback
    https://bbmid-webview.bbmessaging.com/delete_account
    https://bugme.anyproxy.io:5680
    https://cn-hangzhou-mgs-gw.cloud.alipay.com/mgw.htm
    https://d.alipay.com
    https://ds.alipay.com
    https://ds.alipay.com/?scheme=
    https://ds.alipay.com/error/redirectLink.htm
    https://ds.alipay.com/error/redirectLink.htm?url=
    https://ds.alipay.com/error/securityLink.htm
    https://ds.alipay.com/error/securityLink.htm?url=
    https://ds.alipay.com/fd-in15xm06/index.html
    https://github.com/grpc/grpc-java/issues/1704
    https://github.com/grpc/grpc-java/issues/1767
    https://github.com/grpc/grpc-java/issues/1775
    https://github.com/grpc/grpc-java/issues/1869
    https://github.com/grpc/grpc-java/issues/2563
    https://github.com/grpc/grpc-java/issues/2592
    https://github.com/grpc/grpc-java/issues/2861
    https://github.com/grpc/grpc-java/issues/3605
    https://glympse.com/
    https://gw-dana.ebuckler.com/imgw.htm
    https://hpmweb.alipay.com/bugme/domScript
    https://hpmweb.alipay.com/report/android
    https://hpmweb.alipay.com/report/android/batch
    https://hpmweb.alipay.com/report/upload/android
    https://iclientgw-sea.alipay.com/imgw.htm
    https://iclientgwpre.alipay.com/igw.htm
    https://ifcsupergw.danna.id/fcsuperg...k/callback.htm
    https://m.dana.id
    https://m.dana.id/
    https://mdap.alipay.com
    https://mgs-gw.saas.dana.id/mgw.htm
    https://mobileapi.ebuckler.com/igw.htm
    https://mobilegw.alipay.com/mgw.htm
    https://mobilegwpre.alipay.com/mgw.htm
    https://nebula.alipay.com/api/app
    https://nebula.pre.alipay.com/api/app
    https://openapi.alipay.com/gateway.do
    https://openapi.prefromoffice.alipay.net/gateway.do
    https://plenty.analisis.io
    https://plus.google.com/
    https://pre.m.dana.id
    https://render.alipay.com/p/f/fd-j8l9yjja/index.html
    https://render.alipay.com/p/s/h5container/index
    https://render.alipay.com/p/s/h5misc...rce_error?url=
    https://render.alipay.com/p/s/i
    https://render.alipay.com/p/s/tinyap...errorCode=1001
    https://resource/
    https://sandbox.m.dana.id
    https://smart.link/5bcda7e72cfd6?inviteid
    https://www.bbm.com/upgrade/?feature=group-audio
    https://www.bbm.com/upgrade/?feature=group-image
    https://www.bbm.com/upgrade/?feature=group-video
    https://www.vidio.com
    https://www.vidio.com/videos/
    I might still do something with it, mainly because I don't think people are fully aware of the differences between BBM on BB10 and BBM on Android and iOS. When things changed over to Emtek, I don't think people cuaght what that fully meant. Which is understandble, it wasn't REALLY made clear.
    CmdrStraker and chetmanley like this.
    01-04-19 02:29 PM
  3. Matt J's Avatar
    Matt J
    Originally Posted by Bla1ze
    It'll just end up like BB10 article lol.
    That's a good thing! That BB10 article probably increased website traffic 500%.... !!! If more people knew how insecure BBM was, they might actually decide to upgrade from their BB10 devices so they could actually install something more secure like Signal or WhatsApp.

    A friend of mine that is still clinging on to his BlackBerry Classic is pretty much stuck with BBM and SMS/MMS.... he can't even upgrade to anything secure. If he knew BBM was a security nightmare, he just might get a KEY2.
    01-04-19 02:34 PM
  4. Chuck Finley69's Avatar
    Chuck Finley69
    Trusted Member
    Originally Posted by Matt J
    I think BBM is terrible across all platforms. Everything goes through EMTEK now, except BBM Enterprise.

    I honestly think that BBM should not be included on BlackBerry devices anymore.
    BBM for BB10 is through BB and that’s why BBID can’t be transferred back from Emtek to BB10 hardware. What’s the big deal including on BBAndroid phones? If people don’t want to use, don’t log into account or create BBID for Emtek use. BBM for Emtek licensing agreement most likely requires this so it’s revenue for BB to support BBAndroid development. In 2019, overwhelming majority of consumers are choosing the conveniences of Android instead of worrying about the openness of Android participation.
    01-04-19 02:34 PM
  5. Matt J's Avatar
    Matt J
    BBM is a little scary. A while back, random messages were showing up in my chat and then immediately disappearing. The person I was chatting with noticed the same thing.
    01-06-19 04:33 PM
  6. conite's Avatar
    conite
    Ambassador
    Originally Posted by Matt J
    That's a good thing! That BB10 article probably increased website traffic 500%.... !!! If more people knew how insecure BBM was, they might actually decide to upgrade from their BB10 devices so they could actually install something more secure like Signal or WhatsApp.

    A friend of mine that is still clinging on to his BlackBerry Classic is pretty much stuck with BBM and SMS/MMS.... he can't even upgrade to anything secure. If he knew BBM was a security nightmare, he just might get a KEY2.
    Telegram works well on BB10.
    01-06-19 09:29 PM
  7. chetmanley's Avatar
    chetmanley
    So does Threema (just no voice)
    anon(10218918) and cyberdoggie like this.
    01-06-19 09:31 PM
  8. Matt J's Avatar
    Matt J
    I emailed BlackBerry Limited directly regarding BBM security, since EMTEK provided little guidance. Apparently all messages use at least TLS encryption. I wonder what exactly is the "BlackBerry Infrastructure"....? This is the response I received:

    Thank you for contacting BBM Support for BB10/BBOS.

    You can visit the following page for some information regarding how BBM protects messages.

    https://help.blackberry.com/en/bbm-s...549323096.html

    I hope you can find the information found on the page adequate as this is the best information I can provide regarding your concern. Further specific details regarding how security works is known only to our engineers and developers and not readily available even to us your BBM support team, or the public.

    Thank you again for contacting us.

    How secure is BBM?-2019-01-08_0823.png
    Jake2826 likes this.
    01-08-19 07:24 AM
  9. chetmanley's Avatar
    chetmanley
    Originally Posted by Matt J
    I emailed BlackBerry Limited directly regarding BBM security, since EMTEK provided little guidance. Apparently all messages use at least TLS encryption. I wonder what exactly is the "BlackBerry Infrastructure"....? This is the response I received:
    On BB10 and BBM Enterprise, the BB Infrastructure refers to the servers located at the NOC in Canada.

    For BBM Consumer on Android, the servers are cloud based in Asia and are leased by Emtek.

    As the BBM security note describes, consumer BBM is only TLS encrypted between the device and the NOC/Cloud. Once it hits the NOC or Cloud it is not encrypted.

    On BBOS and BB10 devices the "global encryption key" provided an extra level of protection during transit, including through the NOC. Except BB has this key and was able to decrypt messages at the request of law enforcement.

    So consumer BBM is only secure from MITM attacks or eavesdropping en route because it uses standard TLS. But once it hits the BB NOC or the Emtek Cloud, it can be read by BB or anyone else with access to that server.

    This is where BBM Enterprise comes in which provides a second encryption layer (or a 3rd in the case of BB0S/BB10 Devices on top of the global encryption key).

    This extra layer of encryption protects the message throughout the entire transit, including through the server, to the recipient.
    01-08-19 06:57 PM
  10. Matt J's Avatar
    Matt J
    Originally Posted by chetmanley
    On BB10 and BBM Enterprise, the BB Infrastructure refers to the servers located at the NOC in Canada.

    For BBM Consumer on Android, the servers are cloud based in Asia and are leased by Emtek.

    As the BBM security note describes, consumer BBM is only TLS encrypted between the device and the NOC/Cloud. Once it hits the NOC or Cloud it is not encrypted.

    On BBOS and BB10 devices the "global encryption key" provided an extra level of protection during transit, including through the NOC. Except BB has this key and was able to decrypt messages at the request of law enforcement.

    So consumer BBM is only secure from MITM attacks or eavesdropping en route because it uses standard TLS. But once it hits the BB NOC or the Emtek Cloud, it can be read by BB or anyone else with access to that server.

    This is where BBM Enterprise comes in which provides a second encryption layer (or a 3rd in the case of BB0S/BB10 Devices on top of the global encryption key).

    This extra layer of encryption protects the message throughout the entire transit, including through the server, to the recipient.
    Thanks for the technical explanation!
    01-09-19 06:19 AM
  11. pthfndr's Avatar
    pthfndr
    TLS + BlackBerry encryption (3DES), different combination in different cases, but unsecure because of common key for all devices .... https://help.blackberry.com/en/bbm-s...560098144.html
    01-13-19 11:13 PM
  12. Lindsay Dastrup's Avatar
    Lindsay Dastrup
    soooo.....is dtek safe??
    03-01-19 05:13 PM
  13. Lindsay Dastrup's Avatar
    Lindsay Dastrup
    So what does this mean

    "Thurber mentioned that the DTEK devices were TCL reference designs to test the reality of whether the licensing model made sense. "
    03-01-19 05:36 PM
  14. Ben xfg's Avatar
    Ben xfg
    Originally Posted by Lindsay Dastrup
    So what does this mean

    "Thurber mentioned that the DTEK devices were TCL reference designs to test the reality of whether the licensing model made sense. "
    I don't believe this has anything to do with this thread. You are encouraged to start a new thread or post in an existing thread already discussing the topic.

    Let me know if I'm wrong...
    1122334455667788 and Jake2826 like this.
    03-01-19 06:02 PM
  15. ANTIBERRY's Avatar
    ANTIBERRY
    i just read the thread, so my question is:
    How BlackBerry Messenger is secure in 2019 ?
    Yesterday, i just gave my pin on the BBM 4 Black people thread and i a guy from Téhéran, Iran added me... did they secure the app or not ?
    Blackberry and how they manage their phone is a real mystery to me...

    Posted via CB10
    03-27-19 12:36 PM
  16. conite's Avatar
    conite
    Ambassador
    Originally Posted by ANTIBERRY
    i just read the thread, so my question is:
    How BlackBerry Messenger is secure in 2019 ?
    Yesterday, i just gave my pin on the BBM 4 Black people thread and i a guy from Téhéran, Iran added me... did they secure the app or not ?
    Blackberry and how they manage their phone is a real mystery to me...

    Posted via CB10
    Consumer BBM is fully licenced to Emtek in Indonesia. BlackBerry really doesn't have much to do with it anymore.

    Since chats are not encrypted end-to-end, you have to trust Emtek not to read your messages, or give them to someone else to read.

    In fairness, there is no indication they have done this.
    Jake2826 likes this.
    03-27-19 12:51 PM
  17. ANTIBERRY's Avatar
    ANTIBERRY
    Originally Posted by conite
    Consumer BBM is fully licenced to Emtek in Indonesia. BlackBerry really doesn't have much to do with it anymore.

    Since chats are not encrypted end-to-end, you have to trust Emtek not to read your messages, or give them to someone else to read.

    In fairness, there is no indication they have done this.
    it's not really answer my question, so it's secure ? But not really because now the indonesian are the one who own it ?

    sometimes, i cannot with Blackberry lol

    Posted via CB10
    03-27-19 01:01 PM
  18. conite's Avatar
    conite
    Ambassador
    Originally Posted by ANTIBERRY
    it's not really answer my question, so it's secure ? But not really because now the indonesian are the one who own it ?

    sometimes, i cannot with Blackberry lol

    Posted via CB10
    How does it not answer your question? I laid it out in black and white. It's up to you to decide if that is secure enough for you.

    But none of this has anything to do with BlackBerry.
    03-27-19 01:11 PM
  19. baruman's Avatar
    baruman
    I deleted BBM yesterday. First time since it was released that it's not on my phone.
    03-28-19 11:30 AM
  20. chetmanley's Avatar
    chetmanley
    Originally Posted by ANTIBERRY
    i just read the thread, so my question is:
    How BlackBerry Messenger is secure in 2019 ?
    Yesterday, i just gave my pin on the BBM 4 Black people thread and i a guy from Téhéran, Iran added me... did they secure the app or not ?
    Blackberry and how they manage their phone is a real mystery to me...

    Posted via CB10
    You published your PIN onto a public forum for the entire internet to see.... Therefore, some random guy from Iran being able to add you has nothing to do with BBM security.

    BBM Consumer is not end-to-end encrypted. Meaning Emtek or anyone with access to those servers could intercept your messages.
    03-28-19 04:12 PM
  21. drobbie's Avatar
    drobbie
    BBM consumer is not secure as transport is not encrypted
    There are better options for you to use
    03-28-19 06:59 PM
  22. cyberdoggie's Avatar
    cyberdoggie
    Originally Posted by Matt J
    I sent a request to BBM (EMTEK) asking how secure BBM is (i.e. encryption, security, privacy). This is what I got back through e-mail:

    "We apologize for this inconvenience.
    After discussion with the team.
    Those information can not be shared based on your request."

    Not quite what I was expecting.
    They do not seem to know themselves or are just ashamed of the answer.
    04-18-19 12:08 PM
  23. cyberdoggie's Avatar
    cyberdoggie
    Originally Posted by conite
    How do you get $1 per customer when the competition is free?
    Threema is also to be paid but provides the most secure and private solution, "made in Switzerland" .
    04-18-19 12:09 PM
  24. Chuck Finley69's Avatar
    Chuck Finley69
    Trusted Member
    Originally Posted by cyberdoggie
    They do not seem to know themselves or are just ashamed of the answer.
    Irrelevant at this point. BBMe is now reference point
    cyberdoggie likes this.
    04-18-19 12:14 PM
  25. cyberdoggie's Avatar
    cyberdoggie
    Originally Posted by Chuck Finley69
    Irrelevant at this point. BBMe is now reference point
    Chuck, who is administrating BBMe ?
    04-18-19 12:15 PM
79 1234
« BBM Notification | Created a new user in error, but i need to go back to previous user. »

Similar Threads

  1. Which forum is No. 1 in the CB10?
    By Frank Wu2 in forum BlackBerry Passport
    Replies: 27
    Last Post: 10-19-18, 01:21 PM
  2. Why is the battery on my KEY2 draining so fast?
    By kyamil010 in forum Ask a Question
    Replies: 2
    Last Post: 10-12-18, 04:10 AM
  3. How to unlock device from stock camera app?
    By Grim_Sleeper in forum BlackBerry KEY2
    Replies: 1
    Last Post: 10-11-18, 01:35 PM
  4. This Arduino programming and eBook bundle is only $90
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 10-11-18, 10:40 AM
  5. My PCB of Blackberry went crashed. How much it will cost to me and from where I can buy the new one?
    By abhishekJ in forum BlackBerry Priv
    Replies: 1
    Last Post: 10-11-18, 09:37 AM
LINK TO POST COPIED TO CLIPBOARD