- Bla1zeCB OG@Bla1ze should do an article on the truth behind BBM privacy and security and put all this to rest.
I like to think BBM does the speaking for itself. Just look at the, arguably, dead weight added into the app these days with no way to remove it or opt out of it if you don't need it. eg: AliPay, etc. Look at all the connections it makes..
http://
http://139.224.138.243/gateway/ident...ace/initialize
http://139.224.94.200/gateway/identi...ace/initialize
http://aphome.id.dev.alipay.net
http://aphome.id.devbranch1.alipay.net
http://aphome.id.devbranch2.alipay.net
http://aphome.id.sit.alipay.net
http://cn-hangzhou-mas-log.cloud.ali...w/logUpload.do
http://dana.id
http://h5test.inc.alipay.net/case/in...3DNO%26pd%3DNO
http://h5test.inc.alipay.net/perf/h5performance.html
http://iclientgw.d9767.alipay.net/igw.htm
http://iclientgw.stable.alipay.net/igw.htm
http://iclientgw.test.alipay.net/igw.htm
http://mdap-1-64.test.alipay.net
http://mdap.alipaylog.com
http://mobilegw.aaa.alipay.net/mgw.htm
http://mobilegw.stable.alipay.net/mgw.htm
http://mobilegw.test.alipay.net/mgw.htm
http://openapi-1-64.test.alipay.net/gateway.do
http://openapi.stable.alipay.net/gateway.do
http://patriot.cs.pp.cn/api/resource.app.detect
http://schemas.android.com/apk/res-auto
http://schemas.android.com/apk/res/android
http://wapcenter.stable.alipay.net/api/app
http://wapcenter.test.alipay.net/api/app
https://
https://a.alipayobjects.com/bridgeapi/1.0/jsready.js
https://a.m.dana.id/app/android/bbm
https://a.m.dana.id/app/common/bbm/discover/config.json
https://a.m.dana.id/app/common/promo...egistered.json
https://a.m.dana.id/app/common/promo...egistered.json
https://a.m.dana.id/integration/dev/...er/config.json
https://a.m.dana.id/integration/dev/...egistered.json
https://a.m.dana.id/integration/dev/...egistered.json
https://a.m.dana.id/integration/pre/...er/config.json
https://a.m.dana.id/integration/sand...er/config.json
https://a.m.dana.id/integration/sand...ironments.json
https://a.m.dana.id/integration/sand...egistered.json
https://a.m.dana.id/integration/sand...egistered.json
https://a.m.dana.id/integration/sit/...er/config.json
https://a.m.dana.id/integration/sit/...egistered.json
https://a.m.dana.id/integration/sit/...egistered.json
https://a.m.dana.id/promo/cdp/BBMSDK/intropopup.txt
https://a.m.dana.id/promo/cdp/BBMSDK/qr_merchant.txt
https://account.bbmessaging.com/api/oauth2/v1/
https://alipay.com/h5container/h5_page_error.html
https://alipay.com/h5container/redirect_link.html
https://alipay.com/h5container/security_link.html
https://alipay.com/h5container/un_safe.html
https://alipay.com/h5container/white_link.html
https://aphome-dev.saas.dana.id
https://aphome-test.saas.dana.id
https://aphome-test1-dana.alipaydev.com
https://aphome-test2-dana.alipaydev.com
https://aphome.alipaydev.com
https://appx
https://appx/af-appx.min.js
https://asset.bbmessaging.com
https://authorize/
https://bbmcall01.smartfren.com/ocs-...oauth/callback
https://bbmcall01.smartfren.com/ocs/oauth/callback
https://bbmid-webview.bbmessaging.com/delete_account
https://bugme.anyproxy.io:5680
https://cn-hangzhou-mgs-gw.cloud.alipay.com/mgw.htm
https://d.alipay.com
https://ds.alipay.com
https://ds.alipay.com/?scheme=
https://ds.alipay.com/error/redirectLink.htm
https://ds.alipay.com/error/redirectLink.htm?url=
https://ds.alipay.com/error/securityLink.htm
https://ds.alipay.com/error/securityLink.htm?url=
https://ds.alipay.com/fd-in15xm06/index.html
https://github.com/grpc/grpc-java/issues/1704
https://github.com/grpc/grpc-java/issues/1767
https://github.com/grpc/grpc-java/issues/1775
https://github.com/grpc/grpc-java/issues/1869
https://github.com/grpc/grpc-java/issues/2563
https://github.com/grpc/grpc-java/issues/2592
https://github.com/grpc/grpc-java/issues/2861
https://github.com/grpc/grpc-java/issues/3605
https://glympse.com/
https://gw-dana.ebuckler.com/imgw.htm
https://hpmweb.alipay.com/bugme/domScript
https://hpmweb.alipay.com/report/android
https://hpmweb.alipay.com/report/android/batch
https://hpmweb.alipay.com/report/upload/android
https://iclientgw-sea.alipay.com/imgw.htm
https://iclientgwpre.alipay.com/igw.htm
https://ifcsupergw.danna.id/fcsuperg...k/callback.htm
https://m.dana.id
https://m.dana.id/
https://mdap.alipay.com
https://mgs-gw.saas.dana.id/mgw.htm
https://mobileapi.ebuckler.com/igw.htm
https://mobilegw.alipay.com/mgw.htm
https://mobilegwpre.alipay.com/mgw.htm
https://nebula.alipay.com/api/app
https://nebula.pre.alipay.com/api/app
https://openapi.alipay.com/gateway.do
https://openapi.prefromoffice.alipay.net/gateway.do
https://plenty.analisis.io
https://plus.google.com/
https://pre.m.dana.id
https://render.alipay.com/p/f/fd-j8l9yjja/index.html
https://render.alipay.com/p/s/h5container/index
https://render.alipay.com/p/s/h5misc...rce_error?url=
https://render.alipay.com/p/s/i
https://render.alipay.com/p/s/tinyap...errorCode=1001
https://resource/
https://sandbox.m.dana.id
https://smart.link/5bcda7e72cfd6?inviteid
https://www.bbm.com/upgrade/?feature=group-audio
https://www.bbm.com/upgrade/?feature=group-image
https://www.bbm.com/upgrade/?feature=group-video
https://www.vidio.com
https://www.vidio.com/videos/CmdrStraker and chetmanley like this.01-04-19 02:29 PMLike 2 - That's a good thing! That BB10 article probably increased website traffic 500%.... !!! If more people knew how insecure BBM was, they might actually decide to upgrade from their BB10 devices so they could actually install something more secure like Signal or WhatsApp.
A friend of mine that is still clinging on to his BlackBerry Classic is pretty much stuck with BBM and SMS/MMS.... he can't even upgrade to anything secure. If he knew BBM was a security nightmare, he just might get a KEY2.01-04-19 02:34 PMLike 0 - BBM for BB10 is through BB and that’s why BBID can’t be transferred back from Emtek to BB10 hardware. What’s the big deal including on BBAndroid phones? If people don’t want to use, don’t log into account or create BBID for Emtek use. BBM for Emtek licensing agreement most likely requires this so it’s revenue for BB to support BBAndroid development. In 2019, overwhelming majority of consumers are choosing the conveniences of Android instead of worrying about the openness of Android participation.01-04-19 02:34 PMLike 0
- That's a good thing! That BB10 article probably increased website traffic 500%.... !!! If more people knew how insecure BBM was, they might actually decide to upgrade from their BB10 devices so they could actually install something more secure like Signal or WhatsApp.
A friend of mine that is still clinging on to his BlackBerry Classic is pretty much stuck with BBM and SMS/MMS.... he can't even upgrade to anything secure. If he knew BBM was a security nightmare, he just might get a KEY2.01-06-19 09:29 PMLike 0 -
- I emailed BlackBerry Limited directly regarding BBM security, since EMTEK provided little guidance. Apparently all messages use at least TLS encryption. I wonder what exactly is the "BlackBerry Infrastructure"....? This is the response I received:
Thank you for contacting BBM Support for BB10/BBOS.
You can visit the following page for some information regarding how BBM protects messages.
https://help.blackberry.com/en/bbm-s...549323096.html
I hope you can find the information found on the page adequate as this is the best information I can provide regarding your concern. Further specific details regarding how security works is known only to our engineers and developers and not readily available even to us your BBM support team, or the public.
Thank you again for contacting us.
Jake2826 likes this.01-08-19 07:24 AMLike 1 -
For BBM Consumer on Android, the servers are cloud based in Asia and are leased by Emtek.
As the BBM security note describes, consumer BBM is only TLS encrypted between the device and the NOC/Cloud. Once it hits the NOC or Cloud it is not encrypted.
On BBOS and BB10 devices the "global encryption key" provided an extra level of protection during transit, including through the NOC. Except BB has this key and was able to decrypt messages at the request of law enforcement.
So consumer BBM is only secure from MITM attacks or eavesdropping en route because it uses standard TLS. But once it hits the BB NOC or the Emtek Cloud, it can be read by BB or anyone else with access to that server.
This is where BBM Enterprise comes in which provides a second encryption layer (or a 3rd in the case of BB0S/BB10 Devices on top of the global encryption key).
This extra layer of encryption protects the message throughout the entire transit, including through the server, to the recipient.01-08-19 06:57 PMLike 0 - On BB10 and BBM Enterprise, the BB Infrastructure refers to the servers located at the NOC in Canada.
For BBM Consumer on Android, the servers are cloud based in Asia and are leased by Emtek.
As the BBM security note describes, consumer BBM is only TLS encrypted between the device and the NOC/Cloud. Once it hits the NOC or Cloud it is not encrypted.
On BBOS and BB10 devices the "global encryption key" provided an extra level of protection during transit, including through the NOC. Except BB has this key and was able to decrypt messages at the request of law enforcement.
So consumer BBM is only secure from MITM attacks or eavesdropping en route because it uses standard TLS. But once it hits the BB NOC or the Emtek Cloud, it can be read by BB or anyone else with access to that server.
This is where BBM Enterprise comes in which provides a second encryption layer (or a 3rd in the case of BB0S/BB10 Devices on top of the global encryption key).
This extra layer of encryption protects the message throughout the entire transit, including through the server, to the recipient.01-09-19 06:19 AMLike 0 - TLS + BlackBerry encryption (3DES), different combination in different cases, but unsecure because of common key for all devices .... https://help.blackberry.com/en/bbm-s...560098144.html01-13-19 11:13 PMLike 0
-
- So what does this mean
"Thurber mentioned that the DTEK devices were TCL reference designs to test the reality of whether the licensing model made sense. "03-01-19 05:36 PMLike 0 -
Let me know if I'm wrong...1122334455667788 and Jake2826 like this.03-01-19 06:02 PMLike 2 - i just read the thread, so my question is:
How BlackBerry Messenger is secure in 2019 ?
Yesterday, i just gave my pin on the BBM 4 Black people thread and i a guy from Téhéran, Iran added me... did they secure the app or not ?
Blackberry and how they manage their phone is a real mystery to me...
Posted via CB1003-27-19 12:36 PMLike 0 - i just read the thread, so my question is:
How BlackBerry Messenger is secure in 2019 ?
Yesterday, i just gave my pin on the BBM 4 Black people thread and i a guy from Téhéran, Iran added me... did they secure the app or not ?
Blackberry and how they manage their phone is a real mystery to me...
Posted via CB10
Since chats are not encrypted end-to-end, you have to trust Emtek not to read your messages, or give them to someone else to read.
In fairness, there is no indication they have done this.Jake2826 likes this.03-27-19 12:51 PMLike 1 - Consumer BBM is fully licenced to Emtek in Indonesia. BlackBerry really doesn't have much to do with it anymore.
Since chats are not encrypted end-to-end, you have to trust Emtek not to read your messages, or give them to someone else to read.
In fairness, there is no indication they have done this.
sometimes, i cannot with Blackberry lol
Posted via CB1003-27-19 01:01 PMLike 0 -
But none of this has anything to do with BlackBerry.03-27-19 01:11 PMLike 0 - i just read the thread, so my question is:
How BlackBerry Messenger is secure in 2019 ?
Yesterday, i just gave my pin on the BBM 4 Black people thread and i a guy from Téhéran, Iran added me... did they secure the app or not ?
Blackberry and how they manage their phone is a real mystery to me...
Posted via CB10
BBM Consumer is not end-to-end encrypted. Meaning Emtek or anyone with access to those servers could intercept your messages.03-28-19 04:12 PMLike 0 - I sent a request to BBM (EMTEK) asking how secure BBM is (i.e. encryption, security, privacy). This is what I got back through e-mail:
"We apologize for this inconvenience.
After discussion with the team.
Those information can not be shared based on your request."
Not quite what I was expecting.04-18-19 12:08 PMLike 0 -
- 04-18-19 12:14 PMLike 1
-
- Forum
- BBM Central
- General BBM Chat
How secure is BBM?
Similar Threads
-
Which forum is No. 1 in the CB10?
By Frank Wu2 in forum BlackBerry PassportReplies: 27Last Post: 10-19-18, 01:21 PM -
Why is the battery on my KEY2 draining so fast?
By kyamil010 in forum Ask a QuestionReplies: 2Last Post: 10-12-18, 04:10 AM -
How to unlock device from stock camera app?
By Grim_Sleeper in forum BlackBerry KEY2Replies: 1Last Post: 10-11-18, 01:35 PM -
This Arduino programming and eBook bundle is only $90
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 0Last Post: 10-11-18, 10:40 AM -
My PCB of Blackberry went crashed. How much it will cost to me and from where I can buy the new one?
By abhishekJ in forum BlackBerry PrivReplies: 1Last Post: 10-11-18, 09:37 AM
LINK TO POST COPIED TO CLIPBOARD