1. kelv1ntran's Avatar
    hi CB its been a while but i'm back. i went through a couple phones and guess what found myself back on my beloved bb

    I have a question though, would it be possible if you know the ESN of a phone to get it to transmit data to a remote location other than BIS? i guess in a way reroute the data transfer to a middle man sort of thing?

    Here is my story:
    Bought a brand new 9650 for sprint from this guy on CL, really cool guy none the less and super friendly but i got the phone for a super cheap price and it was factory sealed still everything up to the phone itself was still in the factory seal so i figure has to be good and nothing is wrong with it. ESN check turned out clean. however like most people i had the "crooked trackpad" when i brought it into the sprint store to see if i could get it somehow fixed they said they needed the original receipt of the person who bought it i told them that i bought it off CL and that i have a phone number they could pull up and prove the phone was purchased recently and still within the warranty. when they pull up the account its in collections. 1st flag that caught my eye. next the original seller stopped returning my emails when i asked him about the receipt so i can bring it to sprint. 2nd flag.

    3rd flag is what got me going, this morning my gmail account was disabled via google for malicious activity i quickly signed only my gmail account and found that my account has sent an email i'm assuming a malware email to all of my contacts on my gmail account not random account but my friends emails. this got me super worried i quickly changed my password and started wondering how my password could have gotten out. i make it a habit to not click unknown email links or even open them at that. the only other option was that i had recently linked my gmail account to my bb. which now has me worried about the information which i store on there. i know bb's are known for their security but i don't have any other explanation for how my email account sent out all that spam email.

    i did some googleing this morning and 1 of the possibilities that i read was that a server was using my email account name and sent out the email's, this makes sense however i don't see how it could have pulled the emails addresses from my friends.

    I have installed lockout mobile security and there are no virus's spyware and anything that the software checks for.

    please cb help me out. what should i do?????
    08-29-10 03:25 AM
  2. jrdtechdotnet's Avatar
    It's much more likely you PC was compromised or you used a friends computer that was compromised with a keylogger or password stealer. I suppose the seller could of installed a spy program and repackaged the Blackberry but that's a bit far fetched. Changing passwords was a good idea. Run malwarebytes.org or superantispyware.com to check your computer and any computer you access your gmail from which you have permission it install applications on.
    08-29-10 03:54 AM
  3. Tripster's Avatar
    It's much more likely you PC was compromised or you used a friends computer that was compromised with a keylogger or password stealer. I suppose the seller could of installed a spy program and repackaged the Blackberry but that's a bit far fetched. Changing passwords was a good idea. Run malwarebytes.org or superantispyware.com to check your computer and any computer you access your gmail from which you have permission it install applications on.
    Great response and to just clarify, any system that is connected through a vast of networks which is connected to servers via internets is "hack-a-ble" but that takes knowledge first hand of the systems "blueprints", "architecture" and "coding".



    Thnx, Tripster

    Posted from my CrackBerry at wapforums.crackberry.com
    08-29-10 04:29 AM
  4. i7guy's Avatar
    You could also wipe the phone to eliminate the possibility of an injection at the device, although I don't think that is very likely.

    BTW - your post keeps making the case as to why I don't buy phones off the internet.
    08-29-10 10:27 AM
  5. T
    Has google re-activated your gmail? Will it?

    Posted from my CrackBerry at wapforums.crackberry.com
    08-29-10 10:41 AM
  6. belfastdispatcher's Avatar
    A wipe is the first thing you should do to a blackberry, new or not. Also a password should be set with the option to need the pasword before you install any app activated. Keep it safe.

    Posted from my CrackBerry at wapforums.crackberry.com
    08-29-10 10:55 AM
  7. T
    A wipe is the first thing you should do to a blackberry, new or not.
    Just curious why you would recommend a wipe on a new device ...

    Posted from my CrackBerry at wapforums.crackberry.com
    08-29-10 01:47 PM
  8. kelv1ntran's Avatar
    thanks for the replies. me accessing an account via another computer is unlikely as i have only checked my gmail on my personal computers at home since i have been on a smart phone i don't need to use a public computer or somebody else's computer to check my email while on the go. as for getting a virus on my computers the only 2 laptops i have access to at home are mac's. but just to be safe i will do a wipe right now thanks again for the help i will let you guys know if anything should come up of if i find anything

    Has google re-activated your gmail? Will it?

    Posted from my CrackBerry at wapforums.crackberry.com
    yea google reactivated my account and i had to change my password.
    08-29-10 01:51 PM
  9. ButtonBerry's Avatar
    The biggest problem is that many of us have a favourite password and use it everywhere.

    Think about it, the number of online stores etc... that have your e-mail address and a password that's exactly the same as your e-mail password.

    If those get hacked then goodnight sweet prince, your e-mails are getting compromised.

    I think it's far more likely that an online service you use has been compromised.
    08-29-10 03:34 PM
  10. belfastdispatcher's Avatar
    Just curious why you would recommend a wipe on a new device ...

    Posted from my CrackBerry at wapforums.crackberry.com
    Well, depending on what country you live in, you don't know what the carrier has installed on it. Sometimes they come preinstalled with a lot of crap from the carrier, I once received a replacement 8320 from Orange that barely had any filefree memory left.

    Posted from my CrackBerry at wapforums.crackberry.com
    08-29-10 08:13 PM
  11. jezreel's Avatar
    Wow! You've been through some stuff! I'm sad that it happened to you. By the way welcome back to blackberry world and let me know if you have no more problems with it.

    Posted from my CrackBerry at wapforums.crackberry.com
    08-30-10 03:36 AM
  12. Xopher's Avatar
    I think it would be quite hard to spoof your BB with the BIS server. Since you have to enter ESN and PIN, I'm sure there is some validation used to compare the two. I highly doubt that the e-mail came from your BIS account.

    One thing you could possibly do is check to see if you have a copy of the malware in your sent items folder, then check the header to see what IP address was used for sending the message. It might be possible to find out where the message originated.
    08-30-10 11:24 AM
LINK TO POST COPIED TO CLIPBOARD