03-27-12 02:41 PM
53 123
tools
  1. EdY's Avatar
    I hope I am off my rocker! I agree, I will post to RIM support forums.... Looking forward to seeing if they can help at all.

    By the way, maybe I am off my rocker, but so have many others who have dug enough into areas they weren't supposed to. I am not saying there is a conspiracy here, but I would like to know purely from a technical debugging standpoint whether there is some exploit here, a carrier-specific issue, blackberry issue, or what. If everyone is "doing what they should be" and protecting your privacy, I see no way for a 3rd party non-carrier website to have your number obtainable from a totally security-wiped phone via a simple browsing to their page.

    Even if it is innocent and meant to improve "convenience" so you don't have to type your number, it is still a serious problem that can be abused if the code for this gets out.


    .... And remember the Samsung TV capacitor denial/cover-up? Well I argued with them and posted about this common problem for over a year, thousands of people affected, until finally they admitted it was a problem and have since settled in the USA and soon in Canada to remedy the scandal. Everybody thought I was off my rocker too....
    Last edited by edyb; 03-25-12 at 03:23 PM.
    03-25-12 02:56 PM
  2. T
    I am going to change security permissions for the native browser and see what happens.
    Thank you for noticing this, following up on it, and sharing your findings. Please report back with what happens when you change the browser's permissions and with your other findings.
    03-25-12 03:07 PM
  3. 530XI's Avatar
    Thankfully it wasn't a porn site with your wife's phone.
    03-25-12 03:18 PM
  4. TgeekB's Avatar
    How did I know "class action lawsuit" would find it's way into this eventually?
    Jean-luc_Picard likes this.
    03-25-12 03:20 PM
  5. sam_b77's Avatar
    Ok OP,
    I did exactly what you outlined and clicked on the Get Your Ringtone and my number did not come up. Maybe I'm from India that's why.
    03-25-12 03:21 PM
  6. Thunderbuck's Avatar
    I suspect this is NOT an "exploit", it's something your carrier has allowed deliberately so that motime can bill via the carrier.

    If this is the case, any website that can read your number has to be given that permission explicitly by the carrier.
    03-25-12 03:22 PM
  7. EdY's Avatar
    I changed my permissions to DENY everything to the browser except for Server, Internet and Wifi. Still shows up when using RIM native browser, but NOT when using Opera Mini. I have a feeling that it works for Rogers only... because my wife has a Torch 9800 and it is not detecting her number.

    However, on a security wiped blackberry with official OS 7.0 on Rogers and nothing in it except your SIM card, the above website m.motime.ca is able to get your number using native browser. That is a fact.

    We need people on Rogers in Canada to confirm this. There must be something going on behind the scenes. I have posted this message to RIM as well.
    03-25-12 04:35 PM
  8. _StephenBB81's Avatar
    I hope I am off my rocker! I agree, I will post to RIM support forums.... Looking forward to seeing if they can help at all.

    By the way, maybe I am off my rocker, but so have many others who have dug enough into areas they weren't supposed to. I am not saying there is a conspiracy here, but I would like to know purely from a technical debugging standpoint whether there is some exploit here, a carrier-specific issue, blackberry issue, or what. If everyone is "doing what they should be" and protecting your privacy, I see no way for a 3rd party non-carrier website to have your number obtainable from a totally security-wiped phone via a simple browsing to their page.

    Even if it is innocent and meant to improve "convenience" so you don't have to type your number, it is still a serious problem that can be abused if the code for this gets out.


    .... And remember the Samsung TV capacitor denial/cover-up? Well I argued with them and posted about this common problem for over a year, thousands of people affected, until finally they admitted it was a problem and have since settled in the USA and soon in Canada to remedy the scandal. Everybody thought I was off my rocker too....
    Oh I'm glad you've found this and are digging, but the class action suit is what made me say you're off your rocker,

    I hope that you do get some answers from Rogers and RIM, did you post on the Rogers RedBoard?
    03-25-12 06:54 PM
  9. EdY's Avatar
    Sorry I didn't meant to jump into class action lawsuit mode, but it seems these days the only way to make any company do anything is to mention lawsuit. This is more a Rogers issue I believe, not RIM. :-)

    Seriously though, I don't think it is RIM, I think it my carrier Rogers that is forwarding the information to certain websites. There must be a service book/list in the phone which determines the path for net traffic, and it is distinguishing between some sites and others. Read on and you can try this yourself...

    POSSIBLE ANSWER...
    ================

    Ok, so I TURNED OFF my Rogers Mobile Network in settings. So the *only* connection I have is through my home Wi-Fi. When I try to browse to Google or Youtube, or ANY OTHER website it loads perfectly fine! I repeat.... Rogers Mobile Network radio OFF, I can still browse perfectly fine! However....

    When I try to load "m.motime.ca" it presents me with a pop-up dialog message (without even loading the site) saying...

    "There is insufficient network coverage to process your request. Please try again later."
    [OK]

    Aha!

    Try this yourself... turn off everything but Wi-Fi and browse to...
    m.cnn.com
    m.youtube.com
    m.google.com
    .... NO problem!
    But when you try...
    m.motime.ca
    m.rogers.com
    ... you get "insufficient network coverage" error.

    Strange????? Sure is!!! Is that the website returning that error through a script that detects your connection, or is it coming directly from your phone because there is a list of addresses in there that Rogers has loaded into your phone, which need you to access them through the Rogers network to detect numbers and pass that info on to the website?

    Interestingly enough, if you try to browse those websites from your DESKTOP BROWSER (such as Google) they all show the mobile versions of those websites!!! Absolutely no problem at all! Which makes me wonder, is it the website putting up that block message, or is your phone doing it.

    Based on the SPEED that the error message gets displayed, I think there is a list INSIDE THE PHONE. It comes up with absolutely NO DELAY at all. I would have to monitor my Wi-Fi traffic and see if it is even requesting data from the website.

    ..........


    and so the mystery deepens!!!! Try and see!
    03-25-12 08:26 PM
  10. T
    I'm on Sprint, and I've seen that message under certain circumstances (certain sites) on wifi. So Sprint is doing it, too, forcing users to access certain sites on the mobile network (not on wifi) for whatever reason. I never thought much of it, but in light of the findings you're sharing in this topic I'm starting to look upon it with suspicion. I think it's shady.
    03-25-12 09:04 PM
  11. EdY's Avatar
    And the plot thickens!!!! I think there must be a list in the phone that is doing it, because the browser just seems too quick to respond with that message. Here's some more food for thought.... Some interesting results!

    FIRST, TURN OFF your Carrier Network radio so you are *only* connected via Wi-Fi.

    Go to Options > Device > Advanced System Settings > Blackberry Device Analyzer...
    (this should be available on OS 7 and 7.1 devices but probably also older)

    Go into the "Wi-Fi Connection Issues" section and choose DNS Lookup Application.
    Type m.motime.ca, and start test, it finds the result no problem. IP=195.110.103.109. So the DNS lookup must be working fine. So the phone is getting the IP over a normal Wi-Fi connection.

    If you go with your normal computer browser to 195.110.103.109, you will land on the page for the site "http://www.playme.it/". This place is out of Italy. Actually, DADA who owns "motime.ca" says their servers are in Italy.

    If you now go on your Blackberry browser to 195.110.103.109 with Wi-Fi connection only, it takes you to life.dada.it for a brief second, then forwards to Play.me, ascoltare e scaricare musica Mp3 - NOVITA' MP3 and then finally to Play.me, ascoltare e scaricare musica Mp3 - NOVITA' MP3 (all within fractions of a second). But if you go to "motime.ca" it says there is insufficient network coverage to process your request, even though it should be a valid usable IP according to it's DNS lookup in the Diagnostics.

    If you go to Whois - IP Address - Domain Name Lookup and do a "lookup" for "motime.ca" you get the same answer. Servers in Italy, IP address=195.110.103.109. You do the same search for a site called "playme.it" and you get a similar address, same corporate info. IP address=195.110.103.3, but basically it is still owned by Dada Entertainment! They are similar sites, probably catering to different markets, all owned by Dada.

    So I don't get it. When on WI-FI only, a DNS Lookup for "m.motime.ca" finds the IP. When you go directly there in your browser by typing the IP, it redirects you through a bunch of Dada websites. But when you try going to m.motime.ca (which your own DNS diagnostic is providing the same IP address for) it is saying you have insufficient coverage.

    So how is this *NOT* some kind of highly technical cooperation between Rogers and Dada? Probably to make sure people run through the Rogers cellular data plan to get to this site, incur data charges and also pass carrier/phone number info to certain websites that you visit on your phone.

    Does anybody TECHNICAL out there have an answer? It would be REALLY FUNNY if I was the first and only one to discover this. This is probably happening with ALL the carriers, but I would like to know how widespread the practice is, and where to find the list of websites that I cannot access without my carrier radio being on.
    03-25-12 10:11 PM
  12. grumpa's Avatar
    You are definitely right in that there being something fishy. But this goes beyond fishy. And the surprising part is none of the others here had the same problem. Maybe you should ask someone else with a rogers connection to visit the site and see what happens.
    I just went to the site m.motime.ca and when I clicked Signup my phone # was there. I have Privacy enabled and even my wife doesn't see my # when I call her. We're new to Blackberry (9900s) and Rogers.
    03-26-12 12:43 AM
  13. Jean-luc_Picard's Avatar
    The true test here would be to try this out on an iPhone or Android on Rogers. If it still does this, then you may have a case here. (suing added for audience enjoyment). If you go to Rogers with this information, they'll probably blame RIM, so to be completely sure that you get an honest answer, test it on another platform. It appears to have already been tested on other carriers, but it's very easy to dismiss not getting a result as not going through the proper steps.
    03-26-12 11:14 AM
  14. Superfly_FR's Avatar
    I went there and tried to DL a ringtone.
    "Must be connected before DL a ringtone"
    and the very first question is ... my phone number.

    One registered once it might be associated to your Blackberry ID ... that even the clearance of cookies and temp files won't erase ...

    Try an unsubscribe procedure by texting "STOP" @ 63232 or call 1-800-986-3805; they might explain what's happening ...
    Please provide feedback

    P.S: did you notice you'll get charged automatically $10/month for this "service" unless you unsubscribe ?
    Last edited by Superfly_FR; 03-26-12 at 01:24 PM.
    newcollector likes this.
    03-26-12 01:21 PM
  15. gbwalsh's Avatar
    None of what your saying happens to me. I am not on rogers. I can get to all the m. sites you listed, my number does not show up.

    I would ask rogers. Knowing rogers they are doing alot more than what you have found.
    03-26-12 02:05 PM
  16. aminrajabi's Avatar
    OP, I followed your steps and my number shows up as well. I'm on Rogers with a leaked version of OS 7.1.
    03-26-12 02:30 PM
  17. FreeJACLive's Avatar
    Mine shows up as well. I'm on a corporate Rogers account with BBOS 6 and a Torch 9800.
    03-26-12 04:45 PM
  18. Mr.Conviviality's Avatar
    I would really hope that someone who is reading this and really knows what's going on sheds some light on this. I'd not be suprised at all if Robbers Wireless were giving info out like nothing... they're crooks and need to be further exposed.

    03-26-12 06:35 PM
  19. T
    It's another scandal like the Carrier IQ thing.
    03-26-12 07:25 PM
  20. willwnet's Avatar
    My number shows up too (Rogers, 9900, 7.0).

    Perhaps this company is using Rogers' developer APIs to access our phone numbers for subscription billing: https://www.rogerscatalyst.com/
    Last edited by willwnet; 03-27-12 at 09:01 AM.
    03-27-12 08:59 AM
  21. myfairkadie's Avatar
    I am on a Rogers 9810 with 7.1.0.284 and went to the site and my number shows up too... Not impressed.
    03-27-12 09:14 AM
  22. qbnkelt's Avatar
    I followed the steps posted...my number does not show up.

    One would imagine, given the results from Rogers customers as opposed to those customers not on Rogers, that this is enabled through Rogers' use of the phone's identification to make carrier billing possible.

    Therefore, no Blackberry browser privacy issue. Rather, it's a carrier function.

    The only site I've ever used for ringtones and such is Myxer.com. Have never had any problems with them. No subscription.
    03-27-12 09:24 AM
  23. Klotar's Avatar
    On Rogers here, 9860 w/7.1. The site in question does display my phone number.
    03-27-12 10:13 AM
  24. shupor's Avatar
    Tried it on a Bold 9900 via the Tmobile USA network and my phone number does not display. It's starting to look more and more like it's a Rogers issue
    03-27-12 10:28 AM
  25. qbnkelt's Avatar
    Yup. Perhaps the title of the thread should be updated to reflect findings.
    Would be lovely to have someone using another platform test it and confirm.
    03-27-12 10:46 AM
53 123
LINK TO POST COPIED TO CLIPBOARD