1. kokonas's Avatar
    Hey all,

    I was wondering how much I should worry about getting compromised / cloned...
    It seems that the only way someone can get your PIN is if:
    a) you give it to them
    b) you add them as a friend in blackberry messenger by PIN

    I read an article on berryreview.com which I must admin began worrying me... should I worry?

    I can't post a link since I'm pretty new so just add the below 3 lines:
    02-19-09 03:37 PM
  2. Branta's Avatar
    This article was not an example of "responsible disclosure". The threat is real, and at least one CB member appears to be a victim of cloning. However, the current uptake all seems to be in the asia region so far - so it might not have a big impact for some time.

    You can reduce the direct risk by not publishing your phone's PIN. Criminal cloners are more likely to trawl for known valid PINs, rather than random guess even within expected ranges. Ideally they are looking for the ones where the users claim to have high powered jobs which might lead to sensitive data. Opinion only, but it should be OK to use your PIN for known 'safe' contacts like work associates, friends and family, but don't publish it for all to see. IOW disclose it like you disclose your primary email address - not on websites where spammers can scrape it.

    Longer term this might force a complete redesign of BlackBerry communication and security. I raised this problem in another thread recently - it has the potential to make existing devices obsolete overnight, and the cost implications for RIM are scary.

    BES users are a little more protected than BIS because communication in the cellular segment between BES server and device can be protected by public key encryption, so it can't be spoofed or intercepted easily by a clone device.
    Last edited by branta; 02-19-09 at 04:22 PM.
    02-19-09 04:20 PM