1. thehammer123's Avatar
    It is much discussed on the web that PIN messages are not encripted, so if intercepted they could be easily read. My question is, how easy is it for them to be "intercepted", and could just anyone intercept them? Would it have to be someone in an IT department, or could someone that knows what they're doing get my messages on their blackberry?

    Thanks in advance for your help!
    01-05-09 10:52 AM
  2. howie's Avatar
    not sure about general BIS users, but those on BES are very easy, in fact they are logged on the BES server.
    01-05-09 10:58 AM
  3. thehammer123's Avatar
    First let me say that I'm a newbie at this.

    What is a BIS/BES user? Are you saying that someone would have to be in my company to intercept these messages? Say, if you had my PIN number, could you do something that would copy every pin i send to your phone, or could you somehow grab the pin messages I send?
    01-05-09 11:28 AM
  4. howie's Avatar
    Try these - not sure how much that will help you, but that is RIM's details on the two services:
    BIS
    BES
    01-05-09 11:33 AM
  5. thehammer123's Avatar
    Thanks!

    Our company utilizes the Blackberry Enterprise Server, so theoretically someone in our IT department could intercept these messages, correct? But someone who isn't on our BES would have no way of seeing these messages as long as they were deleted off of the phone itself? Also, if someone had access to my phone, would there be a way for them to set it up where they were copied on any PIN message I send?
    Last edited by thehammer123; 01-05-09 at 11:42 AM.
    01-05-09 11:40 AM
  6. patrick.waugh's Avatar
    Thanks!

    Our company utilizes the Blackberry Enterprise Server, so theoretically someone in our IT department could intercept these messages, correct? But someone who isn't on our BES would have no way of seeing these messages as long as they were deleted off of the phone itself? Also, if someone had access to my phone, would there be a way for them to set it up where they were copied on any PIN message I send?
    You should consider ANYTHING you email, message, or otherwise send electronically as not secure, unless you do in fact encrypt it, and only then if you are using military grade encryption, and trust the destination won't later reveal it.

    When I worked for the County, my former supervisor once said, "Always imagine any email you plan to send projected in 5 inch high letters on a court room wall", to illustrate how to tell if you might want to consider not sending an email.

    Why not just plan on not saying anything you will later regret if EVERYONE reads it? What do you have to hide? Maybe you should work on not having anything to hide, rather than how to hide it!

    Honesty (esp. with yourself) is always the best policy. Easier to sleep at night.
    01-05-09 11:53 AM
  7. Branta's Avatar
    Thanks!

    Our company utilizes the Blackberry Enterprise Server, so theoretically someone in our IT department could intercept these messages, correct? But someone who isn't on our BES would have no way of seeing these messages as long as they were deleted off of the phone itself? Also, if someone had access to my phone, would there be a way for them to set it up where they were copied on any PIN message I send?
    Yes, at least the BES administrator has access to your data. Whether anyone else inside IT could get to it depends on the way they work, and whether the BES password is still a secret. Outside IT your data is not completely secure from managers who pull rank and demand the info from IT.

    As far as access to your phone goes - correct use of the device password will keep out intruders. Spyware for BlackBerry does exist, but it needs physical access to install so the password would block it. That only leaves getting you to disclose the password by physical duress or a court order.

    There is also the relatively new problem if you choose to travel to USA. Any electronic device may be searched (without cause or suspicion) on inward crossing at the US border. If you don't disclose the password you can expect the device to be siezed immediately, and you may be detained until you comply.
    01-05-09 12:10 PM
  8. thehammer123's Avatar
    thanks Branta,

    That answers my question, but brings up another...not concerned about it just wondering.

    If a PIN message is a device to device message, how would the administrator even have access to it? Wouldn't the message bypass the server? If so, then who is a threat to be able to intercept them?

    I guess that's my question, if PIN messages are so easy to intercept, who can intercept them. Anyone? You? if you had my PIN number could you intercept my PIN messages?
    01-05-09 12:21 PM
  9. Branta's Avatar
    The only way would be to clone your PIN into another device. I don't think there is much risk of a duplication with both on the system together because the server side should trip the alarms, so the only way it could work would be to bring the clone to life while your device was off the network.
    01-05-09 12:41 PM
LINK TO POST COPIED TO CLIPBOARD