01-08-16 02:41 AM
60 123
tools
  1. hennesseystealth's Avatar
    I have a Z10-3 and have had it since it came out and have been using a TMO mvno (Solavei) since then. I have never had any issues and when they finally turned on LTE, I have had great connection speeds (20x20mbps).

    However, about a week ago my email wouldn't connect to my server (looked like time out issues) and several other data dependent apps (Weather, iHeart, and The Score) stopped updating/streaming. On WiFi, no problems. I thought this might be my OS, so I reloaded using an autoloader, but nothing changed (10.3.2.2789).

    I work out of my house and haven't done any traveling since this started, but today I had a meeting in San Jose (35 miles from my house) and as soon as I was 1-2 miles from home, everything went back to normal. Get back home, and back to data issues.

    The last strange fact is that Solavei sent me an email and SMS saying I was approaching my 2Gb limit on data. That is strange for 2 reasons; 1) my monthly average for the past year plus has been about 1Gb and 2) I haven't been able to use the apps that would use the most data. I have asked Solavei for a day-by-day list of data consumption, but they haven't provided that yet.

    Anyone ever see issues with handshakes between a BB phone, a specfic TMO tower, and data servers?

    Not sure where to turn on this one since my "carrier" isn't really responsible for the towers.
    11-10-15 07:24 PM
  2. gariac's Avatar
    I had the same problem. I have a thread on Reddit and for the most part, nobody believed me. I'm also in the bay area.

    What I determined is the tower had issues with secure data (https). Plain http worked just fine.

    I went so far as to document the TLS handshake using Wireshark with my BlackBerry on a USB tether. You can see the repeated attempts at getting TLS to go through. To be scientific about this, I repeated the same sessions on a tower a few miles away. The packet sniffing sessions were totally different. To keep the logs simple, I connected to my private email server. Connecting to a webpage these days has so much 3rd party traffic than the packet sniffing logs are a mess. The email client produces a clean Wireshark log, plus since it is my server, I got to view the maillog on my server.

    I called 611 and was insistent enough to get bumped up to the BlackBerry guru. It took two days, but the tower was fixed. Funny thing is the guru didn't sound all that surprised. He figured it was a firewall issue.

    I bet you will find the Ookla Speedtest works just fine. No crypto there.

    My private email server doesn't allow any weakened crypto (export grade). I have what some would consider a crackpot theory, that some three letter agency has a target that used the tower. Hence strong crypto blocked, but insecure comms go right through. But it could have been a firewall problem.

    If you work out of your house, are you using a VPN? Crypto there of course.

    Edit:

    A MVNO does something like a proxy to verify that you are really allowed on the network. There are threads regarding increased ping times for AT$T users on Cricket versus native AT$T. Using a proxy isn't exactly like my TLS issue, but it is possible they use a crypto key in authentication.


    Posted via CB10
    11-11-15 09:48 PM
  3. hennesseystealth's Avatar
    I don't know what type of encryption, if any, the native Weather app, iHeart, and The Score use. Our corporate email has authentication SSL on SMTP and incoming. Not sure what Gmail uses, but that is hosed too.
    11-12-15 01:07 AM
  4. gariac's Avatar
    You probably have TLS on your corporate email. Google Mail can be TLS or RC4.

    http://thehackernews.com/2015/09/dis...ption.html?m=1

    I believe if you use the Google Apps email pay service ($5 a month), you get TLS. Google is supposed to drop RC4 in 2016. Quite a few email services have been waiting on Google to pull the trigger so that SSL3 support can be dropped.

    The BlackBerry browser has a progress line on the bottom. Probably not news to you, but I had to mention it to be sure my point is getting across. When I had the tower problem, the progress line would advance a little, then a dot would flash on the line. My assumption is the flash occurred at the TLS handshake. The progress line would just sit there and flash as repeated attempts were made to establish Diffie Helman. Then the server would time out.

    For one website, I got a warning from CloudFlare. I suspect it looked like I was attempting to DDOS.

    I dropped iheart though I still have the app. My recollection was it wanted too much regarding permissions, or maybe I had to register. Something changed and I stopped using it.

    Regarding the weather, they might us DNSSEC. Just about all websites use Google analytics. My understanding is Google Analytics can be https on a website that is just http, but since I don't use Google Analytics, I have no first hand knowledge. On the BlackBerry, I don't believe to can block Google Analytics, but if you tether, there are many way to block it, such as Privacy Badger.

    Going back to email, I should point out it is possible to have no encryption on email. It depends on the security policy of the host. Many email servers are set up to accept secure or insecure email. If you are using port25, you have no security.

    Basically the hosting company doesn't want to hand hold the customer regarding encryption. They leave it up to the user. In my case, the customer is me, so I don't allow any unencrypted connections to the mail client.

    Posted via CB10
    11-12-15 02:08 AM
  5. hennesseystealth's Avatar
    Understood. Yes, I get the same blinking dot on the browser. Given who my customers are, going completely naked on email would have some guys in suits showing up...
    11-12-15 10:32 AM
  6. gariac's Avatar
    Since you are on a MVNO, who do you get when you call 611? If you do get Tmo, this should be solvable.

    I suspect Tmo turned on some telemetry on my phone. I got a funny "do not respond" text.

    If you aren't proactive about this, it is unlikely the problem will go away. A router issue doesn't appear like "no service".

    Posted via CB10
    11-12-15 11:44 AM
  7. hennesseystealth's Avatar
    Since you are on a MVNO, who do you get when you call 611? If you do get Tmo, this should be solvable.

    I suspect Tmo turned on some telemetry on my phone. I got a funny "do not respond" text.

    If you aren't proactive about this, it is unlikely the problem will go away. A router issue doesn't appear like "no service".

    Posted via CB10
    611 = message that the service is restricted and unavailable. I'll keep hammering Solavei.
    11-12-15 01:02 PM
  8. gariac's Avatar
    611 = message that the service is restricted and unavailable. I'll keep hammering Solavei.
    You might want to set up the Wireshark packet sniffer to get some evidence. Worked for me.

    Set up a USB tether to a PC. Make sure wifi is turned off. No open browser. Basically you want to limit network activity. Set up capture on your usb connection, then use your mail client to download email.

    Posted via CB10
    11-12-15 10:40 PM
  9. hennesseystealth's Avatar
    You might want to set up the Wireshark packet sniffer to get some evidence. Worked for me.

    Set up a USB tether to a PC. Make sure wifi is turned off. No open browser. Basically you want to limit network activity. Set up capture on your usb connection, then use your mail client to download email.

    Posted via CB10
    If you truly mean tether, then I am out of luck. Solavei has disabled tethering and hot spots. I can't use the phone to provide either a wired (USB) or Bluetooth signal to my computer or any other device.
    11-13-15 12:16 AM
  10. gariac's Avatar
    Yes, I did mean tether. No big deal. It is just nice to document the problem. I have no idea how to packet sniff from the phone.

    You could ask your IT department to grab a server log as you try to log into your email. But save this as a last resort. That is, if you get no help out of your MVNO.

    If you have a VPN, that would be far easier on the server side to document that the tower is funky.

    This all begs the question: why is Tmo messing with their firewalls all of a sudden.


    Posted via CB10
    11-13-15 02:24 AM
  11. hennesseystealth's Avatar
    Apparently, the whole issue of false towers and other hacks on the cell network are a big deal everywhere. I got this link from a friend that I generally refer to as the quadruple agent given his ties to the US, Canada, China, and Taiwan.

    Who Is Spying On US Cellphones? Lawmakers Demand an Answer - Defense One

    I will talk to IT and setup a log and make sure my only access to email for the period being monitored is my cell phone. I'll run on cell for part of the time and WiFi for part.

    UPDATE: You won't believe the response I got from Solavei tech support. The reason I can't connect encrypted data is my neighborhood has trees. WTF
    11-13-15 10:18 AM
  12. gariac's Avatar
    For packet sniffing on your end, it is best to limit what goes out on the network. However your corporate server will just see your packets.

    With Wireshark, you can filter out the extraneous stuff, but it takes less brain power not to have to use the filters in the first place.

    I have Tmo coming through on my fillings. I'm two blocks away from a TMo site. So tech support ruled out a weak signal quickly.

    I get a RSSI around -55dBm. And that is with those crypto filtering trees between me and the tower.

    A light bulb just went off. I wonder if TMobile is rolling out some packet sniffing software to find uses that are abusing their tether limit with apps?

    Posted via CB10
    11-13-15 11:21 AM
  13. hennesseystealth's Avatar
    I finally got my data usage report and it went way up right about the time I couldn't log into my email or other encrypted servers. Funny thing is the report shows the MSISDN Target as Solavei until the data problems and then that field is blank for every time stamp after that.

    UPDATE: The report only shows data for MMS and that is a mere 12Mb when they said I exceeded my 2Gb of LTE data. I hear a big sucking sound coming from somewhere and it isn't south of the border.
    Last edited by hennesseystealth; 11-13-15 at 08:06 PM.
    11-13-15 05:52 PM
  14. hennesseystealth's Avatar
    After pounding on Solavei all day and finally telling them this would be my last billing cycle with them, some of my encrypted connections have started working again. I can send email but still can't receive it. All my apps are working that weren't previously (iHeart, The Score, Weather). However, yahoo.com, which uses SSL (blue lock icon), loads extremely slowly with the blinking dot. So, something has loosened up but not completely. Checked with Ookla and I am at 23x23mbps.
    11-13-15 11:30 PM
  15. gariac's Avatar
    Even if they thought you were over your limit, the fact you could get normal operation on another tower would indicate the limit isn't the problem.

    Now what we do have in common is our home towers is where the problems occurred. What I didn't do is see if some other Tmo customer could use "my" tower without problems on encrypted services. (Everyone I know is on AT$T or Verizon.) I'm really hoping we weren't targeted. But then it would be a weird targeting criteria since service would be fine on the next tower over.

    Edit:

    Since you can send email, you might find this website useful.

    http://dkimvalidator.com/

    What the website is intended to do is study your email server to verify that certain features specific to your identity are set up properly. But what you can do is see your email header without having the ability to receive email. What you do is send email to the address that the website creates. Then select the "view results" and the first box will contain your header. The idea would be to do this at your house then at another tower and see if anything is different.
    Posted via CB10
    Last edited by gariac; 11-14-15 at 03:05 AM.
    hennesseystealth likes this.
    11-14-15 02:50 AM
  16. hennesseystealth's Avatar
    Not sure exactly what I would be looking for. Sending from my phone or my laptop generates the same IP address, which is good as that means that both messages are being routed through our corporate email server. I'll try this when I am out of the house and compare results.
    11-14-15 10:25 AM
  17. gariac's Avatar
    The header should reflect your IP address, which ought to be different between your phone and notebook, which I assume is on another network. For example:

    "Received: from [172.56.16.194] (helo="

    If you run ip2location.com on your phone, the addresses should match. Maybe other details will be different from a good tower. I don't have a busted tower at the moment to do a test. ;-)

    You can also test your email server identity foo. Look for:

    "Validating Signature
    result = pass"Result: pass (Mechanism 'a' matched)


    "Result code: pass
    Local Explanation: : is authorized to use '' in 'mfrom' identity (mechanism 'a' matched)
    spf_header = Received-SPF: pass (: is authorized to use '' in 'mfrom' identity (mechanism 'a' matched)) "

    The first is your DKIM. The second is your SPF.

    Possibly you may not use DKIM. SPF should be there. Probably not all that useful, but interesting in a geeky way. This identity foo gets you a lower SPAM score. There are two other tests that the dkimvalidator.com doesn't check, if you want to get in the weeds. Namely reverse DNS and DMARC.

    If all servers passed this identity foo, you could reject all SPAM.



    Posted via CB10
    11-14-15 06:18 PM
  18. hennesseystealth's Avatar
    The first received from is the IP address from our corporate server. The second one listed is the ISP I am on that generates the actual message. My cell phone IP address doesn't exactly match the one reported by DKIMvalidator. My phone says XXX.XX.38.14 and DKIMvalidator says XXX.XX.38.167] (port=22562 helo=[127.0.0.1]).

    Both the cell and the laptop for DKIM say:
    Validating Signature
    result = invalid
    Details: public key: not available

    SPF has the same info for both.
    11-14-15 08:18 PM
  19. gariac's Avatar
    Yes, first IP is the email server, and the second is you. Perhaps the MVNO changes your IP, but you are still in the TMobile address range I presume.

    It is good to be cautious about putting data on the interwebs, but the Tmo addresses are dynamic (reclycled), so no need to worry about revealing them.

    DKIM is used for a low spam score, but has a secondary use. If somebody is using your email address AND DKIM works, they are in your server. You are pwnd. Drop everything and fix it. DKIM is a public / private key crypto that is pretty good. The minimum key is 1024 bits.


    Posted via CB10
    11-15-15 01:36 AM
  20. gariac's Avatar
    My tower problem has returned. I was fed nonsense from customer service. Solutions were to use my wifi or don't use encryption. I was told to expect degraded service when using encryption.

    I'm probably going to have to join AT$T if they refused to fix it. My DSL will surely go out when the monsoon season kicks in.

    Posted via CB10
    11-23-15 10:53 AM
  21. hennesseystealth's Avatar
    My tower problem has returned. I was fed nonsense from customer service. Solutions were to use my wifi or don't use encryption. I was told to expect degraded service when using encryption.

    I'm probably going to have to join AT$T if they refused to fix it. My DSL will surely go out when the monsoon season kicks in.

    Posted via CB10
    Everything is working for me except I can't receive email at my house...get in the car and start driving and a couple minutes later bing bing bing...all my email shows up. I am moving to Cricket Wireless on their $35 monthly plan as soon as my cycle ends in early December. I can't get Solavei to get off their a$$e$$ to even try to find out what's going on.
    11-23-15 11:16 AM
  22. gariac's Avatar
    Amazing how an hour after I complain, the problem goes away. I'm guessing somebody booted the server remotely. Maybe I need to visit the tower periodically and throw the breaker.

    Cricket had a 20G for $60 plan. I nearly took it. But my phone kept reseting when I tried the Cricket SIM. I never got more than maybe 2Mbps download. They promise 8Mbps. I would still have taken the deal to get the AT$T coverage in Yosemite, the Eastern Sierras, and Central Nevada. But the constant phone resetting was an issue.

    I may try Cricket again. I'm thinking of getting a Cricket simcard for my next rural trip since Tmo doesn't seem to be interested in providing service where I want to go.

    I was on a non-standard OS rev at the time. I have a satellite messaging device and needed a better version of the Android Player. (I had to buy an old Android phone just to use the device prior to BlackBerry getting the Android Player working. ) I'm on the OS rev that Tmo now supports, but possibly that would help with Cricket/AT$T as well.

    Posted via CB10
    11-23-15 12:46 PM
  23. gariac's Avatar
    Anyone seen strange data issues on a specific TMO tower?-no_bb_symbol.png

    Note the lack of the BlackBerry four dot symbol in the upper right corner. This was after booting the phone. I'm not entirely sure what the symbol represents since we don't exactly have BIS anymore. I think the BlackBerry phone still "phone home" to some degree, and probably TLS is involved. The symbol eventually showed up.

    Posted via CB10
    11-23-15 12:58 PM
  24. hennesseystealth's Avatar
    Click image for larger version. 

Name:	no_bb_symbol.png 
Views:	321 
Size:	164.0 KB 
ID:	381773

    Note the lack of the BlackBerry four dot symbol in the upper right corner. This was after booting the phone. I'm not entirely sure what the symbol represents since we don't exactly have BIS anymore. I think the BlackBerry phone still "phone home" to some degree, and probably TLS is involved. The symbol eventually showed up.

    Posted via CB10
    I only get the BB symbol when I am on WiFi. I will have to check if I get it when I am away from home and on a different tower.
    11-23-15 01:02 PM
  25. gariac's Avatar
    The BB symbol indicates BlackBerry data services have connected and are available.

    You should get it whether on WiFi or a hard tower. The delay simply means your phone hasn't established a connection with BlackBerry servers yet (used for BBM, etc.).
    .
    Attachment 381774

    [CB10 / Q10]
    As I expected, but I presume it uses TLS, hence the delay. Normally there is no time to catch the phone in this state.

    Posted via CB10
    11-23-15 01:44 PM
60 123

Similar Threads

  1. Apple Music for Android on BlackBerry Passport
    By ridmaur in forum BlackBerry Passport
    Replies: 21
    Last Post: 12-01-16, 09:56 PM
  2. Replies: 16
    Last Post: 05-19-16, 02:46 AM
  3. Replies: 30
    Last Post: 12-03-15, 07:34 PM
  4. Android on BlackBerry Passport?
    By yousuf almakhmari in forum Ask a Question
    Replies: 1
    Last Post: 11-10-15, 08:09 PM
  5. 7 out of 7 5 Star Review on Amazon
    By 3junior in forum BlackBerry Priv
    Replies: 8
    Last Post: 11-10-15, 07:45 PM
LINK TO POST COPIED TO CLIPBOARD