Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® OS Smartphones

Reply
New Member
Posts: 2
Registered: ‎04-09-2008
My Device: Not Specified

BB8320 WiFi data security hole, circumventing SIM PIN security

I was just wondering if anybody noticed the rather large security hole in the BB8320 UMA service:

 

I am using a BB8320

Vendor ID: 100

Platform: 2.5.0.36

App Version 4.2.2.180 (327)

 

T-Mobile USA service

 

When you enable SIM PIN on the device, the device's UMA data service ignores the fact there has not been a SIM PIN entered. Upon cold powerup, the SIM PIN password dialog comes up. If a WiFi network that is on the preferred network list is nearby, UMA will associate with the WiFi network for BIS data services.

 

At this point, any e-mail messages that need to be downloaded are pushed to the device.

 

Now, obviously removing the SIM card gives a data thief unfettered access to CURRENT data on a device.

 

This UMA glitch allows a data thief to easily gain access to FUTURE data on a device unless more device security is put in place.

 

Since @home and HotSpot are on the list of approved networks, a data thief could fairly easily:

 

1. Take a UMA 8320 with SIM PIN to a T-mobile store or Starbucks, wherever a T-mo HotSpot may be

2. Turn the device on, let it stop at the SIM PIN screen, and wait for it to auto-associate with the WiFi network and start a data tunnel with the BIS servers

3. Wait for new e-mail messages to download to the device

4. Then, turn the device off, remove the SIM card and reboot

5. They now have access to current e-mail message on the stolen BB8320.

 

With UMA service disabled, the device behaves correctly, and does not start up an EDGE data session until AFTER entering the SIM PIN. Just like all previous BBs (8700, 8100, et. al.)

 

No data service authorization should take place until the SIM card is properly unlocked as this circumvents proper SIM card security. 

Regular Contributor
Posts: 96
Registered: ‎04-07-2008
My Device: 9900
My Carrier: Cable & Wireless

Re: BB8320 WiFi data security hole, circumventing SIM PIN security

Very interesting; all the more reason for policies on BES servers and lets here it for remote wipe.
New Member
Posts: 2
Registered: ‎04-09-2008
My Device: Not Specified

Re: BB8320 WiFi data security hole, circumventing SIM PIN security

Definitely, that of course will circumvent the issue, but for all the new consumer-market BIS users they aren't so fortunate.