Seeking Alpha

KIA Investment ...'s  Instablog

KIA Investment Research
Send Message
A little bit about me: I hold two US issued software patents and one issued internationally. I have 3+ decades experience as a software architect, and 14 years as an intellectual property researcher. I've delivered 1/2 a dozen shrink-wrap retail software packages to market. I spent 3 years at... More
  • BlackBerry Messenger And Your Privacy 18 comments
    Jan 27, 2014 2:14 PM | about stocks: BBRY

    While looking into BBM security issues surrounding emulation via BlueStacks, I stumbled across this interesting passage in the BlackBerry BBM Terms of Service with regard to the data BlackBerry collects and makes available to 3rd parties.

    Enjoy!

    (a) Personal Information. Your use of the BBM Solution (or any portion thereof), including the installation and/or use of the Software, or associated Airtime Services, or the creation of a BlackBerry ID, may result in the Processing of personal information as defined under applicable law about You, or if You are a corporation or other form of legal entity, Your employees and other individuals that You authorize to use Your BBM Solution on Your behalf (collectively, "Users") by the BlackBerry Group of Companies and its service providers, Your Airtime Service Providers, and third parties with products or services used with Your BBM Solution. Depending on the Services used, personal information may include information such as name, display picture, status and personal messages, email address, telephone number, language preference, BlackBerry ID, account credentials and settings, Device information (for example, Device identifiers and Device model), country and time zone, Airtime Service Provider information, and information about the use of Your BBM Solution functionality and the Services or software and hardware utilized in conjunction with Your BBM Solution. Depending on the availability of features in the BBM Solution, address book information, Device location data, calendar, photos, reminders may be accessed by the BBM Solution and Processed by BlackBerry to provide functionality that uses this information as part of or in conjunction with the BBM Solution (for example, to allow You to send a "Recommend BBM" email or SMS to contact(s) in Your address book). You consent that the BlackBerry Group of Companies may collect such personal information from You directly, or obtain it from Airtime Service Providers or third parties with products or services used with Your BBM Solution. Where You are a corporation or other legal entity, You shall ensure that You have obtained all necessary consents and authority to agree to, and give the consents required under this Section 19 as they relate to personal information of Your Users that is collected through their use of Your BBM Solution.

    (b) Purposes. Consistent with BlackBerry's Privacy Policy, personal information may be Processed by the BlackBerry Group of Companies and their service providers for purposes related to (i) understanding and meeting Your needs and preferences and to provide You with Your BBM Solution and BlackBerry ID; (ii) developing new and enhancing existing products and services, including to communicate with You about them [read: spam]; (iii) managing and developing the BlackBerry Group of Companies' business and operations [read: whatever they want to use it for]; and (iv) meeting legal and regulatory requirements. Furthermore, BlackBerry may make available to or send to Users upgrades or updates, or notices of upgrades or updates, of the Software, or other BlackBerry products and services, Third Party Software, Third Party Content or Third Party Services and related products or services[read: more spam].

    So if you thought your personal data is absolutely secure while using BBM, think again.

    Themes: Privacy, BBM, Security Stocks: BBRY
Back To KIA Investment Research's Instablog HomePage »

Instablogs are blogs which are instantly set up and networked within the Seeking Alpha community. Instablog posts are not selected, edited or screened by Seeking Alpha editors, in contrast to contributors' articles.

Comments (18)
Track new comments
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    So Blackberry can use your info to:

     

    1) Provide you with your initial BBM account credentials
    2) Improve their products and services
    3) Communicate with you regarding updates to products you use
    4) Communicate with you regarding other products / services (spam)
    5) Comply with legal and regulatory requirements

     

    What part of this is news to you?
    27 Jan, 02:55 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » including to communicate with You about them

     

    -spam

     

    Furthermore, BlackBerry may make available to or send to Users <snip> or other BlackBerry products and services, Third Party Software, Third Party Content or Third Party Services and related products or services

     

    -more spam

     

    And...
    "personal information may include information such as name, display picture, status and personal messages, email address, telephone number, language preference, BlackBerry ID, account credentials and settings,"

     

    Your personal messages?!!!! Your photo? Your address book?
    Come on..
    27 Jan, 02:59 PM Reply Like
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    You started out looking for security risks regarding the Bluestacks Android emulator used to run BBM for Android.
    You haven't reported any.
    Noted.
    27 Jan, 03:00 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » LT, I have, go check the original thread ..
    27 Jan, 04:21 PM Reply Like
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    KIA I have read all of your posts on this. All I found was vague statements. I tried to get you to be specific, remember? Just got more of the same.
    27 Jan, 10:10 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » @LT,

     

    "About the PIN When manufactured, each BlackBerry device is assigned a unique personal identification number (PIN). "

     

    "This allows identification of each BlackBerry and ensures that mail destined for a particular individual is delivered correctly."

     

    http://bit.ly/M5LQuc,
    http://bit.ly/M5LTpP

     

    So presumably BBM uses this PIN in largely the same way as email etc. then spoofing this PIN (which BlueStacks must do) allows on to fake the origin of a message; my original point.
    27 Jan, 11:31 PM Reply Like
  • jbzet
    , contributor
    Comments (14) | Send Message
     
    @Kia, Looks like you have a lot of time on your hands to devote towards $BBRY. I only wish you covered both ends of each story as opposed to just trashing it's image.

     

    To all investors who have read you're many posts you're starting to appear very desperate. Poor you, must be hard to be all alone there....

     

    Long $BBR, the rightful King!
    27 Jan, 07:48 PM Reply Like
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    You're partially right but mostly wrong :)

     

    http://bit.ly/19Z9eVs
    http://bit.ly/Y3rujY
    http://bit.ly/19Z8ZK1
    Spoofing is technically possible but clearly not as easily done as you suggest. The articles indicate that it has not be done to date.
    28 Jan, 12:26 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » These spoofing attacks are quite different. While they are talking about spoofing the PIN, they are talking about doing so by using the global encryption key at the cellular service providers network.
    As they point out it's possible, but likely very difficult.

     

    The exploit I'm describing is entirely different. Again...
    1. we know BlueStacks can emulate a smartphone well enough to fool BBM
    2. Since BlusStacks is just software, we know it can be debugged
    3. When software can be debugged, run-time values can be changed at will. It's called Edit and Continue http://bit.ly/LkPz7f
    4. Edit & Continue (or a static patch) will allow me to substitute in whatever PIN I want. (since we know a priori BlueStacks is able to do this.)
    28 Jan, 02:23 PM Reply Like
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    I think you should try it and get back to us. It sounds like you believe you got ig figured out so it shouldn't be too hard. in fact if you're right you could just write a simple app in you pc using your bbm pin to prove your point.

     

    I think that since the pin is basically public info, bbm is smart enough to map it to a device id at the server end to manage the service. that way, even if you spoof the pin, it would not successfully send or receive messages for that pin. that's why bbm requires a unique pin for each device.

     

    Like I said, it should be easy for you to prove or disprove your theory. let us know how you make out.
    13 Feb, 12:44 AM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » LT, I have no interest in proving anything to you or anyone else (no offense intended.)

     

    This information is sufficient to raise doubts in my mind which in turn affects my investment decision making.
    If you find nothing of value here, then that's great.

     

    I find the value of investment forms to be a place to learn or gain new perspectives.
    13 Feb, 01:40 PM Reply Like
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    Fair enough, but what did you learn? That you think there may be a problem? Not exactly actionable until confirmed, is it? No offense intended.
    13 Feb, 01:56 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » Certainly actionable in my investment decision making.
    But this is not the only factor, there are many factors I'm looking at, like both Samsung's KNOX and Apple's hardware based security.
    While the longs like to dismiss KNOX because of a flaw, they fail to acknowledge the bigger picture; the competition not only recognizes advanced security is important, but that they are actively designing and producing product to address this.

     

    This is probably the biggest factor in my bearish thesis against $BBRY. If I/we wait until these issues are *actionable* then it will likely be too late for retail investors like you and I.
    I prefer to reason-my-way ahead of the curve.

     

    Best of luck to you LT!
    13 Feb, 02:36 PM Reply Like
  • LTI0723
    , contributor
    Comments (807) | Send Message
     
    And to you KIA.
    13 Feb, 03:35 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (9034) | Send Message
     
    Author’s reply » Do you think this is real?

     

    http://bit.ly/1gV7wY4

     

    Here's the owners website
    BBMHack.info
    7 Feb, 07:45 PM Reply Like
  • Transcend Asset
    , contributor
    Comments (1620) | Send Message
     
    MKIA,

     

    Wish you could find me the video as I'm just going through your blogs now. As for BlueStacks, I too would love to see you prove your theory. Back in the days, hackers were something to aspire to as they were the computer elite.

     

    If not for trying it yourself, I suggest you post your theory to a site for computer security and see if a series of hackers are willing to break the BBM system to prove its inferiority.

     

    I'd be interested in an update. Cheers!
    26 Apr, 01:37 AM Reply Like
  • ELLAS
    , contributor
    Comments (1726) | Send Message
     
    When and where is data collected?
    Why not contact BBRY for this information. In the meantime, BlackBerry Messenger is the most secure Messaging platform in the world with the added benefits of being Real Time.
    24 Apr, 12:36 PM Reply Like
  • Transcend Asset
    , contributor
    Comments (1620) | Send Message
     
    ELLAS,

     

    I think this data collection freakout that MKIA is trying to go on about is overblown. Signing up for a PIN means they collect your info. It ends just about there unless I guess you choose to invite your contacts, then of course it asks you for permission.

     

    It basically boils down to a bunch of legalese to make sure they don't get sued. If you want the bells and whistles and features, you're going to have to help them give it to you. I think going down the BBM Store route with future possibilities of multiple items for sale through it, all this information gathered and stored will need to be retrieved and given to you for review/ update/ edit and they need to say they've got it on their system and they're keeping it.

     

    I personally don't see it as being much different from other online sites and services agreements. As for photo, we get to put one up for our BBM, like an avatar. Maybe MKIA is trying to suggest all conversations are being monitored as well. Including real time file transfers of photos and texts.
    26 Apr, 01:43 AM Reply Like
Full index of posts »
Latest Followers

StockTalks

  • $BBRY, Passport #2 best selling phone on Amazon, right behind the Amazon Fire Phone?!! haha! http://amzn.to/14qyFut
    2 days ago
  • Taking A Closer Look At BlackBerry's EZ Pass Program And BES10 Uptake $BBRY http://seekingalpha.com/a/1m0ur
    3 days ago
  • $BBRY, Just sold my Dec 20th $10 strike puts for a sweet 50% gain.
    Nov 19, 2014
More »
Posts by Themes
Instablogs are Seeking Alpha's free blogging platform customized for finance, with instant set up and exposure to millions of readers interested in the financial markets. Publish your own instablog in minutes.