How secure is Blackberry?
 

I have received great advice here on many technical issues. I have, upon advice given here, changed to WPA2 security. I used to have WEP. I was intimidated by the crappy router I had. It would translate my WEP pass phrase to a hexadecimal string that I found hard to remember. The string would be longer still for WPA. I got a new modem/router when I had FIOS installed that allowed me to use a pass phrase.

Now to the question. We have had a house guest for two months now, whose laptop is connected to our home network. One night I saw an extra device connected too the network. I recognised his laptop, three of our laptops, the two Xboxes and an iTouch but not the Blackberry. As far as I know nine of us had a blackberry. This was before I implemented WPA2. Worried that WEP had alowed the network to be compromised, I blocked the blackberry promising to myself to switch to WPA2 as soon as my kids got off their xboxes. I switched to the WPA2 and set up a new pass phrase. I told my children to pass the new pass phrase on to the guest when he came back from work,
This guest has a habit of rushing to the router at the slightest interruption of the connection. The next day he told me that me that he wanted to show me his new blackberry. It turned out that the blackberry I had blocked was his. He also told me that he had been able to connect to the network with the lap top and the blackberry as late as the night before, but that he had trouble connecting both to the network that day. He was able to connect to laptop as he got on my son's laptop, without asking him, and got the new pass key from the wifi adapter settings.

I think, he is either dangerously stupid or socially inept. I told him he should have informed me that he was going to connect another device to my network and told him it wasn't right for him to snoop into my son's laptop to get the pass phrase. All he had to do was ask. But he said he didn't want to bother anyone, nor did he want to wait, as I was outside and my son wasn't there.

Please forgive me for being so long winded. This is a delicate situation as the house guest is son of a relative, who might be staying here for indefinite period of time, maybe a few months or a few years. I wanted to give you the background information. His office does not require him to use a BB so he uses it purely for recreation, chat, or to check his e-mail, which he could do using his laptop too.

Anyway, he leaves his Blackberry connected to the network all the time. Not 24/7 but about 15 hours day 5 days a week and all weekend. I connect my PDA when I need to, I don't leave it connected. My question is does this pose a risk to the network.

1. I read that Blackberrys are not very secure. Can weakness in Blackberry be used to access my network?
2. Am I compromising the security of my network by allowing him to connect his BB to the network almost 24/7?
3. He has been getting apps from all over, which worries me.

Unless you're hosting plans for nuclear weapons on your network, your concerns are vastly exaggerated.

As you've discovered, nobody is trying to hack into your network. The chances of anyone trying to break into a given home network are pretty slim. WPA2 is a sensible deterrent, but the chances that you'll actually need it are very small.

Connecting a Blackberry poses no danger to your network. What exactly are you concerned will happen? Blackberry's security is legendary - that's why it's the de facto standard for mobile corporate email. If you're truly concerned about the safety of those A-bomb plans, you would be better advised to take all PC's off the network. Think of all the spyware and malware people download!

That blackberry is probably the only thing on your network not worth worrying about.

Edited to add: Where did you hear blackberrys aren't very secure?

Hilarious post.....LOL :D

I don't disagree with you that I can't possibly have anything as sensitive as nuclear plans. Threats of big losses are for those who have big pockets. For an average man degree of loss is moderate, as is the amount stolen damage done by an average criminal.

I related an incident about the guest. Who does not seem to understand what privacy is and does what expedites what he wants to have happen. When one is apt to do stupid things, one increases the risk.

The night I saw the Blackberry, there were two "new hosts" , who, I assumed to be my sons' Xboxes and whose MAC addresses I did not know. At that time, I was a little concerned but not enough to make my kids stop playing Xbox to and tell me their MAC address. Later on, I had my kids give me their MAC addresses. Now they are identified by their names and now they are no longer "new host". Today, I printed out the list of all the devices on the network and there were 4 "new hosts", One of them was my PDA that I had used after a long time, and a printer that I had been able to talk to the network after it not working at all since we got the new modem/router. All the WiFi devices at home have been identified. There are two "new hosts" whose MAC addresses are knew. How does one explain that. There
I always thought why would anyone try to steal my passwords and other information. Someone did hijack my wife's e-mail account last month and sent out an e-mail soliciting money, on account of her being stuck in London, from every one on her address book. Even Delta got one. Delta wrote back apologising for not being able to jelp us. Was this the first time that DL received an solicitation from an e-mail address of Platinum?

Since we have been known to travel at a short notice, a situation like this is not unimaginable. It was annoying and funny at the same time.

If I had known what specifically I was concerned about, I would niot have started this read. What if his BB had a malware, or was infected. Stupid people can make secure stuff wide open.

On an average, yes. One doesn't have to worry with reasonable diligence.

In the last couple of days I came across an article that gave me that impression. I am not saying that it's wide open, but that it can bring threats to home if one is not careful about what one loads on it. I will try and fund it again. I apologise for the slopping wording. I should have worded it differently. When you a person who does not think about what they are doing, I have concerns with how they can make the network vulnerable with their black berry. I suppose proper wording would have been how unsecure is blackberry in the hands of someone who is not careful.
I thought you had expertise. I keep looking at every letter under a magnifying glass, to see if there is any advice hidden there. Nope, nothing there. Nothing but smirch. :rolleyes:

On top of the security you have already, if it would make you feel better you can enforce MAC address filtering. This way even if somebody was to copy a password (which I don't get, the password should not be visible on another machine in the WiFi adapter settings, but that's not what we are discussing), they still would not be able to get into your network unless you added them to the allowed MAC addresses.

I can't possibly think of anything a blackberry could do to your network, so I wouldn't worry about it at all.

Blackberry insecurity comes from its reliance on RIM operated servers where they are willing to allow govts to snoop on your data around the world. I am not hiding anything but opening their proxy up to every govt that threatens a shutdown is asking for trouble.

It seems like you are taking reasonable steps to secure your environment, but if someone stupid has physical access to your machines, your security is already compromised. Your guest's Blackberry isn't nearly as insecure as his lackadaisical attitude! No amout of computer security can fix that. You need to be firm with your "guest," establish rules for living in your household, and enforce them.

OP:

To the truly paranoid...

Once physical security it compromised, it is pretty much game over.

So you would need to establish rules that you expect to have followed when allowing guests physical access to your network. You can hopefully check if those rules are followed by looking at logs, etc. later on

You can also set up separate network segments with limited access to your "home" network. Corporations often take this approach with their conference rooms.

or you could just not worry about it so much :)

Get yourself a router that does dual radios and create a guest network. That'll keep him off your portion of the network.

With all due respect, you're making a mountain over a mole hole. And as most others have already commented, you're just paranoid :(

I have a similar set-up, including Mac filtering, non-broadcast of SSID, WEP (not even WAP because some of our computers are OLD). The set-up is to discourage free-loaders accessing our wifi; it's not bullet-proof. The fact that you 'discovered a BB' means either you didn't properly configure your set-up or it was as you later discovered your home-guest with a new toy.

If someone wanted to hack your network, they would have done so regardless of the safeguards you listed.

Lock 'em up.
 

As others have noted, once your "guest" has physical access, game over.

So, since you've stated you travel on short notice, leaving alleged "guest" to gain access to your router, I'd suggest you place same in a locked facility ("same" referring to the router, not the guest, though perhaps that might work also).

However, since said "guest" doesn't want to bother you when he/she makes changes, you have to assume he/she will simply break into your secure router facility (or out of his/her cage should you go that route).

Oh well...

Thank you for understanding the intent of the question and addressing it head on. So a lackadaisical handling of secure BB can create a gaping hole in your security. The advice you gave is a good advice. I have tried to be firm with him before, on one occasion, he started crying. He is my nephew.

In windows 7 home edition, the newowrk pass word can be visible. There is a checkbox "show characters" there. If you check the box, it will show you the characters. That's how he got the password. So you are saying that even if he had unfettered access to the network and was stupid enough to install shoddy apps on his BB, there is no risk?

The only safe wifi system is one that is unplugged.

I just received one of those "stuck in London" letters myself a week ago from a business associate. It was pretty funny, as I had just read about it 2 months earlier. In most cases people have easy passwords, and then get their account hijacked.