Architect2375
MIS
We recently had a user purchase his own Blackberry and was able to setup our company email on it without enterprise activation or any assistance from us. Possible vulnerability?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Possibly Vulnerability on BES?
- Thread starter Architect2375
- Start date
- Status
- Thread starter
- #3
Architect2375
MIS
No this is an existing user, he just went out and purchased a brand new Blackberry and setup our company email account on it without receiving enterprise activation from our BES. He did already have an Exchange account. What's the point of enterprise activation if users can bypass this and setup their email accounts on these devices.
FarscapeFan
IS-IT--Management
Let me understand what you are saying. He purchased a new BB and swapped his sim from the old to the new? He did not change service providers or anything? Is that what you mean by "setup our company email account on it"?
- Thread starter
- #5
Architect2375
MIS
Hi thanks for the response. Actually I wasn't directly involved with this issue but I work on the network team and was just concerned about the fact that if in fact this is something to worry about. I don't know if he switched sim from old to new, if he did would that explain it? I'm sorry let me get more information...
FarscapeFan
IS-IT--Management
Reason I ask, if you are set up as we are, the activation info is lodged on the BES server and the user does not have to enter anything on the handheld to begin activation.
If a user buys a new unit (doesn't really matter the provider unless your BES restricts it somehow), that user can connect the unit via cable and tell Desktop Manager to swap PIN numbers. At that point, he can simply await the activation cycle and you would not be the wiser unless you happened to notice the different PIN associated with his account during an audit.
Even swapping SIMs would be optional (unless he was using a policy he did not want to lose, I'm not sure if the policy would transfer to the new PIN).
In this scenario, you may consider it a security concern, but if this is a valid user, I'd think it more as a company policy breach.
If a user buys a new unit (doesn't really matter the provider unless your BES restricts it somehow), that user can connect the unit via cable and tell Desktop Manager to swap PIN numbers. At that point, he can simply await the activation cycle and you would not be the wiser unless you happened to notice the different PIN associated with his account during an audit.
Even swapping SIMs would be optional (unless he was using a policy he did not want to lose, I'm not sure if the policy would transfer to the new PIN).
In this scenario, you may consider it a security concern, but if this is a valid user, I'd think it more as a company policy breach.
- Thread starter
- #7
Architect2375
MIS
Good point FarscapeFan thanks for that explanation it helps understand a lot better.
- Status