Tired of waiting in the BBM for iOS line? Turns out there's a proxy-based skip for that!

BBM for iOS app susceptible to proxy-based line-skipping

After a failed attempt last month at rolling out BlackBerry Messenger (BBM) for iOS and Android, BlackBerry is giving the rollout another try. However, anybody who did not sign up previously is stuck waiting for their turn as BlackBerry slowly rolls out BBM to new users... unless you know how to skip the line.

Somewhat surprisingly, it only took iMore a few minutes to find a way to bypass the BBM queue by proxying a device's traffic. After launching the app, BBM will ask you to enter your email address. The app then checks with BlackBerry's servers to see if you're supposed to have access yet. If not, the app will tell you to come back when you've received an email telling you that you've reached the front of the line. There's a button in the app that says "I got the email" which, when tapped, will check with BBM's servers again to see if it's supposed to let you in. Rather than waiting for the email, you can just change the server's response.

Using a proxy like Charles, you can proxy your device's traffic, monitor requests made by BBM, and alter the response returned by the server. In this case, the app makes a request to http://dai.blackberry.com/tag/bbm/whitelist which contains a few pieces of data, including your email address. A response for a user who does not yet have access will look something like this:

{
    "message": "", 
    "result": {
        "count": [some value], 
        "email": [some email address]
    }, 
    "status": "success"
}

The interesting part here is "count". Can you guess what the value of count is for a user who is supposed to have access? If you guess correctly, you win the ability to use the BBM iOS app. If you modify the server's response to have that count value, BBM will let you move on to the account creation screen.

Some of you may be wondering "who would want to go to this trouble to use BlackBerry Messenger?" I honestly don't know, but there you have it. CNET actually published a much easier trick, but users seem to be having mixed luck with it and iMore was not able to reproduce their findings for iOS.

iMore reported the issue to BlackBerry earlier today, and we anticipate a fix in the near future. One solution would be for BlackBerry to add a server-side check to the account creation process, so that when a user submits their new account information, BlackBerry's servers would check on their side to see if you're supposed to have access yet. If you were not supposed to, the account creation would fail on BlackBerry's servers and an error returned to the app. This is how Mailbox patched a very similar vulnerability in their queueing system earlier this year.

Until then, technically savvy users desperate to get on BBM have a way to skip the line.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

6
loading...
32
loading...
85
loading...
0
loading...

← Previously

Researcher continues exploring iCloud security, some media outlets continue to overreact

Next up →

Today's Apple Special Event to be live streamed

There are 26 comments. Add yours.

tuffy100 says:

I entered my previous Blackberry ID and got in right away

airjordanxx2 says:

That's what I did too!!!

Sent from the iMore App

Moustapha Gamal says:

How that
I was have blackberry before my iPhone and I entered my id and it's not work yet and still said to me u must wait
What I can do ???

Sent from the iMore App

shinuyuki says:

I started doing the CNET method you mentioned above, but it worked immediately before I could try. Went from create account button straight into making the account. I never received an email either. First time using blackberry.

Maybe I got lucky? Maybe my email decided not to come, but I was still on the list? Either way, I suggest you guys try it anyway.

airjordanxx2 says:

You will get an email saying that you have to confirm that email address after you created the account. I was able to do this on my HTC One and almost on my iPad mini. I also got the bbm working on my iPhone since I used to have blackberry from 2007-2012. Right now this cnet isn't working anymore...

Sent from the iMore App

theKHMERboy says:

I made my account and got to use it right away.. Miss bbm and happy that is back just need everyone else to start using it again and it needs video calling

iSRS says:

Took me less than 10 hours to get it. So not that long of a wait.

Sent from the iMore App

RagedUSMC says:

I did mine yesterday around 5pm EST..and still nada!

aiwama says:

I am missing something here? Is this BBM for iOS so important that people are killing themselves to get it!? I just cannot understand how Apple manages to allow millions to upgrade, say from iOS6 to iOS7 without a glitch, while BBM 'dribbles' its app to users.

carrickfergus says:

Same here. What is the attraction???? Nostalgia??? Much ado about nothing IMO.

zhelf says:

novelty mostly i will never touch it but it is nostalgic lol

blyths says:

Seriously? Apple users have trouble with every iOS update.

crankerchick says:

hardly without a glitch. iTunes Match took a nose-dive the day of the iOS 7 release and remained crippled for almost 2 days afterward. That, and the number of folks who had issues, I would hardly say the iOS 7 release, like every release before it, went "without a glitch." But enjoy the kool-aid.

zhelf says:

i signed up in the line closed the app and went back in and it let me sign in. never got any email, then i invited my friends and they bypassed the line.

phreddyl says:

what do you mean invited your friends? Did they have to set up new account or did they already have one

omarwbu says:

Invite me so I can bypass the line O:

johngirolamo says:

Seriously, BB is forcing people to sign up and wait?? Disturbing!!

aiwama says:

I just cannot believe these guys! Seriously disturbing!!! What a joke...

kilcher says:

I've never used BBM, only heard good things about it. Kind of want to try it out. If it only provides the functionality of contacting other people who have BBM then the novelty will quickly wear off for most.

Letting you download the app and then making you wait for an email is really not a great way to put a "new" product out there.

I tried the c|net method a few times, didn't work for me.

ccostel says:

I was able to create a Blackberry ID by going to this site location: https://blackberryid.blackberry.com/bbid/createaccount?
So now I have an ID, but it isn't letting me in yet. Not sure if it is a matter of databases syncing up or what it is.

Moustapha Gamal says:

What's the salutation ?? :(

Sent from the iMore App

Roxmo says:

Ah, so you recommend being an egotistic jerk and cheating people in line!

jakeless.123 says:

I took the steps that CNET mentioned and I was able to sign up right away.

Sent from the iMore App

Nikisha Clack says:

I dont get it what do u have to type {
"message": "",
"result": {
"count": [some value],
"email": [some email address]
},
"status": "success"
}
This into .???????????????

VilleOne says:

This is a poor article set to send users on a wild goose chase. There are no instructions on how to get Charles to act as a proxy for your iPhone and then you have the problem of attempting to sniff the SSL traffic which Charles doesn't do very well and on top of that, you have to fake the response back to the app for that specific request.

Now I am tech savvy and was able to get 90% of the way on this, what makes this guy think that anyone else who isn't technical will have a chance in hell of making this possible?

By the time you get this to work you will probably end up at the front of the queue.

So Nick, how about you post a youtube video of this process from start to finish? or just delete this article!

Nick Arnott says:

This article was intended to highlight a weakness in the way BBM's line was implemented. It was never meant to be a tutorial, and I'm sorry if you got that impression.