Tired of waiting in the BBM for iOS line? Turns out there's a proxy-based skip for that!

BBM for iOS app susceptible to proxy-based line-skipping

After a failed attempt last month at rolling out BlackBerry Messenger (BBM) for iOS and Android, BlackBerry is giving the rollout another try. However, anybody who did not sign up previously is stuck waiting for their turn as BlackBerry slowly rolls out BBM to new users... unless you know how to skip the line.

Somewhat surprisingly, it only took iMore a few minutes to find a way to bypass the BBM queue by proxying a device's traffic. After launching the app, BBM will ask you to enter your email address. The app then checks with BlackBerry's servers to see if you're supposed to have access yet. If not, the app will tell you to come back when you've received an email telling you that you've reached the front of the line. There's a button in the app that says "I got the email" which, when tapped, will check with BBM's servers again to see if it's supposed to let you in. Rather than waiting for the email, you can just change the server's response.

Using a proxy like Charles, you can proxy your device's traffic, monitor requests made by BBM, and alter the response returned by the server. In this case, the app makes a request to http://dai.blackberry.com/tag/bbm/whitelist which contains a few pieces of data, including your email address. A response for a user who does not yet have access will look something like this:

{
    "message": "", 
    "result": {
        "count": [some value], 
        "email": [some email address]
    }, 
    "status": "success"
}

The interesting part here is "count". Can you guess what the value of count is for a user who is supposed to have access? If you guess correctly, you win the ability to use the BBM iOS app. If you modify the server's response to have that count value, BBM will let you move on to the account creation screen.

Some of you may be wondering "who would want to go to this trouble to use BlackBerry Messenger?" I honestly don't know, but there you have it. CNET actually published a much easier trick, but users seem to be having mixed luck with it and iMore was not able to reproduce their findings for iOS.

iMore reported the issue to BlackBerry earlier today, and we anticipate a fix in the near future. One solution would be for BlackBerry to add a server-side check to the account creation process, so that when a user submits their new account information, BlackBerry's servers would check on their side to see if you're supposed to have access yet. If you were not supposed to, the account creation would fail on BlackBerry's servers and an error returned to the app. This is how Mailbox patched a very similar vulnerability in their queueing system earlier this year.

Until then, technically savvy users desperate to get on BBM have a way to skip the line.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

6
loading...
0
loading...
85
loading...
0
loading...

← Previously

Researcher continues exploring iCloud security, some media outlets continue to overreact

Next up →

Today's Apple Special Event to be live streamed

Reader comments

Tired of waiting in the BBM for iOS line? Turns out there's a proxy-based skip for that!

26 Comments

How that
I was have blackberry before my iPhone and I entered my id and it's not work yet and still said to me u must wait
What I can do ???

Sent from the iMore App

I started doing the CNET method you mentioned above, but it worked immediately before I could try. Went from create account button straight into making the account. I never received an email either. First time using blackberry.

Maybe I got lucky? Maybe my email decided not to come, but I was still on the list? Either way, I suggest you guys try it anyway.

You will get an email saying that you have to confirm that email address after you created the account. I was able to do this on my HTC One and almost on my iPad mini. I also got the bbm working on my iPhone since I used to have blackberry from 2007-2012. Right now this cnet isn't working anymore...

Sent from the iMore App

I made my account and got to use it right away.. Miss bbm and happy that is back just need everyone else to start using it again and it needs video calling

Took me less than 10 hours to get it. So not that long of a wait.

Sent from the iMore App

I am missing something here? Is this BBM for iOS so important that people are killing themselves to get it!? I just cannot understand how Apple manages to allow millions to upgrade, say from iOS6 to iOS7 without a glitch, while BBM 'dribbles' its app to users.

hardly without a glitch. iTunes Match took a nose-dive the day of the iOS 7 release and remained crippled for almost 2 days afterward. That, and the number of folks who had issues, I would hardly say the iOS 7 release, like every release before it, went "without a glitch." But enjoy the kool-aid.

i signed up in the line closed the app and went back in and it let me sign in. never got any email, then i invited my friends and they bypassed the line.

what do you mean invited your friends? Did they have to set up new account or did they already have one

I've never used BBM, only heard good things about it. Kind of want to try it out. If it only provides the functionality of contacting other people who have BBM then the novelty will quickly wear off for most.

Letting you download the app and then making you wait for an email is really not a great way to put a "new" product out there.

I tried the c|net method a few times, didn't work for me.

I dont get it what do u have to type {
"message": "",
"result": {
"count": [some value],
"email": [some email address]
},
"status": "success"
}
This into .???????????????

This is a poor article set to send users on a wild goose chase. There are no instructions on how to get Charles to act as a proxy for your iPhone and then you have the problem of attempting to sniff the SSL traffic which Charles doesn't do very well and on top of that, you have to fake the response back to the app for that specific request.

Now I am tech savvy and was able to get 90% of the way on this, what makes this guy think that anyone else who isn't technical will have a chance in hell of making this possible?

By the time you get this to work you will probably end up at the front of the queue.

So Nick, how about you post a youtube video of this process from start to finish? or just delete this article!

This article was intended to highlight a weakness in the way BBM's line was implemented. It was never meant to be a tutorial, and I'm sorry if you got that impression.