MobilitySecurityWorkspace

T-Mobile Admits Firmware Error Led To Email Mistake

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

T-Mobile has admitted a configuration mistake led to disruption to secure emails from some customer’s mobile phones

Mobile operator T-Mobile has confirmed that a configuration fault following a firmware upgrade resulted in some of its customers experiencing problems with their secure emails.

The problem came to light after a British security researcher, Mike Cardwell, raised the issue on his blog on 5 January, after he discovered that his secure email traffic was being blocked by what he termed, the ‘Great Firewall of T-Mobile.’

Odd Traffic

“T-Mobile UK are moving towards a mobile network which works (technically) in a very similar manner to the Great Firewall of China,” he wrote. “I’ve been using them for mobile Internet access for over a year now, and recently received a second SIM card. When using this new SIM card for Internet access, I’ve experienced some very odd network traffic.”

Cardwell went on to describe how both his SIM cards are PAYG (pay as you go), and that both have had their default content block removed. “I do not know why they behave differently, but it seems like T-Mobile may be in the middle of rolling out some related changes,” he said.

Cardwell said that while web browsing, SSH and IMAP seemed to work fine, he said there was a problem with his SSL (Secure Sockets Layer) connection when using T-Mobile’s mobile network.

SSL is a commonly-used protocol for managing the security of a message transmission on the Internet.

Port 465 and 587

“I run my own Linux server, and self-host several services. I use SSL whenever possible. If I connect to my mail submission service with immediate encryption on port 465, T-Mobile instantly sends a spoofed RST TCP packet to both my server and my client in order to disrupt/disconnect the connection,” wrote Cardwell. “I ran tcpdump on both ends of the connection to verify that this was happening. They also do the same for mail submission port 587. This time, they let you connect, but as soon as you send a STARTTLS command, the RST packets appear, and the connection drops. This isn’t just for my mail server, I experienced the same problems using smtp.gmail.com as well.”

Cardwell pointed out that someone had previously raised the same issue on the T-Mobile forums back in November 2011. He has subsequently said that the block on port 587 had now been removed, but he is still experiencing problems with port 465.

Cardwell also said that his VPN (virtual private network) connection was being blocked, but T-Mobile has denied this has anything to do with them.

Techweek Europe understands that all new mobile broadband offerings and mobile packages from T-Mobile that come with inclusive data, do allow the use of VPN. However, customers who breach its fair use policy will be blocked for VPN usage.

T-Mobile Statement

“We would like to reassure our customers that we do not use our network to access the content of their emails nor are we doing anything that would jeopardise their data security,” a T-Mobile spokesperson told Techweek Europe in an emailed statement.

“Following a firmware upgrade we were made aware of a fault by a small number of our customers in December,” the spokesperson added. “This fault was mistakenly preventing certain smtp traffic. We have worked with our supplier to fix this issue and it has now been resolved. A small number of customers will have been affected by this error and we apologise for any inconvenience caused to them.”

“The majority of our customers are able to access VPN’s providing the proposition they have bought has been set up in this way,” T-Mobile said. “Customers requiring VPN access can check with us before making a purchase, all details will also be included in the terms and conditions.”

Email Concerns

There is a great deal of sensitivity regarding emails, and possible interference in their transmission by ISPs.

In March 2011, former cyber security minister Lord West warned the government it must do more to stop ISPs snooping on private emails. He said that it was currently too easy for ISPs to disregard existing rules which state that ISPs must ask user permission before reading private emails.

In March last year Microsoft found itself in hot water after it turned off HTTPS access for Hotmail in some countries, leaving emails open to interception.