T-Mobile snafu inspires email interception claims


A T-Mobile gaffe has led to claims the company was intercepting customers' secure email correspondence.

Customers had complained of not being able to send TLS-secured SMTP email over T-Mobile 3G.

One user noted in a forum in November that when connected to Wi-Fi, emails were sent instantaneously. Despite T-Mobile support teams attempting to solve the issue, the affected user continued having issues.

We have worked with our supplier to fix this issue and it has now been resolved.

T-Mobile has revealed a botched firmware upgrade was to blame.

"We would like to reassure our customers that we do not use our network to access the content of their emails nor are we doing anything that would jeopardise their data security," a T-Mobile spokesperson said.

"Following a firmware upgrade we were made aware of a fault by a small number of our customers in December. This fault was mistakenly preventing certain SMTP traffic. We have worked with our supplier to fix this issue and it has now been resolved. A small number of customers will have been affected by this error and we apologise for any inconvenience caused to them."

A T-Mobile spokesperson said the firmware upgrade took place in September.

T-Mobile blocks certain traffic, such as spam and blacklisted websites typically coming through unauthenticated SMTP. The vendor claimed it was attempting to continue blocking such traffic.

Nevertheless, the mistake was not fixed for between three to four months.

VPN issues?

Web developer and security researcher Mike Cardwell complained about the SMTP traffic blocking earlier this month, but also claimed he was unable to access his VPN via his phone.

"With the new SIM, no matter which port I configure OpenVPN on, the RST [reset] packets appear. IMAP over SSL on port 993 works fine, but if I switch that off and configure OpenVPN to listen on port 993, it is blocked," Cardwell said in a blog post.

"So the blocks aren't even port based. They've got some really low level deep packet inspection technology going on here."

However, T-Mobile said it had not seen any issues with VPN access.

"The majority of our customers are able to access VPN's providing the proposition they have bought has been set up in this way," the spokesperson added.

"Customers requiring VPN access can check with us before making a purchase, all details will also be included in the terms and conditions."

All customers who breach the fair use policy will be blocked for VPN usage, T-Mobile said.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.