Feeds

BlackBerry update bursting with spyware

Official snooping suspected in UAE

Choosing a cloud hosting partner with confidence

An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.

Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.

It was, it seems, the battery issue that alerted users to something being wrong. Closer examination (as reported by itp.net) seems to indicate that all instances of the application were expected to register with a central server, which couldn't cope with the traffic - thus forcing all the instances to repeatedly attempt to connect while draining the battery. A more phased reporting system might have escaped detection completely.

The update is labelled: "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality." The signed JAR file, when opened, reveals an application housed in a directory named "/com/ss8/interceptor/app", which conforms to the Java standard for application trees to be named the reverse of the author's URL. ("Interceptor" isn't the subtlest name for spyware, though.)

SS8, however, does author applications of exactly this type, and further reverse-engineering of the Java app shows code capable of intercepting messages and copying them to remote servers - a process that starts once a trigger message (containing the word "start" and originating from a specific number) has been received.

No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

While text messages and phone calls are usually more easily intercepted at the network operator, the BlackBerry architecture doesn't lend itself to that kind of legally-authorised interception, which has caused problems in several other countries. It seems probable that this application was an attempt by the authorities to circumvent that architecture, and it will be interesting to see if a similar application appears on competing UAE operators.

That's assuming anyone notices - the application could have been missed entirely. Once it was installed and registered with the server it would have lain dormant until the operator decided to activate it, presumably only on a few phones owned by people of particular interest to the authorities.

Hopefully punters will be a little more careful when considering a downloaded update, although it's possible the operators may in turn get a little better at hiding it. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.