Feeds

BlackBerry update bursting with spyware

Official snooping suspected in UAE

Boost IT visibility and business value

An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.

Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.

It was, it seems, the battery issue that alerted users to something being wrong. Closer examination (as reported by itp.net) seems to indicate that all instances of the application were expected to register with a central server, which couldn't cope with the traffic - thus forcing all the instances to repeatedly attempt to connect while draining the battery. A more phased reporting system might have escaped detection completely.

The update is labelled: "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality." The signed JAR file, when opened, reveals an application housed in a directory named "/com/ss8/interceptor/app", which conforms to the Java standard for application trees to be named the reverse of the author's URL. ("Interceptor" isn't the subtlest name for spyware, though.)

SS8, however, does author applications of exactly this type, and further reverse-engineering of the Java app shows code capable of intercepting messages and copying them to remote servers - a process that starts once a trigger message (containing the word "start" and originating from a specific number) has been received.

No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

While text messages and phone calls are usually more easily intercepted at the network operator, the BlackBerry architecture doesn't lend itself to that kind of legally-authorised interception, which has caused problems in several other countries. It seems probable that this application was an attempt by the authorities to circumvent that architecture, and it will be interesting to see if a similar application appears on competing UAE operators.

That's assuming anyone notices - the application could have been missed entirely. Once it was installed and registered with the server it would have lain dormant until the operator decided to activate it, presumably only on a few phones owned by people of particular interest to the authorities.

Hopefully punters will be a little more careful when considering a downloaded update, although it's possible the operators may in turn get a little better at hiding it. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?