Feeds

BlackBerry update bursting with spyware

Official snooping suspected in UAE

Build a business case: developing custom apps

An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.

Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.

It was, it seems, the battery issue that alerted users to something being wrong. Closer examination (as reported by itp.net) seems to indicate that all instances of the application were expected to register with a central server, which couldn't cope with the traffic - thus forcing all the instances to repeatedly attempt to connect while draining the battery. A more phased reporting system might have escaped detection completely.

The update is labelled: "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality." The signed JAR file, when opened, reveals an application housed in a directory named "/com/ss8/interceptor/app", which conforms to the Java standard for application trees to be named the reverse of the author's URL. ("Interceptor" isn't the subtlest name for spyware, though.)

SS8, however, does author applications of exactly this type, and further reverse-engineering of the Java app shows code capable of intercepting messages and copying them to remote servers - a process that starts once a trigger message (containing the word "start" and originating from a specific number) has been received.

No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

While text messages and phone calls are usually more easily intercepted at the network operator, the BlackBerry architecture doesn't lend itself to that kind of legally-authorised interception, which has caused problems in several other countries. It seems probable that this application was an attempt by the authorities to circumvent that architecture, and it will be interesting to see if a similar application appears on competing UAE operators.

That's assuming anyone notices - the application could have been missed entirely. Once it was installed and registered with the server it would have lain dormant until the operator decided to activate it, presumably only on a few phones owned by people of particular interest to the authorities.

Hopefully punters will be a little more careful when considering a downloaded update, although it's possible the operators may in turn get a little better at hiding it. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.