Feeds

BlackBerry update bursting with spyware

Official snooping suspected in UAE

Build a business case: developing custom apps

An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.

Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.

It was, it seems, the battery issue that alerted users to something being wrong. Closer examination (as reported by itp.net) seems to indicate that all instances of the application were expected to register with a central server, which couldn't cope with the traffic - thus forcing all the instances to repeatedly attempt to connect while draining the battery. A more phased reporting system might have escaped detection completely.

The update is labelled: "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality." The signed JAR file, when opened, reveals an application housed in a directory named "/com/ss8/interceptor/app", which conforms to the Java standard for application trees to be named the reverse of the author's URL. ("Interceptor" isn't the subtlest name for spyware, though.)

SS8, however, does author applications of exactly this type, and further reverse-engineering of the Java app shows code capable of intercepting messages and copying them to remote servers - a process that starts once a trigger message (containing the word "start" and originating from a specific number) has been received.

No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

While text messages and phone calls are usually more easily intercepted at the network operator, the BlackBerry architecture doesn't lend itself to that kind of legally-authorised interception, which has caused problems in several other countries. It seems probable that this application was an attempt by the authorities to circumvent that architecture, and it will be interesting to see if a similar application appears on competing UAE operators.

That's assuming anyone notices - the application could have been missed entirely. Once it was installed and registered with the server it would have lain dormant until the operator decided to activate it, presumably only on a few phones owned by people of particular interest to the authorities.

Hopefully punters will be a little more careful when considering a downloaded update, although it's possible the operators may in turn get a little better at hiding it. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?