Feeds

BlackBerry snoopers can explain everything

Etisalat downloads smoke and mirrors

Secure remote control for conventional and virtual desktops

Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility.

But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question.

The patch, which was sent out earlier this week, includes a file called Registration.jar, which appears to emanate from snooping-software specialist SS8. Registration.jar includes Java code clearly intended to intercept and make copies of received e-mail and text messages, despite assurances from Etisalat that the package is "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas".

Users first noticed suspicious activity when their BlackBerrys started experiencing heavy battery drain, which Etisalat attributes to "a slight technical fault while upgrading the software of these devices". Security researchers claim it's actually down to the snooping software repeatedly trying to register with a central server. The statement from Etisalat also claims that users experiencing problems - the operator admits to receiving 300 complaints - can dial 101 to have the upgrade reversed.

That may well be true: the software Etisalat is distributing isn't supposed to be reporting on every user. It is designed to be remotely triggered on specific handsets, before commencing its task of copying off that customer's messages to servers within the network operator.

The Register has been taking a look at Registration.jar, suitably decompiled, and Java developers might be interested in this snippet:

public void messagesAdded(FolderEvent fevent)
  {
  sentmsg++;
  if(fevent.getType() == 1)
  {
    Message msg = fevent.getMessage();
    try
    {
    String subject = msg.getSubject();
    if(subject != null && (subject.indexOf("I: response") != -1 || subject.indexOf("I:FW:") != -1))
     return;
    }
    catch(Exception e) { }
    MsgOut msgout = new MsgOut(log, this, msg, true);
    msgout.start();
    } else
      if(fevent.getType() != 2);
    }

...which is clearly related to roaming between 2G and 3G networks. Or this section, which (at a glance) would appear to be code devoted to removing received instructions (originating from "Customer Services") before the user gets a chance to see them:

if (fpin != null && fnam != null
&& fpin.equalsIgnoreCase("Customer Service")
  && fnam.equalsIgnoreCase("Customer Service")
  && cmds.msgIsPIN(msg)) {
  String body = msg.getBodyText();
  try {
    msg.getFolder().deleteMessage(msg, true);
  } catch (Exception exception) {
    /* empty */
  }

...but that can't be true, so it's obviously about enhancing network coverage.

Remotely installing spyware on users' handsets is one thing, but we would expect the snoops to at least obfuscate their code, not to mention that Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.

Etisalat reckons they have 145,000 BlackBerry users, which means that 105,000 of them (who didn't complain) may have got this snooping software installed and running, ready to receive that coded command to start intercepting messages when someone decides they're worth watching. ®

5 things you didn’t know about cloud backup

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM
Networks' main issue: they don't know how it works, says expert
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.