Feeds

RIM fights BlackBerry snoop gaffe

Denies involvement in half-baked Etisalat scheme

5 things you didn’t know about cloud backup

RIM, maker of the BlackBerry mobile phone, has told the Reg that Etisalat is talking tosh and the BlackBerry remains a secure platform, after the United Arab Emirates operator "patched" the device with surveillance software.

The "patch" which Etisalat sent out last week was actually a surveillance application, designed to make copies of received e-mails, despite the operator's claims that the software was designed to ease 2G to 3G handoffs. RIM has sent The Register a statement making it clear that such an operator-issued application simply could not interact with low-level radio functionality, and that there aren't any problems on Etisalat's network that needed fixing anyway.

RIM's statement is restrained: so restrained that one can hear the sound of gritted teeth between the words: "Etisalat also issued a press release that referred to the software as a BlackBerry Software Upgrade... RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application."

This would seem to fit the bill, as even our quick glance at the application demonstrated it wasn't very well written - certainly not up to RIM's standards. This was borne out by a far-more-detailed analysis from Sheran Gunasekera (pdf) who concluded that code of such a poor quality could only be "mistakenly rolled out or... an early release that was being tested."

RIM is only slightly less damning, in public at least. After all, Etisalat is a RIM customer, and the customer is always right, except when they're lying:

"RIM further confirms, in general terms, that a third party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low level radio communications protocols that would be involved in making such improvements to the communications between a BlackBerry smartphone and a carrier’s network."

Just in case there was any doubt about RIM's position on the installation of spyware onto BlackBerry devices the company has provided a free tool to remove the software. RIM also sent us helpful advice for companies who wish to use the BlackBerry Enterprise Server to check if any of their users' devices have been infected with installed the patch*, along with details of how to prevent users installing such a thing in future.

The Etisalat "patch" was signed, but not by RIM, and users did have to give authorisation for the installation. Most users, however, will trust their network operators. Legal interception is an evolving problem, but it's one that needs open and honest debate, rather than half-arsed attempts at subterfuge: that kind of thing just gets embarrassing for all concerned.

* BES administrators can execute the following query against their BES database in order to determine if any of their users have installed the “Registration” software from Etisalat:

SELECT SyncDeviceMgmt.UserConfigID, SyncDeviceMgmt.ModuleName, UserConfig.PIN, UserConfig.DisplayName FROM SyncDeviceMgmt INNER JOIN UserConfig ON SyncDeviceMgmt.UserConfigID=UserConfig.Id WHERE SyncDeviceMgmt.ModuleName='Registration’

This will provide a list of impacted devices. You can then use this information to contact the relevant users and provide the appropriate removal instructions.

®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton EXPOSED in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.