Feeds

RIM fights BlackBerry snoop gaffe

Denies involvement in half-baked Etisalat scheme

Secure remote control for conventional and virtual desktops

RIM, maker of the BlackBerry mobile phone, has told the Reg that Etisalat is talking tosh and the BlackBerry remains a secure platform, after the United Arab Emirates operator "patched" the device with surveillance software.

The "patch" which Etisalat sent out last week was actually a surveillance application, designed to make copies of received e-mails, despite the operator's claims that the software was designed to ease 2G to 3G handoffs. RIM has sent The Register a statement making it clear that such an operator-issued application simply could not interact with low-level radio functionality, and that there aren't any problems on Etisalat's network that needed fixing anyway.

RIM's statement is restrained: so restrained that one can hear the sound of gritted teeth between the words: "Etisalat also issued a press release that referred to the software as a BlackBerry Software Upgrade... RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application."

This would seem to fit the bill, as even our quick glance at the application demonstrated it wasn't very well written - certainly not up to RIM's standards. This was borne out by a far-more-detailed analysis from Sheran Gunasekera (pdf) who concluded that code of such a poor quality could only be "mistakenly rolled out or... an early release that was being tested."

RIM is only slightly less damning, in public at least. After all, Etisalat is a RIM customer, and the customer is always right, except when they're lying:

"RIM further confirms, in general terms, that a third party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low level radio communications protocols that would be involved in making such improvements to the communications between a BlackBerry smartphone and a carrier’s network."

Just in case there was any doubt about RIM's position on the installation of spyware onto BlackBerry devices the company has provided a free tool to remove the software. RIM also sent us helpful advice for companies who wish to use the BlackBerry Enterprise Server to check if any of their users' devices have been infected with installed the patch*, along with details of how to prevent users installing such a thing in future.

The Etisalat "patch" was signed, but not by RIM, and users did have to give authorisation for the installation. Most users, however, will trust their network operators. Legal interception is an evolving problem, but it's one that needs open and honest debate, rather than half-arsed attempts at subterfuge: that kind of thing just gets embarrassing for all concerned.

* BES administrators can execute the following query against their BES database in order to determine if any of their users have installed the “Registration” software from Etisalat:

SELECT SyncDeviceMgmt.UserConfigID, SyncDeviceMgmt.ModuleName, UserConfig.PIN, UserConfig.DisplayName FROM SyncDeviceMgmt INNER JOIN UserConfig ON SyncDeviceMgmt.UserConfigID=UserConfig.Id WHERE SyncDeviceMgmt.ModuleName='Registration’

This will provide a list of impacted devices. You can then use this information to contact the relevant users and provide the appropriate removal instructions.

®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.