Feeds

RIM fights BlackBerry snoop gaffe

Denies involvement in half-baked Etisalat scheme

Choosing a cloud hosting partner with confidence

RIM, maker of the BlackBerry mobile phone, has told the Reg that Etisalat is talking tosh and the BlackBerry remains a secure platform, after the United Arab Emirates operator "patched" the device with surveillance software.

The "patch" which Etisalat sent out last week was actually a surveillance application, designed to make copies of received e-mails, despite the operator's claims that the software was designed to ease 2G to 3G handoffs. RIM has sent The Register a statement making it clear that such an operator-issued application simply could not interact with low-level radio functionality, and that there aren't any problems on Etisalat's network that needed fixing anyway.

RIM's statement is restrained: so restrained that one can hear the sound of gritted teeth between the words: "Etisalat also issued a press release that referred to the software as a BlackBerry Software Upgrade... RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application."

This would seem to fit the bill, as even our quick glance at the application demonstrated it wasn't very well written - certainly not up to RIM's standards. This was borne out by a far-more-detailed analysis from Sheran Gunasekera (pdf) who concluded that code of such a poor quality could only be "mistakenly rolled out or... an early release that was being tested."

RIM is only slightly less damning, in public at least. After all, Etisalat is a RIM customer, and the customer is always right, except when they're lying:

"RIM further confirms, in general terms, that a third party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low level radio communications protocols that would be involved in making such improvements to the communications between a BlackBerry smartphone and a carrier’s network."

Just in case there was any doubt about RIM's position on the installation of spyware onto BlackBerry devices the company has provided a free tool to remove the software. RIM also sent us helpful advice for companies who wish to use the BlackBerry Enterprise Server to check if any of their users' devices have been infected with installed the patch*, along with details of how to prevent users installing such a thing in future.

The Etisalat "patch" was signed, but not by RIM, and users did have to give authorisation for the installation. Most users, however, will trust their network operators. Legal interception is an evolving problem, but it's one that needs open and honest debate, rather than half-arsed attempts at subterfuge: that kind of thing just gets embarrassing for all concerned.

* BES administrators can execute the following query against their BES database in order to determine if any of their users have installed the “Registration” software from Etisalat:

SELECT SyncDeviceMgmt.UserConfigID, SyncDeviceMgmt.ModuleName, UserConfig.PIN, UserConfig.DisplayName FROM SyncDeviceMgmt INNER JOIN UserConfig ON SyncDeviceMgmt.UserConfigID=UserConfig.Id WHERE SyncDeviceMgmt.ModuleName='Registration’

This will provide a list of impacted devices. You can then use this information to contact the relevant users and provide the appropriate removal instructions.

®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.