Feeds

RIM fights BlackBerry snoop gaffe

Denies involvement in half-baked Etisalat scheme

Choosing a cloud hosting partner with confidence

RIM, maker of the BlackBerry mobile phone, has told the Reg that Etisalat is talking tosh and the BlackBerry remains a secure platform, after the United Arab Emirates operator "patched" the device with surveillance software.

The "patch" which Etisalat sent out last week was actually a surveillance application, designed to make copies of received e-mails, despite the operator's claims that the software was designed to ease 2G to 3G handoffs. RIM has sent The Register a statement making it clear that such an operator-issued application simply could not interact with low-level radio functionality, and that there aren't any problems on Etisalat's network that needed fixing anyway.

RIM's statement is restrained: so restrained that one can hear the sound of gritted teeth between the words: "Etisalat also issued a press release that referred to the software as a BlackBerry Software Upgrade... RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application."

This would seem to fit the bill, as even our quick glance at the application demonstrated it wasn't very well written - certainly not up to RIM's standards. This was borne out by a far-more-detailed analysis from Sheran Gunasekera (pdf) who concluded that code of such a poor quality could only be "mistakenly rolled out or... an early release that was being tested."

RIM is only slightly less damning, in public at least. After all, Etisalat is a RIM customer, and the customer is always right, except when they're lying:

"RIM further confirms, in general terms, that a third party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low level radio communications protocols that would be involved in making such improvements to the communications between a BlackBerry smartphone and a carrier’s network."

Just in case there was any doubt about RIM's position on the installation of spyware onto BlackBerry devices the company has provided a free tool to remove the software. RIM also sent us helpful advice for companies who wish to use the BlackBerry Enterprise Server to check if any of their users' devices have been infected with installed the patch*, along with details of how to prevent users installing such a thing in future.

The Etisalat "patch" was signed, but not by RIM, and users did have to give authorisation for the installation. Most users, however, will trust their network operators. Legal interception is an evolving problem, but it's one that needs open and honest debate, rather than half-arsed attempts at subterfuge: that kind of thing just gets embarrassing for all concerned.

* BES administrators can execute the following query against their BES database in order to determine if any of their users have installed the “Registration” software from Etisalat:

SELECT SyncDeviceMgmt.UserConfigID, SyncDeviceMgmt.ModuleName, UserConfig.PIN, UserConfig.DisplayName FROM SyncDeviceMgmt INNER JOIN UserConfig ON SyncDeviceMgmt.UserConfigID=UserConfig.Id WHERE SyncDeviceMgmt.ModuleName='Registration’

This will provide a list of impacted devices. You can then use this information to contact the relevant users and provide the appropriate removal instructions.

®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.