RIM, etisalat, ’spyware’ row
p2pnet news view | Mobiles:- An ‘update’ issued by UAE telecommunications company Etisalat was spyware, says BlackBerry parent RIM, based in Canada.
“Thirteen days after etisalat issued a patch that was designed to ‘enhance performance’, Research in Motion (RIM) said on Tuesday ‘etisalat appears to have distributed a telecommunications surveillance application’ designed and developed by California-based company SS8′,” says the Khaleej Times.
“The BlackBerry ‘snifferware’, which can intercept emails and drain battery life quickly, was pushed as an update to 145,000 BlackBerry users on the etisalat network,” says the story, going on:
“Over 300 of them immediately complained their smartphone had been rendered useless with the battery dying out on them in less than 60 minutes.
“Etisalat’s update sent to BlackBerry users was ‘not a patch and not a RIM authorised upgrade.’ The etisalat update was sent to users on July 8 as a wide-area protocol (WAP) message. The Java file could intercept data and send a copy to a server without the user’s knowledge.”
Says a July 17 RIM customer update »»»
Recently, Etisalat, a carrier in the United Arab Emirates (UAE), sent an SMS message to a number of their customers informing them of a software patch that was available for BlackBerry smartphones and indicating that the software patch would enhance the performance of the BlackBerry service if it was downloaded and installed on the smartphone. Etisalat included a web link in the SMS message urging these customers to download and install the software.
Etisalat also issued a press release that referred to the software as a BlackBerry Software Upgrade.
RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application.
RIM further confirms, in general terms, that a third party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low level radio communications protocols that would be involved in making such improvements to the communications between a BlackBerry smartphone and a carrier’s network.
In addition, RIM is not aware of any technical network concerns with the performance of BlackBerry smartphones on Etisalat’s network in the UAE. In situations where there is a need to upgrade the firmware on a BlackBerry smartphone to address network performance issues, RIM distributes official BlackBerry software updates through standard channels, including direct downloads from BlackBerry.com and over-the-air software updates using the built in Wireless Upgrade feature of the BlackBerry smartphone. RIM does not use SMS or WAP push as an
official distribution channel for these types of official BlackBerry software updates.
In this case, Etisalat appears to have distributed a telecommunications surveillance application that was designed and developed by SS8. In order to install and successfully run this application, a user would need to click on the link to the web site and then confirm their intent to download the software and provide their explicit authorization for the application to access network resources. Under such circumstances, independent sources have concluded that it is possible that the installed software could then enable unauthorized access to private or confidential information stored on the user’s smartphone.
Note: RIM does not endorse this software application and, if a user installed the software application, it can be subsequently removed from the user’s smartphone as described below.
The update also gives a detailed description of how to remove the ’snifferware’.
Etisalat officials were yesterday expected to meet RIM executives to, “discuss a statement issued by the latter suggesting that etisalat covertly installed surveillance software on its BlackBerry subscribers’ devices,” says the Gulf News, quoting an etisalat spokesperson as saying:
“There is no dispute between us and RIM.”
Khaleej Times – BlackBerry Update, A Surveillance Application: RIM, July 22, 2009
Gulf News – BlackBerry developer to meet with etisalat, July 21, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
July 23rd, 2009 at 3:00 pm
The RCMP has been running similar code for many years, in Canada – I’ve seen discovery documentation from US narcotics smuggling cases that make it 100% clear the much-vaunted “encryption” of the RIMM device is simply a Canadian “Clipper Chip.” That is, it’s closed-source crypto that’s obviously backdoored for easy access by those who have political power – any crypto that’s based on “trust us, it’s great” assurances instead of open code review is all but guaranteed to be used in this way.