Forgot your password?
typodupeerror
Privacy Cellphones Communications

Spyware In BlackBerry Updates For Users in the UAE 116

Posted by timothy
from the this-could-happen-in-$yourcountry-too dept.
mulaz writes with this excerpt from The Register: "An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life. Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain."
This discussion has been archived. No new comments can be posted.

Spyware In BlackBerry Updates For Users in the UAE

Comments Filter:
  • by Anonymous Coward on Wednesday July 15, 2009 @04:24PM (#28707799)

    c'mon real time backup, can't beat that.

  • " as well as crippling battery life." is not the same as "a slightly excessive battery drain."
    • by gEvil (beta) (945888) on Wednesday July 15, 2009 @04:28PM (#28707853)
      " as well as crippling battery life." is not the same as "a slightly excessive battery drain."

      It's slightly crippling?
      • by idontgno (624372)

        You can make the argument, by analogy, that "a slightly excessive gunshot wound to the kneecap" is "crippling."

        Nothing to see here. Move along, Slashcitizen.

    • " as well as crippling battery life." is not the same as "a slightly excessive battery drain."

      A little to quick to post something?

      Main Entry: cripple [reference.com]
      Part of Speech: verb
      Definition: hinder action, progress
      Synonyms: bring to standstill, cramp, damage, destroy, halt, hamstring, impair, put out of action, ruin, spoil, stifle, vitiate

      So, you're saying that extra battery drain doesn't impair battery life?

      • Common usage of crippling implies grave impairment. You don't call a guy with a sore finger crippled, for example. Pretending that using a word is fine just because the dictionary says it means the same thing as another while blatantly ignoring common usage is disingenuous at best.

        • But common usage in the tech field implies any functional impairment that's not intrinsic. Like software or hardware with features turned off [wikipedia.org]. If Google Earth doesn't give me all implemented features without making me pay for them [google.com], then it's crippled. It doesn't matter that I don't care much about the features I'm missing. Similarly, if an update reduces battery life by 10%, then the update cripples battery life.

  • UAE - no surprise (Score:5, Interesting)

    by Torontoman (829262) on Wednesday July 15, 2009 @04:31PM (#28707889)
    As far as non-north-american countries go - the UAE is very progressive. But a former client of mine who spent 8 yrs there working in administration pointed out - "in North America we are an odd country and culture - we simply take it as the norm that nobody will listen to us. That level of privacy is not the norm, it's unusual" He was in a senior healthcare position and essentially knew as a foreigner in a position of influence that he would be monitored regularly if not constantly.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      "As far as non-north-american countries go - the UAE is very progressive"
      Hahahahaha, ahem, sorry I mean LOL. Are you serious?
      What's so "progressive" about north american countries? Different isn't better per se.
      "in North America we are an odd country and culture - we simply take it as the norm that nobody will listen to us"
      That's at least a generalisation, and some might say naive.
      "a foreigner in a position of influence that he would be monitored regularly if not constantly."
      Yes, that would never happen in

      • Re:UAE - no surprise (Score:4, Informative)

        by Anonymous Coward on Wednesday July 15, 2009 @05:22PM (#28708495)

        "As far as non-north-american countries go - the UAE is very progressive" Hahahahaha, ahem, sorry I mean LOL. Are you serious? What's so "progressive" about north american countries? Different isn't better per se. "in North America we are an odd country and culture - we simply take it as the norm that nobody will listen to us" That's at least a generalisation, and some might say naive. "a foreigner in a position of influence that he would be monitored regularly if not constantly." Yes, that would never happen in north America.

        Where shall I start? Women's Rights Minority Rights Freedom of Assembly Voting And this is just for starters. The UAE is very progressive, in comparison to other Middle Eastern countries, but still many decades behind the "decadent" West.

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          Where shall I start?
          The death penalty, no social security, no basic healthcare, the gun and the bible.
          And this is just for starters. The USA is very progressive, in comparison to other American countries, but still many decades behind the "decadent" Europeans.

          See, there's no truth, only peception.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            Where shall I start?
            The death penalty, no social security, no basic healthcare, the gun and the bible.
            And this is just for starters. The USA is very progressive, in comparison to other American countries, but still many decades behind the "decadent" Europeans.

            See, there's no truth, only peception.

            -Death Penalty: All countries have this, just not for the same crimes. Try committing treason in most places and see what that gets you, and Genocide is punishable by death in pretty much any country that doesn't have general Death Penalty. I'm not saying the US is right, but don't try to pretend your country won't kill someone if they feel they have just cause.

            - Social Security: Umm, yes we do have that.

            - Healthcare: Again, we do have that, through Medicaid and multiple other programs. We just don't have o

            • Australia (Score:2, Insightful)

              by Anonymous Coward

              Death Penalty, no we dont have it for any crime, this is the touchstone for the difference between civilised countries and others. Only uncivilised countries have the death penalty.

              Socail security- You dont have a proper social security system compared with other countries.

              Health Care-The US does not have universal health care but spends more than countries that do, quite an achievement.

              The Gun- As much a religion to some in the US as the bible, we got rid of most of the guns in our society and we have no r

              • The Federal act abolishing the death penalty is one of the most accessible pieces of legislation I've had the pleasure to read:

                DEATH PENALTY ABOLITION ACT 1973 - SECT 4
                Abolition of death penalty
                A person is not liable to the punishment of death for any offence.

          • Re: (Score:2, Troll)

            by BlackSnake112 (912158)

            So you expect the government to provide everything to you?

            I always thought if you wanted something you worked towards getting it.
            You want good health care, you pay for it.
            You want a fancy car, you pay for it.
            You want a good retirement, you pay for it.

            If you do not cover your own ass, you are stuck. It is hard and cold, but it is reality. Do I expect the government to give me health care, no. The social security check will be less then the stamp it took to get it to me at the rate it is going. I am not count

            • by Miseph (979059)

              So you'd rather spend more money on inferior health care than have the government pay the bill for you (with, ultimately, your money)? We don't have the best health care in the world, we do have the most expensive. Seems like strong evidence that an inefficient government might be worse at bilking you than an extremely efficient for-profit corporation. If you want to pay for your health care out of pocket, that's great, but don't drag those of us without a masochistic streak down with you.

            • Re: (Score:1, Insightful)

              by Anonymous Coward

              You want good health care, you pay for it.
              You want a fancy car, you pay for it.
              You want a good retirement, you pay for it.

              You want police protection, you pay for it.
              You want fire coverage, you pay for it.

              Oh wait...

          • Bullshit (Score:1, Insightful)

            by Anonymous Coward

            "No basic healthcare"? Sorry, fucktard, anyone who's sick can go to the ER and get treated. There is basic health care. "The gun and the bible". I understand that this whole "freedom of religion" thing pisses you off, as you'd like to force everyone to be an atheist. That's really fucking progressive. Perhaps you forgot the point of the gun. The gun is so that the government doesn't become like the European governments they left 250 years ago. So the government doesn't become like Hitler's Germany or Stalin

            • Re:Bullshit (Score:4, Informative)

              by tolan-b (230077) on Wednesday July 15, 2009 @07:14PM (#28709951)

              > By the way, I know how healthcare works in Europe.
              > "Oh, you have insurance, come ahead now." Maybe
              > Greece and Italy aren't part of Europe, but your
              > universal healthcare seems to be a case of some
              > pigs are more equal.

              Eh? Can't comment on anywhere else, but in the UK having insurance makes no difference to your treatment in the NHS. It means you can go to a private provider, but it makes no difference to your NHS provision.

              • by nixman99 (518480)
                Can't comment on anywhere else, but in the UK having insurance makes no difference to your treatment in the NHS. It means you can go to a private provider, but it makes no difference to your NHS provision.

                I'm a Yank who spent nine years in Britain. After the first couple of years on the NHS, we gave up and went private for just about everything. As an example, my son needed three different operations. Each time we were told it was a six month wait on the NHS; we went private and were able to schedule
            • by JSlope (1180805)
              I remember a USSR joke from the time of Perestroyka:
              An American and a Russian meet and American says:
              - What about your freedoms, I for example can go in front of the White House and cry that American President is an idiot.
              Russian answers:
              - I also can go to the Red Square and cry that... American President is an idiot.
            • by Teun (17872)
              Your reasoning about not wanting to go back to the type of government your forefathers left when they set up the USofA is correct.

              But fail at seeing the present Europeans have also thrown out their feudal overlords.

              And contrary to the US we here in Europe have not replaced them by commercial interests but instead prefer society as a whole to take care of the weak.
              As a matter of fact the majority of Europeans are quite upset about the lack of compassion your system displays.

              The European Union is a very

    • by Dan667 (564390)
      I would not call that progressive, I would call that oppressive.
    • Re:UAE - no surprise (Score:5, Informative)

      by julian67 (1022593) on Wednesday July 15, 2009 @05:38PM (#28708687)
      Yes it's so progressive that every new car comes with a tracking device built in so the govt always knows where you're driving. It also knows when you go to fast. They have this amzing system whereby if you drive over the speed limit a siren sounds in your car and gets louder and louder until you slow down to within the limit. Driving around Dubai you'll be passed by speeding cars with a terrible wailing siren sounding out over the terrible bass heavy music. These drivers are Emiratis, locals (70% of the population is foreign workers). They won't have to pay the fine so as long as they can stand the noise they'll drive as fast as they like. It's a bizarre phenomenon. It's absolutely no surprise that the state monopoly telco would also like access to all your communications whatever device you use. Skype is banned, and tor is blocked and using any privacy enhancing encryption leads not to the unfettered web but to the court house. Also progressive: jail time for sex outside of marriage, deportation with no notice if your boss withdraws your work permit and so on. I guess it looks progressive next to Saudi, but mostly it isn't progressive, only rich.
      • A cousin of mine lived there in the early 90s. He said that the speeding buzzer was there to remind the locals to turn up the radio ;)
      • Re: (Score:2, Interesting)

        by the 9a3eedi (1068628)
        I dunno, some parts of your comments seem rather exaggerated. First off, Emaratis HAVE to pay speeding fines. I know that because I'm an Emarati myself. And no, we dont get some special discount. We might be able to get away with it because we know where all the traffic radars are and so we slow down just in time :P There isn't any "siren" implanted in our cars. It's just the standard "bell" that comes out from the car when you go above 120km/h . I really don't think it's due to a government regulation, b
        • by imtheguru (625011)

          we know where all the traffic radars are and so we slow down just in time

          Do not try this in your Pajero: Over 250kmph, the cameras usually don't register a passing vehicle.

          It's just the standard "bell" that comes out from the car when you go above 120km/h . I really don't think it's due to a government regulation, but it's probably dependant on the car itself.

          It is not from the car manufacturer.

          • It isn't?
            My father once imported a car from Japan (a Nissan '87), and it had a (rather cute) chime that went off after 100km/h. Later on, we had a Toyota, and that too had a chime (that one sounded horrendous), which off after 120km/h. I have noticed that chime in other Japanese model too.
            I think it comes standard with all Japanese cars, atleast.

            • by elrous0 (869638) *
              It certainly didn't come standard on MY Toyota. My car won't even beep when I've left the lights on by mistake.
            • by RangerElf (32760)

              Really, I've never seen any car, in México or in the US, with a "chime" that went off over a certain speed.

              This has to be some kind of requirement specific to the UAE.

        • by julian67 (1022593)
          Sometimes tor works, sometimes not. Sometimes p2p networks are acessible, sometimes not. Why is Skype and other internet telephony forbidden? It gives users access to encrypted communication and threatens Etisilat's monopolistic pricing. Why does the Blackberry get a UAE specific update? To disallow encrypted communication. I can't work out why flickr is blocked ....
          • Re: (Score:2, Interesting)

            by the 9a3eedi (1068628)
            P2P networks like Bittorrent and Gnutella always work with me. Never had any problems with it. And if tor doesn't work, I really think it's tor's fault, and not the ISP. Tor is encrypted, isn't it impossible for the ISP to "block" it?

            Apparently, VoIP services aren't completely blocked. It's just the ones that allow you to do cheap PC-to-Phone calls that are blocked, as it would kindof interfere with Etisalat's revenue. However, things like SIP and Google Talk, where it's just PC-to-PC works perfectly fi
            • by julian67 (1022593)

              tor can be blocked if you can stop the initial connection to a tor node or can block tor's directory servers. This is something like playing whack-a-mole but it can be done and was in the past. I haven't been in UAE for a couple of years so perhaps they got bored of chasing their own tails. The other approach for a govt to take is to run tor exit nodes themselves and capture the traffic as it exits unencrypted, which doesn't give you both sides of an exchange but does give you a nice starting point for id

      • by Johnno74 (252399)

        You sure that this "siren" is infact caused by speeding?

        I was in egypt a few years ago, and all the taxi drivers and most of the locals had installed a "manual override" switch on their dash for the car alarm. Basically they would flick the switch so the alarm would start howling, then they would drive like complete nutbars. Stuck behind a truck? Simple, your driver would flick the switch, honk their horn and flash their lights as quickly as possible and just pull out into oncoming traffic.

        As far as I c

        • by julian67 (1022593)

          Yes am sure :-) It's there to make your brain scream when you drive too fast. I was fairly amazed by it....had just arrived, my partner was living there and picked me up from the airport when this big SUV came screaming past with music *blasting* and an amazing and very non-musical noise accompanied it. She explained what it was, I didn't believe her so she put her foot down and gave me a demo. I'd been living in Bangkok before so for a noise to surprise me it really had to have an impact. Like someone el

    • As far as non-north-american countries go - the UAE is very progressive.

      [Citation needed]

      The reason I'm asking is because I've known several people who've worked in embassies over there, and this is not what they've told me about it.

    • by pirhana (577758)
      > As far as non-north-american countries go - the UAE is very progressive

      Could you please tell me what do you mean by "Progressive" ? . Coz, I have been living in many countries of Middle East for years and this includes UAE also and they all are same more or less. Like other countries, UAE has the following,

      -- Family dictatorships which have absolute control about every element of the society and economy.
      -- No Democracy in any tangible meaning of that term
      -- Absolutely no freedom of expression(UAE does
    • As far as non-north-american countries go - the UAE is very progressive.

      A statement that could only come from someone with basically no international experience or knowledge. UAE is as progressive as the Salem Witch Trials. The only reason people even notice it is because it's more progressive than neighbours like Saudi Arabia, which are among the most oppressive/regressive/big-messive in the world. This has allowed the Emirates to emerge as a more comfortable destination for regional oil money.

      Further hi

    • Yes, UAE is very [independent.co.uk] progressive. Anybody who chooses to expatriate and live in such a slave-state really can't complain if things go against them after a time. I would never trust a contract to work in Dubai, not only because it would violate my own moral code, but because anybody who chooses to live there is probably not someone I should trust.
  • How slightly? (Score:5, Informative)

    by damn_registrars (1103043) <damn.registrars@gmail.com> on Wednesday July 15, 2009 @04:31PM (#28707891) Homepage Journal

    slightly excessive battery drain

    As a crackberry user myself, I can tell you that sometimes a change in battery life isn't even something I would worry much about. Considering the number of applications that many of us have on our 'berries, the number we have in the background at any given time, and the amount we use the applications in the foreground, a noticeable shift in battery life between Tuesday and Wednesday might not be considered abnormal. I know there are people who just charge every night religiously because they always want to start with a full battery in the morning; if they ended at 45% instead of 55% they might not think anything of it as long as their charge made it to the end of the day.

    On the other hand if they normally end at 45% and now they don't make it through the day, they would likely notice that.

    • Also, I doubt that anyone would think it was software, most people would shrug and think that their battery was wearing out and get a new battery or BlackBerry.
    • by Hadlock (143607)

      I know if I leave google maps on in the background on my blackberry, the batter life is pretty much cut in half. I notice that pretty quickly.

  • Why would the carrier need to route messages and data coming through their systems *back* to their systems to read them? They are, after all, the carrier of all this data in the first place. Why can't they just sniff around in it in the middle?

    Something smells fishy.
    • by guruevi (827432) <evi@smo k i n g c ube.be> on Wednesday July 15, 2009 @04:53PM (#28708133) Homepage

      Supposedly, e-mail between the company's server and the device is encrypted (although at one time, there were some protests to using Blackberries because the messages pass through RIM's servers which were located somewhere in Canada - I don't know if that's still the case).

    • by cvolny (1583581) on Wednesday July 15, 2009 @04:57PM (#28708177)
      From the Register: "While text messages and phone calls are usually more easily intercepted at the network operator, the BlackBerry architecture doesn't lend itself to that kind of legally-authorised interception, which has caused problems in several other countries. It seems probable that this application was an attempt by the authorities to circumvent that architecture, and it will be interesting to see if a similar application appears on competing UEA operators."
  • So I am paying for my bandwidth twice, first to receive the message and a second time for it to be forwarded to TPTB. Talk about being fsckd!

  • More information (Score:5, Interesting)

    by mothrsuperior (981616) on Wednesday July 15, 2009 @04:54PM (#28708141)

    the register has a followup (including some code) here [theregister.co.uk].
      Apparently [etisalat.ae] etisalat claims the spyware is for troubleshooting during the 2g to 3g upgrade.

    • by JCSoRocks (1142053) on Wednesday July 15, 2009 @05:13PM (#28708373)
      Haha, of course! Troubleshooting network issues is so much simpler when you're using twice the bandwidth as you were before just so that you can send yourself a copy of everything being sent.
    • Heaven forbid they admit it to be what it really is: a state-mandated political/commercial/private spyware app. I am sure it references which cell towers are closest to you so that they can use it to track your physical movements too. I love it, just like the way we pay people to spy on/arrest us for not using the "right" drugs, they pay their government to track their every move. Ironic as all hell. I think we need to plan and execute "a cell-phone day of silence". An entire day when we remove the batterie
  • by dougsyo (84601) on Wednesday July 15, 2009 @04:58PM (#28708185)

    The Register article stated:

    No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

    It pointed to this link: http://supportforums.blackberry.com/rim/board/message?board.id=BlackBerryDeviceSoftware&thread.id=5504&view=by_date_ascending&page=2 [blackberry.com]

    But if you follow it you get:

    The message you are trying to access has been deleted. Please update your bookmarks.

    Interesting.

    Doug

  • I'm not very familiar with RIM's network architecture, so it wasn't clear to me whether the UAE needed RIM's help in distributing the spyware or whether it was entirely the doing of the local phone carrier in the UAE.

    Would the UAE had to have had RIM's help or did they simply buy the services of the third-party spyware vendor?

    -Sean

    • Re: (Score:1, Informative)

      by Anonymous Coward

      It was sent as a WAP push (a bit like sending something to a PC as an email attachment and saying "please run me"). They wouldn't have needed RIM's help to do it (although assistance from someone who (a) had a clue and (b) was evil would have helped them achieve their goal with less comical results). RIM are unlikely to have wanted to assist because it's not exactly a "good news" story for them.

      Carriers do have a level of control over what a Blackberry based on their network can do by controlling what "se

  • Maybe they/we need a crypto-twitter app?

    • Make minimal assumptions of the phone capabilities.
    • Don't rely on 'external' certificate / cert providers etc, roll your own.
    • Don't rely on the device libraries, you cannot afford to trust even the phone.
    • Phone app to include some kind of cert to authenticate itself to the service (at least make an effort).
    • ssl based coms
    • http or sms transport
    • some kind of distributed multiple redundant backend; tor-ish and resistant to dns spoofing
    • certificate based authentication of the se
  • I can't believe my country would try something like this. For the love of god we are not Homeland or the FBI or even the CIA!!! My ISP have made a name for them self's as the biggest idiots I have ever known. I hope this will tech them a lesson."Performance enhancement patch"
  • Veracode has provided an analysis of the spyware source code. The spyware apparently is designed to encrypt messages it grabs from a BlackBerry before it sends them back to the server so that anyone intercepting the data en-route would not be able to read it.

Parts that positively cannot be assembled in improper order will be.

Working...