Spyware In BlackBerry Updates For Users in the UAE

mulaz writes with this excerpt from The Register: "An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life. Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain."

UAE - no surprise

[Torontoman]

As far as non-north-american countries go - the UAE is very progressive. But a former client of mine who spent 8 yrs there working in administration pointed out - "in North America we are an odd country and culture - we simply take it as the norm that nobody will listen to us. That level of privacy is not the norm, it's unusual" He was in a senior healthcare position and essentially knew as a foreigner in a position of influence that he would be monitored regularly if not constantly.

More information

[mothrsuperior]

the register has a followup (including some code) here [theregister.co.uk].
  Apparently [etisalat.ae] etisalat claims the spyware is for troubleshooting during the 2g to 3g upgrade.

Removal utility link deleted

[dougsyo]

The Register article stated:

No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

It pointed to this link: http://supportforums.blackberry.com/rim/board/message?board.id=BlackBerryDeviceSoftware&thread.id=5504&view=by_date_ascending&page=2 [blackberry.com]

But if you follow it you get:

The message you are trying to access has been deleted. Please update your bookmarks.

Interesting.

Doug

Re:Did it install on all Blackberry's connected

[HTH NE1]

SS8 says their software is used by "some of the largest service providers in the world," so it may have been more surreptitiously pushed in phases by your own provider already.

Bum, bum, buuuuummmm.

Re:UAE - no surprise

[spire3661]

Why would any normal western person subject themselves to such de-humanizing rules? You couldnt pay me to go to UAE. Its not that im a trouble-maker or rabble-rouser, but it seems that in those types of countries very small missteps can land you in a whole heap of trouble. Its fine if they want to run their sovereign nation like that, I jsut dont ever plan on subjecting myself to their rules.

Re:UAE - no surprise

[the 9a3eedi]

I dunno, some parts of your comments seem rather exaggerated. First off, Emaratis HAVE to pay speeding fines. I know that because I'm an Emarati myself. And no, we dont get some special discount. We might be able to get away with it because we know where all the traffic radars are and so we slow down just in time :P There isn't any "siren" implanted in our cars. It's just the standard "bell" that comes out from the car when you go above 120km/h . I really don't think it's due to a government regulation, but it's probably dependant on the car itself. Our family bought a Pajero last, and whenever I speed, I do get a rather annoying continous beep from it, but it's not that loud. The sound can be drowned with music played in a reasonable volume. Also, that claim that using privacy enhancing encryption can lead you to the courthouse sounds farfetched to me. I've been using privacy enhancing applications in the UAE the entire time, and I'm fine. Also, tor works. I tried. If it would really eventually make me end up in the courthouse, give me evidence. As an Emarati, I admit that my country has some problems, but there is no need to exaggerate things and tell lies which would unnecessarily damage the reputation of the country.

Re:UAE - no surprise

[the 9a3eedi]

P2P networks like Bittorrent and Gnutella always work with me. Never had any problems with it. And if tor doesn't work, I really think it's tor's fault, and not the ISP. Tor is encrypted, isn't it impossible for the ISP to "block" it?

Apparently, VoIP services aren't completely blocked. It's just the ones that allow you to do cheap PC-to-Phone calls that are blocked, as it would kindof interfere with Etisalat's revenue. However, things like SIP and Google Talk, where it's just PC-to-PC works perfectly fine.

Flickr is blocked because Etisalat blocks "dating sites". That's the official reason. Yes, I know, flickr is not a "dating site" :P . It's a shame that it got blocked for something silly like that.

In general, Etisalat's Internet service is pretty horrible compared to other countries. It's a well known fact. Sucks, but the people there generally just accept it and try to find workarounds (and doing that doesn't get them into trouble).