Wednesday, July 15, 2009

Etisalat's BlackBerry Patch Opens Phones to Surveillance

Via ITP.net -

The battery-sapping "performance patch" that Etisalat [Emirates Telecommunications Corporation] sent to its BlackBerry subscribers over the last few days was designed to give the UAE operator the ability to read its customers emails and text messages, a Qatar-based software expert told CommsMEA yesterday.

Last week, Etisalat told its 100,000 BlackBerry subscribers that a "performance enhancement patch" would be sent to them to "provide the best BlackBerry service and ultimate experience". But users who downloaded the software complained of dramatically reduced battery life and slower than usual performance of their devices.

Nigel Gourlay, a Doha-based Sun-certified Java programmer who has been developing open source software for 15 years, analysed the patch after it was posted on BlackBerry’s community support forum and he said that once installed, it potentially gives Etisalat the power to view all emails and text messages sent from the BlackBerry.

“I don’t think it’s been designed for a large scale deployment,” he said. “They have released it as an upgrade across all UAE BlackBerry handsets, all of which have tried to phone home to this one registration server at the same time, and that has effectively brought the server to its knees. When the BlackBerry cannot register itself, it tries again and this causes the battery drain.”

Gourlay pointed out that by default the system is turned off and when it installs the only message that is sent is an initial registration message, and that later on, Etisalat could turn on the systems “one by one”.

Once installed, one of the possible commands that can be sent to the device is "start", which would then cause any subsequent message to be forwarded to an Etisalat website.

Gourlay said the patch was stamped with “SS8.com”, the name of a US-based software developer that describes itself as an electronic surveillance solutions company that develops products that “allow intelligence agencies to recognise, monitor, investigate and prevent criminal activity”.

It appears as though the use of such software is widespread among telecom operators, and according to SS8’s website, its products are used by “some of the largest service providers in the world”.

On Sunday Etisalat issued a two paragraph statement apologising for “a phased software upgrade…that led to extra consumption of the handset battery”. It described the patch as a “routine upgrade process”, but said it had stopped issuing it as a precautionary measure.

At the time of writing the operator had not responded to requests sent yesterday (Monday) for further details about the precise purpose of the patch or Etisalat’s relationship with “lawful interception solutions” firm SS8.

SS8 established its presence in the UAE in February this year when it acquired OCI Mobile, a technology provider that specialised in providing surveillance solutions to government organisations.

No comments:

Post a Comment