Tag: big brother

UAE spying on citizens through an Etisalat BlackBerry update?

99 Comments

big-brother-bw

Etisalat, the carrier responsible for bringing the BlackBerry solution to the United Arab Emirates, released a very suspect official update. A member on the official support forums did some detective work, and found some suspicious code in the update. According to the user:

“Blackberry subscribers for Etisalat (one of the official service providers in the UAE) received a WAP Push to download a JAR named “registration”

The description of the “update” was as follows:

“Etisalat network upgrade for Blackberry service. Please download to ensure continuous service quality.”

I called the operator’s hotline inquiring about the update, and they confirmed it’s an “official” update that’s meant to enhance network stability which users experienced last few weeks, causing email and BBM delays. But anyone with two functional braincells would imagine such an update/fix would be done at the network side, rather than with an obscure piece of code pushed to client handsets as a WAP Push, rather than a service book.

Out of curiosity, I downloaded, unpacked and decoded the file, and can’t help but feel something is fishy here.

Following is a list of the class files within registration.jar:

/Interceptor.class
/Registration.cod
/Registration.csl
/Registration.cso
/META-INF/MANIFEST.MF
/com/ss8/interceptor/app/Commands.class
/com/ss8/interceptor/app/Transmit.class
/com/ss8/interceptor/app/MsgOut.class
/com/ss8/interceptor/app/Log.class
/com/ss8/interceptor/app/Main$1.class
/com/ss8/interceptor/app/StatusChange.class
/com/ss8/interceptor/app/Send.class
/com/ss8/interceptor/app/Main.class
/com/ss8/interceptor/app/Recv.class
/com/ss8/interceptor/app/Constants.class
/com/ss8/interceptor/tcp/smtp/SMTPHeader.class
/com/ss8/interceptor/tcp/smtp/SMTP.class
com/ss8/interceptor/tcp/HTTPDeliver.class
com/ss8/interceptor/tcp/SocketBase.class

I put up the original JAD/JAR/COD File along with the unpacked classes and decoded ones in one zip file at http://iihs.net/registration.zip and attached it here for those interested in having a look.

There are interesting references in the software to alternate APN, as well as some BB PINs to relay certain messages through. The whole thing seems VERY fishy.

Any JAVA Developers out there willing to take a look as well and help me make sense out of this?”

New Canadian surveillance legislation is obsolete for BlackBerry users

Comments

mobile_security_card

New Canadian legislation is forcing Internet service providers to make it possible for police and intelligence officers to intercept online communications and get personal information about subscribers, in a “timely” manner without a warrant. This personal information includes names, address and internet addresses.

The bill will allow law enforcement officials to obtain transmission data that is sent or received via telephone and require telecommunications companies to keep data related to specific communications or subscribers if that information is needed in an investigation and requested via a preservation order.

While it is important for police and government officials to prevent the spread of illegal materials such as child pornography and arrest those involved in serious illegal activities, one must wonder how technically viable this bill actually is.

Regardless of whether the carrier allows the interception of voice and data coming from your BlackBerry, your device can be very easily encrypted, making it impossible to listen in. One such product that will do this, is G&D’s mobile security card. With this security card you can save data and have it encrypted in case of theft. The card also provides you with secure email, device protection and even voice encryption. With companies such as G&D, this legislation is quickly rendered obsolete.

[Via]