Tag: uaePage 2 of 4

More BlackBerry Security Concerns in the United Arab Emirates


It’s interesting to see the sort of issues RIM comes across as its product finds itself in various countries around the world. Arab countries in particular have some pretty strict concerns about security and recently, government officials have commented saying that BlackBerrys operate “beyond the jurisdiction” of national laws because they immediately send data abroad to be “managed by a foreign, commercial organization.”

The Telecommunications Regulatory Authority voiced fears that the BlackBerry manages data in a way that could allow it to be misused. “As a result of how Blackberry data is managed and stored, in their current form, certain Blackberry applications allow people to misuse the service, causing serious social, judicial and national security repercussions,” the regulator said in a statement carried on the state news agency late Sunday.
Continue reading ‘More BlackBerry Security Concerns in the United Arab Emirates’

SMobile Systems release complete technical analysis of Etisalat update


blackberry security shield

During the Etisalat controversy, one company that has been really helpful in determining exactly what is going on is SMobile Systems. They have sent me a technical analysis of the “upgrade” which I think the BlackBerry community would be interested in reading.
Click through for a technical analysis of the Etisalat software update

RIM responds officially to Etisalat spyware found in update



RIM has put out an official document entitled “RIM Customer Statement Regarding Etisalat / SS8 Software”. The document confirms that Etisalat did not release what they called a “upgrade” and that the software was in fact harmful to your device. According to the document:

RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not
develop this software application and RIM was not involved in any way in the testing, promotion
or distribution of this software application.

RIM further confirms, in general terms, that a third party patch cannot provide any enhancements
to network services as there is no capability for third parties to develop or modify the low level
radio communications protocols that would be involved in making such improvements to the
communications between a BlackBerry smartphone and a carrier’s network.

The above statement is very reminiscent of the article we posted on BlackBerry Cool, regarding what applications can and cannot do on a BlackBerry. The article was written after a company claimed they developed an application that makes the network faster, but it was clearly snake oil.

In the document, RIM also warns about updates that are pushed via SMS or WAP. According to RIM, if there is ever a need to update software, RIM distributes using standard channels, such as OTA and direct downloads. ” RIM does not use SMS or WAP push as an official distribution channel for these types of official BlackBerry software updates.”

It’s too bad we can’t trust our carriers. You would think that they would be content with the hundreds of dollars we give them each year.

Download the official document released by RIM.

Consider reading RIM’s document on Protecting the BlackBerry device platform against malware (PDF).


SMobile Systems release solution for Etisalat BlackBerry spyware


blackberry security shield

I was recently contacted by the good people at SMobile Systems, the providers of the only Antivirus/AntiSpyware solution for BlackBerry, about my article regarding malicious code found in a recent Etisalat update.

SMobile Systems have released a solution for the recent spyware-laden update sent to BlackBerry users on the Etisalat network in the United Arab Emirates.

The spyware intercepts emails and drains battery life remarkably fast. According to Chris Eng at Veracode, “the server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.”

If you are in the UAE and on the Etisalat network, I recommend going to the SMobile Systems site and purchasing their SMobile Security Shield or Anti-Theft and Identity Protection software, which will remove the spyware, as well as any other malicious code on your device. If you have already purchased the product, all you need to do is update your software to be protected.

We are living in an age where our smartphones are becoming our personal computers, and therefore the focus of those who want to exploit our personal data in any way they can. Dan Hoffman, CTO of SMobile Systems said it best, “The truth about smartphones is that they are used in the same manner as personal computers and are susceptible to the same threats. It has become clear that smartphone users need to proactively ensure their devices contain the necessary security software to protect not only their e-mail and messaging data, but also to protect their identity and the integrity of their mobile financial transactions.”

Security Shield for BlackBerry is available for $35.41 CAD.

Anti-Theft and Identity Protection is available for $29.99 per year.

Recent Etisalat update drains the BlackBerry battery significantly



Steve just posted about the most recent Etisalat update having some strange code but there’s more to this update. UAE customers are upset because apparently this official Etisalat upgrade significantly reduces the battery life of the device.

“The problem came up when they sent a new batch to enhance the performance but instead they have killed all blackberry batteries by activating a process inside the phone which empties the battery in less than an hour if not charged,” complained a frustrated BlackBerry customer in the country who wished to remain anonymous.

“All our company employees who installed this batch file has been affected. They claim they are working on it, and the time frame to send a fix is said to be 7 days,” our source added.

So far, the only solution Etisalat is offering involves some basic battery maintenance. This means powering off your device, fully charging the battery, and powering on the device. In general, you should be draining the battery fully and charging fully at least once per month. There’s no word yet if another upgrade will be issued to solve the battery drainage.

Could this battery drainage have something to do with the strange “intercept” code found in the most recent update?


UAE spying on citizens through an Etisalat BlackBerry update?



Etisalat, the carrier responsible for bringing the BlackBerry solution to the United Arab Emirates, released a very suspect official update. A member on the official support forums did some detective work, and found some suspicious code in the update. According to the user:

“Blackberry subscribers for Etisalat (one of the official service providers in the UAE) received a WAP Push to download a JAR named “registration”

The description of the “update” was as follows:

“Etisalat network upgrade for Blackberry service. Please download to ensure continuous service quality.”

I called the operator’s hotline inquiring about the update, and they confirmed it’s an “official” update that’s meant to enhance network stability which users experienced last few weeks, causing email and BBM delays. But anyone with two functional braincells would imagine such an update/fix would be done at the network side, rather than with an obscure piece of code pushed to client handsets as a WAP Push, rather than a service book.

Out of curiosity, I downloaded, unpacked and decoded the file, and can’t help but feel something is fishy here.

Following is a list of the class files within registration.jar:


I put up the original JAD/JAR/COD File along with the unpacked classes and decoded ones in one zip file at http://iihs.net/registration.zip and attached it here for those interested in having a look.

There are interesting references in the software to alternate APN, as well as some BB PINs to relay certain messages through. The whole thing seems VERY fishy.

Any JAVA Developers out there willing to take a look as well and help me make sense out of this?”