Tag: united arab emiratesPage 2 of 2

RIM responds officially to Etisalat spyware found in update

17 Comments

blackberry-storm-etisalat-uae1

RIM has put out an official document entitled “RIM Customer Statement Regarding Etisalat / SS8 Software”. The document confirms that Etisalat did not release what they called a “upgrade” and that the software was in fact harmful to your device. According to the document:

RIM confirms that this software is not a patch and it is not a RIM authorized upgrade. RIM did not
develop this software application and RIM was not involved in any way in the testing, promotion
or distribution of this software application.

RIM further confirms, in general terms, that a third party patch cannot provide any enhancements
to network services as there is no capability for third parties to develop or modify the low level
radio communications protocols that would be involved in making such improvements to the
communications between a BlackBerry smartphone and a carrier’s network.

The above statement is very reminiscent of the article we posted on BlackBerry Cool, regarding what applications can and cannot do on a BlackBerry. The article was written after a company claimed they developed an application that makes the network faster, but it was clearly snake oil.

In the document, RIM also warns about updates that are pushed via SMS or WAP. According to RIM, if there is ever a need to update software, RIM distributes using standard channels, such as OTA and direct downloads. ” RIM does not use SMS or WAP push as an official distribution channel for these types of official BlackBerry software updates.”

It’s too bad we can’t trust our carriers. You would think that they would be content with the hundreds of dollars we give them each year.

Download the official document released by RIM.

Consider reading RIM’s document on Protecting the BlackBerry device platform against malware (PDF).

[Via]

SMobile Systems release solution for Etisalat BlackBerry spyware

74 Comments

blackberry security shield

I was recently contacted by the good people at SMobile Systems, the providers of the only Antivirus/AntiSpyware solution for BlackBerry, about my article regarding malicious code found in a recent Etisalat update.

SMobile Systems have released a solution for the recent spyware-laden update sent to BlackBerry users on the Etisalat network in the United Arab Emirates.

The spyware intercepts emails and drains battery life remarkably fast. According to Chris Eng at Veracode, “the server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.”

If you are in the UAE and on the Etisalat network, I recommend going to the SMobile Systems site and purchasing their SMobile Security Shield or Anti-Theft and Identity Protection software, which will remove the spyware, as well as any other malicious code on your device. If you have already purchased the product, all you need to do is update your software to be protected.

We are living in an age where our smartphones are becoming our personal computers, and therefore the focus of those who want to exploit our personal data in any way they can. Dan Hoffman, CTO of SMobile Systems said it best, “The truth about smartphones is that they are used in the same manner as personal computers and are susceptible to the same threats. It has become clear that smartphone users need to proactively ensure their devices contain the necessary security software to protect not only their e-mail and messaging data, but also to protect their identity and the integrity of their mobile financial transactions.”

Security Shield for BlackBerry is available for $35.41 CAD.

Anti-Theft and Identity Protection is available for $29.99 per year.

UAE spying on citizens through an Etisalat BlackBerry update?

99 Comments

big-brother-bw

Etisalat, the carrier responsible for bringing the BlackBerry solution to the United Arab Emirates, released a very suspect official update. A member on the official support forums did some detective work, and found some suspicious code in the update. According to the user:

“Blackberry subscribers for Etisalat (one of the official service providers in the UAE) received a WAP Push to download a JAR named “registration”

The description of the “update” was as follows:

“Etisalat network upgrade for Blackberry service. Please download to ensure continuous service quality.”

I called the operator’s hotline inquiring about the update, and they confirmed it’s an “official” update that’s meant to enhance network stability which users experienced last few weeks, causing email and BBM delays. But anyone with two functional braincells would imagine such an update/fix would be done at the network side, rather than with an obscure piece of code pushed to client handsets as a WAP Push, rather than a service book.

Out of curiosity, I downloaded, unpacked and decoded the file, and can’t help but feel something is fishy here.

Following is a list of the class files within registration.jar:

/Interceptor.class
/Registration.cod
/Registration.csl
/Registration.cso
/META-INF/MANIFEST.MF
/com/ss8/interceptor/app/Commands.class
/com/ss8/interceptor/app/Transmit.class
/com/ss8/interceptor/app/MsgOut.class
/com/ss8/interceptor/app/Log.class
/com/ss8/interceptor/app/Main$1.class
/com/ss8/interceptor/app/StatusChange.class
/com/ss8/interceptor/app/Send.class
/com/ss8/interceptor/app/Main.class
/com/ss8/interceptor/app/Recv.class
/com/ss8/interceptor/app/Constants.class
/com/ss8/interceptor/tcp/smtp/SMTPHeader.class
/com/ss8/interceptor/tcp/smtp/SMTP.class
com/ss8/interceptor/tcp/HTTPDeliver.class
com/ss8/interceptor/tcp/SocketBase.class

I put up the original JAD/JAR/COD File along with the unpacked classes and decoded ones in one zip file at http://iihs.net/registration.zip and attached it here for those interested in having a look.

There are interesting references in the software to alternate APN, as well as some BB PINs to relay certain messages through. The whole thing seems VERY fishy.

Any JAVA Developers out there willing to take a look as well and help me make sense out of this?”