[Infowarrior] - MidEast Blackberry Update Spies on Users

Richard Forno rforno at infowarrior.org
Wed Jul 15 11:46:33 UTC 2009 

Researcher: Middle East Blackberry Update Spies on Users
	• By Kim Zetter
	• July 14, 2009  |
	• 8:04 pm  |

http://www.wired.com/threatlevel/2009/07/blackberry-spies/

A Blackberry update that a United Arab Emirates service provider  
pushed out to its customers contains U.S.-made spyware that would  
allow the company or others to siphon and read their e-mail and text  
messages, according to a researcher who examined it.
The update was billed as a “performance enhancement patch” by the UAE- 
based phone and internet service provider Etisalat, which issued the  
patch for its 100,000 subscribers.

The patch only drew attention after numerous users complained that it  
drained their Blackberry battery and slowed performance, according to  
local publication ITP.

Nigel Gourlay, a Qatar-based programmer who examined the patch, told  
ITP that the patch contained “phone-home” code that instructed the  
Blackberries to contact a server to register. But once the patch was  
installed, thousands of devices tried to contact the server  
simultaneously, crashing it and causing their batteries to drain.

“When the BlackBerry cannot register itself, it tries again and this  
causes the battery drain,” he said, noting that the spyware wouldn’t  
have drawn any attention if the company had simply configured the  
registration server to handle the capacity.

The spying program in the patch is switched off by default on  
installation, but switching it on would be a simple matter of pushing  
out a command from the server to any device, causing the device to  
then send a copy of the user’s subsequent e-mail and text messages to  
the server.

The spyware appears to have been developed by a U.S. company, which  
markets electronic surveillance software.

Gourlay obtained source code for the patch after someone posted it on  
a Blackberry forum. He said the code contained the name “SS8.com,”  
which belongs to a US-based company that, according to its web site,  
provides surveillance solutions for “lawful interception” to ISPs, law  
enforcement and intelligence agencies around the world.

Neither Etisalat nor SS8 could be reached for comment.

More information about the Infowarrior mailing list