Pages

Sunday, July 26, 2009

In The News: Reach Out. The world's waiting (and spying!)

Blackberry users beware: this from Engadget.com ... but it's all over the news here: Etisalat orchestrated the installation of a so-called "performance enhancing patch" onto over a hundred thousand Blackberrys in the UAE which, as it turns out, is actually a spyware software! People (especially the Crackberry crowd) are outraged but Etisalat has been conspicuously mum on the subject since the story broke almost a month ago.

FYI: Etisalat is the (government owned?) telecommunications provider for the UAE (affectionately known as "Etisal-crap" although Etisalat subscribers have more choice names for them I'm sure!) The market here is a duopoly with the only competition coming from one other provider called Du (affectionately known as, "Duh!").

BlackBerry update in UAE reportedly surveillance software in disguise
by Donald Melanson, posted Jul 14th 2009 at 4:59PM

There's not much in the way of official statements on this one just yet, but itp.net is reporting that a recently pushed out update for all BlackBerry users on the UAE-based carrier Etisalat is not a "performance enhancement patch" as advertised, but rather some spyware that could potentially give Etisalat the ability to keep an eye on its customers' messages. The first suspicions about the update apparently arose when users noticed dramatically reduced battery life and slower than usual performance from their phones, which led to a bit of detective work from programmer Nigel Gourlay, who pegged the software down as coming from electronic surveillance company SS8. While it's not switched on by default, the software can reportedly let Etisalat flip the switch on phones one by one and monitor their emails and text messages -- or it could if it hadn't completely bogged down the network. Apparently, the software wasn't designed for such a large scale deployment, which resulted in the slowdown and battery drain as some 100,000 BlackBerrys constantly tried and failed to sign in to the one registration server for the software.

A more recent account of the fiasco from itp.net. If Etisalat won't "reach out", RIM has issued a statement of their own:

It’s time for Etisalat to explain spyware fiasco
By Damian Reilly on Sunday, July 26, 2009

"Reach out. The world's waiting," Etisalat implores visitors to its website. What it doesn't mention is that if you are using a Blackberry to "reach out" - which is lately the bizarre Americanism for communicating - your emails could well be sent on to a third party.

At the end of June, Etisalat asked its customers using Blackberry devices to download a "network improvement patch." Many did. Shortly thereafter, their Blackberrys ceased to work. Investigating the malfunction, computer experts discovered that the patch did not improve network performance.

In fact, Canadian firm Research in Motion (RIM) which actually makes Blackberrys was so alarmed by Etisalat's claims that the patch was intended to enhance performance that it put out a strongly worded statement, distancing itself from the UAE's largest telecom company.

"It is not a RIM authorised upgrade. Independent sources have concluded that the Etisalat update is not designed to improve performance of your Blackberry, but rather to send received messages back to a central server... In this case, Etisalat appears to have distributed a telecommunications surveillance system," the statement said.

Etisalat had originally claimed that the patch was "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas", but RIM would have none of it.

The RIM statement says flatly: "In general terms, a third-party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low-level radio communications protocols that would be involved in making such improvements."

At the time of writing, no one from Etisalat was available for comment.

With each passing day that Etisalat remains silent on the issue, the dreams of conspiracy-theorists from Al-Ain to Ras al-Khor will become yet more fervent. Come on Etisalat - you're a huge and normally very eloquent communications company. It's time you communicated with your customers. What was the purpose of the patch and why did you ask people to download it? Over to you.


And for those of you who are saying to yourselves, "Phew! Glad I'm not in the UAE right now!", the software vendor that created this piece of work is an American company called SS8. They have sold this "patch" to communications networks all over the world and no doubt they and other service providers have learned a thing or two from the Etisalat fiasco. One more reason to stay off the grid and not get a Blackberry.

Speaking of off the grid, my internet at home is down (again)... argh! I need to make a call to Du (again!) to see what gives (did I mention that they are unofficially called, "Duh"?) On the bright side, at least I know I am not being spied on at home ... at least not my own internet (someone on my floor has an unsecure signal) ... and I should probably get some curtains in my new apartment.

No comments: