[ad]
Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not.
I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the Middle East. But now this massive invasion of privacy is taking it one BIG step too far, the sneaky way in which it was done is unforgivable too.
I hope Etisalat sees a mass exodus of users leaving their service and joining one that doesn’t try and send a copy of their e-mails and messages to some central location.
An update for Blackberry users in the United Arab Emirates could allow unauthorised access to private information and e-mails. The update was prompted by a text from UAE telecoms firm Etisalat, suggesting it would improve performance. Instead, the update resulted in crashes or drastically reduced battery life.
Blackberry maker Research in Motion (RIM) said in a statement the update was not authorised, developed, or tested by RIM. Etisalat is a major telecommunications firm based in the UAE, with 145,000 Blackberry users on its books.
In the statement, RIM told customers that “Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone”.
With 145,000 BB users, that’s a fair amount of data they could have been harvesting with their covertly installed monitoring software.
Thankfully the users realised something was wrong with the crashes and terrible battery life not usually seen on Blackberry devices. And RIM have come forward in a responsible manner stating it had nothing to do with them and offering a fix for affected users.
The concern over this unauthorised access only came to light when users started reporting problems with their handsets. After downloading the update, users across the country noticed significantly reduced battery life, poor reception and in some cases, handsets stopped working altogether. Users have complained that the firm’s customer service is unable to provide information on the problem. Initial advice led many users to simply buy new batteries.
The update has now been identified as an application developed by American firm SS8. The California-based company describes itself as a provider of “lawful electronic intercept and surveillance solutions”. It is not clear why Etisalat wanted to include the software in the download.
The firm issued a brief statement last week, calling the problem a “slight technical fault”, saying that the “upgrades were required for service enhancements”.
Yah…sure! A slight technical fault led to installing spyware on your users phones? Ok, I believe you. How does snooping on your users classify as a service enchantment?
Well the competitors certainly don’t offer the same spyware service, so you can claim to be unique at least.
Shame on you Etisalat, really, shame on you.
Source: BBC (Thanks Navin)
Pantagruel says
According to a poll http://www.arabianbusiness.com/562771-more-than-50-of-blackberry-users-to-ditch-etisalat—poll , some 50% or more is about to ditch Etisalat due to their spyware ‘update’. This seems more than logical to me and shows more regimes are interrested in gathering info at any means possible.
cbrp1r8 says
lololol way to get rid of your customers..
huraimel says
i am really surprised from this article that comes form an expert from security domain. first of all let me remind you that the BB services (emails, msgs, …) already goes through the BB servers in Canad and most of the uses (i think) are a ware of that.
so as a user, i know that my e-mail are exposed by the BB service provider so why i will not be happy when it will be exposed by the telecom service provider. for me it is the same.
Pantagruel says
@huraimel
This can be circumvented using PGP (www.pgp.com/products/pgp_support_package_for_bb/).
This spyware update however introdudes a backdoor and straight access to the BB’s contents, rendering encryption on-demand useless (i’m not sure if the BB stores the email fully encrypted [local storage I mean]), no BB here to have a test.
Anonymous coward says
detailed analys was done on this at site here http://chirashi.zensay.com/whitepapers/