UAE Telco Etisalat Installs Spyware On Users Blackberries

The New Acunetix V12 Engine


Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not.

I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the Middle East. But now this massive invasion of privacy is taking it one BIG step too far, the sneaky way in which it was done is unforgivable too.

I hope Etisalat sees a mass exodus of users leaving their service and joining one that doesn’t try and send a copy of their e-mails and messages to some central location.

An update for Blackberry users in the United Arab Emirates could allow unauthorised access to private information and e-mails. The update was prompted by a text from UAE telecoms firm Etisalat, suggesting it would improve performance. Instead, the update resulted in crashes or drastically reduced battery life.

Blackberry maker Research in Motion (RIM) said in a statement the update was not authorised, developed, or tested by RIM. Etisalat is a major telecommunications firm based in the UAE, with 145,000 Blackberry users on its books.

In the statement, RIM told customers that “Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone”.

With 145,000 BB users, that’s a fair amount of data they could have been harvesting with their covertly installed monitoring software.

Thankfully the users realised something was wrong with the crashes and terrible battery life not usually seen on Blackberry devices. And RIM have come forward in a responsible manner stating it had nothing to do with them and offering a fix for affected users.

The concern over this unauthorised access only came to light when users started reporting problems with their handsets. After downloading the update, users across the country noticed significantly reduced battery life, poor reception and in some cases, handsets stopped working altogether. Users have complained that the firm’s customer service is unable to provide information on the problem. Initial advice led many users to simply buy new batteries.

The update has now been identified as an application developed by American firm SS8. The California-based company describes itself as a provider of “lawful electronic intercept and surveillance solutions”. It is not clear why Etisalat wanted to include the software in the download.

The firm issued a brief statement last week, calling the problem a “slight technical fault”, saying that the “upgrades were required for service enhancements”.

Yah…sure! A slight technical fault led to installing spyware on your users phones? Ok, I believe you. How does snooping on your users classify as a service enchantment?

Well the competitors certainly don’t offer the same spyware service, so you can claim to be unique at least.

Shame on you Etisalat, really, shame on you.

Source: BBC (Thanks Navin)

Posted in: Legal Issues, Malware, Privacy

, , ,


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


5 Responses to UAE Telco Etisalat Installs Spyware On Users Blackberries

  1. Pantagruel July 24, 2009 at 12:43 pm #

    According to a poll http://www.arabianbusiness.com/562771-more-than-50-of-blackberry-users-to-ditch-etisalat—poll , some 50% or more is about to ditch Etisalat due to their spyware ‘update’. This seems more than logical to me and shows more regimes are interrested in gathering info at any means possible.

  2. cbrp1r8 July 24, 2009 at 3:11 pm #

    lololol way to get rid of your customers..

  3. huraimel July 27, 2009 at 6:41 am #

    i am really surprised from this article that comes form an expert from security domain. first of all let me remind you that the BB services (emails, msgs, …) already goes through the BB servers in Canad and most of the uses (i think) are a ware of that.

    so as a user, i know that my e-mail are exposed by the BB service provider so why i will not be happy when it will be exposed by the telecom service provider. for me it is the same.

  4. Pantagruel July 27, 2009 at 9:23 am #

    @huraimel

    This can be circumvented using PGP (www.pgp.com/products/pgp_support_package_for_bb/).

    This spyware update however introdudes a backdoor and straight access to the BB’s contents, rendering encryption on-demand useless (i’m not sure if the BB stores the email fully encrypted [local storage I mean]), no BB here to have a test.

  5. Anonymous coward July 28, 2009 at 5:08 am #

    detailed analys was done on this at site here http://chirashi.zensay.com/whitepapers/