Thursday, July 23, 2009

RIM Warns Update for Blackberry Has Spyware

Research In Motion Ltd. warned BlackBerry users in the United Arab Emirates that a software upgrade recommended by their wireless carrier was actually surveillance software that could enable unauthorized access to the popular smart phone.

RIM, which makes the BlackBerry, said it didn't authorize the upgrade. "RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application," the Canadian company said in a statement.

Emirates Telecommunications Co., or Etisalat, didn't respond to requests for comment. The company, which is 60% owned by the U.A.E. government and operates in 18 countries, is the larger of two BlackBerry providers in the U.A.E.

Earlier this month, Etisalat began texting its Blackberry customers prompting them to install new software that the company said would upgrade their systems from 2G to 3G standards.

Some customers who accepted the download, however, complained that the software acted more like a virus by disrupting their ability to send or receive emails and draining their batteries.

Quickly word spread through the expatriate community in Dubai, the country's financial center, and Abu Dhabi, the capital of the U.A.E., that a possible virus was spreading through Etisalat's network.

Software-security companies started to describe the patch as "spyware," not a technical upgrade, that would allow the telecom company to store and read emails sent on its system.

On July 15, Etisalat issued a statement explaining the battery and other problems were due to a "slight technical fault" that affected "a very limited number of devices." It said it had received about 300 complaints from its more than 145,000 BlackBerry customers. Etisalat offered to give users instructions to undo the changes.

RIM said Etisalat appears to have distributed surveillance software designed by SS8 Networks Inc., a closely-held Milpitas, Calif., company. Installing the software on a BlackBerry can enable unauthorized access to confidential information stored on the device, the statement said.

SS8 didn't respond to requests for comment. The company's Web site indicated that, among other things, its products intercept a variety of communications traffic, including wireless traffic, and deliver analytical results to law enforcement.

Daniel Hoffman, chief technology officer at SMobile Systems Inc., which makes security products for BlackBerry devices, said the software Etisalat distributed was designed to intercept email traffic and send data to two email addresses at Etisalat.

"Mobile devices have been infected for years, and we encounter spyware every day, but we haven't seen it en masse before," Mr. Hoffman said. Spyware normally targets individuals or groups in business or government to collect data for financial or political reasons. "You want to be stealthy, and this seems more blatant," he said.

Because RIM develops and upgrades its own software code, carriers don't normally offer updates on their own. This is the first instance of a carrier offering to upgrade BlackBerry software on its own, according to a person familiar with the matter.

"This isn't a group of hackers, this is the operator that sent you a valid and authorized update," said Jacob Greenblatt, director of strategy at mobile-security firm Discretix Inc. "It's difficult to guard against this, because it's built into the capability of the device."

0 comments: