A BlackBerry update that a United Arab Emirates service provider pushed out to its customers contains U.S.‐made spyware that would allow the company or others to siphon and read their e‐mail and text messages, according to a researcher who examined it.
The update was billed as a “performance‐enhancement patch” by the UAE‐based phone and internet service provider Etisalat, which issued the patch to its 100,000 subscribers.
The patch only drew attention after numerous users complained that it drained their BlackBerry battery and slowed performance, according to local publication ITP.
Nigel Gourlay, a Qatar‐based programmer who examined the patch, told ITP that the patch
contained “phone‐home” code that instructed the BlackBerries to contact a server to register. But once the patch was installed, thousands of devices tried to contact the server simultaneously, crashing it and causing their batteries to drain.
“When the BlackBerry cannot register itself, it tries again and this causes the battery drain,” he said, noting that the spyware wouldn’t have drawn any attention if the company had simply configured the registration server to handle the load.
The spying part of the patch is switched off by default on installation, but switching it on would be a simple matter of pushing out a command from the server to any device, causing the device to then send a copy of the user’s subsequent e‐mail and text messages to the server.
The spyware appears to have been developed by a U.S. company, which markets electronic surveillance software.
Gourlay obtained source code for the patch after someone posted it on a BlackBerry forum. He said the code contained the name “SS8.com,” which belongs to a U.S. company that, according to its web site, provides surveillance solutions for “lawful interception” to ISPs, law enforcement and intelligence agencies around the world.
Neither Etisalat nor SS8 could be reached for comment.
UPDATE: Veracode has provided an analysis of the spyware source code. The spyware apparently is designed to encrypt messages it grabs from a BlackBerry before it sends them back to the server so that anyone intercepting the data en‐route would not be able to read it.
Wired.com spoke with Chris Wysopal, co‐founder and chief technology officer of Veracode, who pointed out that the fact that the interception is done on the client device rather than on the ISP’s server — where it would normally be done — helps law enforcement, or whoever else might want to intercept the messages, circumvent encryption used by the sender of an e‐mail, since it’s grabbing the message after it’s been decrypted on the recipient’s BlackBerry.
(source: Kim Zetter)
No comments:
Post a Comment