back to article BlackBerry snoopers can explain everything

Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility. But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question. The patch, which was …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Black Helicopters

    So...

    Can the users just replace the Registration.jar file with a harmless one? Or is the system robust against such things?

  2. Number6

    system Upgrades

    I wonder if President Obama has had any upgrades to his Blackberry recently?

  3. Anonymous Coward
    Thumb Down

    @Number6

    You think he was using Etisalat?

  4. Eduard Coli
    Grenade

    What?

    Surely they can capture data from a central intercept location like the Peoples Republic of America.

    Pushing this down to the client seems clunky.

  5. Andus McCoatover
    Pint

    Truth - Arab?

    <<Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility. (etc.)>>

    Friend of mine once told me that in some Arabic countries, truth is regarded as a Variable, not a Constant.

    He was an Arab, so should I believe him?

    Icon, 'cos he wouldn't.

  6. Jamie Kitson
    WTF?

    Confused

    > Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.

    Do all BlackBerries use RIM's SMTP server in Canada then? Don't Etisalat customers use Etisalat SMTP servers?

  7. Cameron Colley

    RE: What?

    Any email is encrypted by the device and doesn't get decrypted until it hits the BES -- this could be located in Jamaica if you fealt like it -- it is then sent to its destination address in the usual way.

    Much easier to just get a copy of the original message sent to you.

  8. kain preacher

    @Eduard Coli

    Um no. Not if they are using encrypting . That's why India had a shit fit over the crack berry

  9. chort
    FAIL

    Hmm 145,000 - 300 = 105,000?

    Not only are handset infected, but calculators too, apparently.

  10. Jimbo 7

    to Eduard Coli

    you obviously don't know how BB server works, if you would then you would know that they cannot tap between BB server and device and get the emails cause it's encrypted traffic

  11. copsewood
    Big Brother

    @Eduard Coli

    "Surely they can capture data from a central intercept location like the Peoples Republic of America.

    Pushing this down to the client seems clunky."

    Parties with access to update handsets are almost certainly not the same as those with access to infrastructure. This all suggests the snooping is being done by whoever is paying someone working for the software supplier without adequate quality assurance in respect of code review. Or maybe the entire software supplier was collared, but that sounds less likely than a rogue developer, given the supplier of this will get less work in the telecoms sector as a consequence of poor QA, unless the work is from other snoopers and badguys.

    The local telco doesn't need to push software down to the client to snoop on their own customers' conversations, and has every reason not to provide evidence of snooping in respect of software pushed down to the client. If whoever arranged this snooping had the ability to tap into the local network infrastructure that would have been the preferred approach. This all implies that for the snooping party, compromising the handsets was the more feasible approach. I really can't imagine many engineers working on mobile telephony infrastructure in the UAE or in many other places for that matter having time to read the source code of handset firmware updates - these probably mostly come from the handset manufacturers or specialist software firms contracting to the handset manufacturers.

  12. Anonymous Coward
    Unhappy

    Clearly?

    "which is clearly related to roaming between 2G and 3G networks"

    In this case a little knowledge is clearly a dangerous thing.

    <dislaimer> not pretending to be a programer of any description - or even clever </disclaimer>

    I understand a little of the code there (the boolean bits) but for the hard of thinking like me, could you explain how this is "clearly" related to cell roaming?

    Genuine in ignorance,

    A.

  13. Steve Evans

    Why?

    Why on earth would an operator need to intercept SMS messages at the phone, they operate the messaging centre, so surely if they wanted a copy of messages they can pick them all up here, and nobody would be any the wiser!?

    Same goes for emails, they operate the data carrier the phones receiving and sending emails via, just listen for those conversations on port 110 and port 25.

  14. Anonymous Coward
    Anonymous Coward

    And a F+++ing good job too

    Unless of course you want A-rab terroists running wild again, my betting is that there is a major Americaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaan influence behind this, and for once, I actually agree.

    Money is on the CIA.

  15. Martin 6 Silver badge

    Good ad for blackberry

    So this pretty much demonstrates that Blackberry's encryption is good and that they don't allow random 3rd party phone-tappers into their servers.

    If the government doesn't need your help in spying on you - then you have to worry!

  16. Steve K Silver badge
    Pirate

    Clearly# - Not you - it's sarcasm...

    Clearly#

    It's not you it's merely a suitably sarcastic critique of the posted code. It has NOTHING to do with 2G/3G switchover, and everything to do with intercepting messages....

    Steve

  17. Anonymous Coward
    Anonymous Coward

    CyberSub

    What, if anything, does this line mean?

    "But its claim that appear fall down at the slightest scrutiny"

  18. Daniel 4

    @Number6

    President Obama no longer uses a Blackberry. As a top government official, he is required to use a NSA approved secure device, probably the Sectera Edge. Functionally similar to the Blackberry, far more secure.

    -d

  19. Thomas 18

    Eh?

    Is this code a joke?

    Surely line 10 would throw an exception if subject is null since all the terms in the if are evaluated at the same time. And why is there an empty catch block and an if statement with nothing after it. Or is this just what happens when you decompile stuff you get inaccuracies?

  20. Anonymous Coward
    Black Helicopters

    re. And a F+++ing good job too #

    So why is spying on the mainly innocent citizens of the USA a bad thing, but spying on the mainly innocent citizens of an Arab nation a good thing?

    This kind of double-standards thinking is why Western nations are not trusted in the middle east; until we start to treat people as equals, with equal rights, we will get nowhere.

    What would world opinion be if the UK decided to monitor the communications of every Irish Catholic; just in case they might be a terrorist? Pretty dim I would hope.

    Blanket surveillance should be universally condemned.

  21. Cameron Colley

    @Steve Evans

    While I agree with your point about SMS messages not all email sent to and from BlackBerry devices in the UAE will hit the internet in the UAE in unencrypted form. As I mentioned in my previous post your BES can be located in any country you like.

    I think those suggesting criminal or US involvement in this forget that in the UAE "All Your Information Is Belong To The Ruler!" -- the country owns all it's citizens and infrastructure and the law is what they say it is when they say it is. Unlike our government they don't even pretend you have privacy out there.

  22. Kanhef
    Boffin

    @Thomas 18

    No, that's normal Java code and works perfectly well. Java, like C, uses 'short-circuit' boolean evaluation; expressions are read from left to right, and evaluation stops as soon as the result can be determined. In this case, if subject is null, the first expression is false, so it doesn't matter what's on the right side of the && - the final result must be false, so the program doesn't bother processing any of it.

    The empty catch block is common practice as well. Sometimes the compiler forces you to put something in a try block, even though you know your code won't actually produce an exception there. In other cases, such as this one, you want to try to do something, but failure is normal and acceptable, so there doesn't need to be any exception handling.

  23. Ch0pstick

    Detection tool and whitepaper

    Hello all, you can find a detection tool here http://bit.ly/YNFsP and whitepaper here http://bit.ly/IV0nr for the spyware.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021