22 July 2009
The BlackBerry ‘snifferware’, which can intercept emails and drain battery life quickly, was pushed as an update to 145,000 BlackBerry users on the etisalat network. Over 300 of them immediately complained their smartphone had been rendered useless with the battery dying out on them in less than 60 minutes.
The etisalat update was sent to users on July 8 as a wide-area protocol (WAP) message. The Java file could intercept data and send a copy to a server without the user’s knowledge.
“Independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone,” said an eight-page customer update from RIM, BlackBerry’s parent company.
“RIM confirms that this software is not a patch and it is not a RIM authorised upgrade. RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application,” it said.
etisalat has not commented on RIM’s statement.
Last week, etisalat had said that the update was intended to facilitate the “handover between 2G and 3G networks”.
However, according to RIM “a third party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low-level radio communications protocols that would be involved in making such improvements to the communications between a BlackBerry smartphone and a carrier’s network.”
RIM said that such third party patches “cannot provide any enhancements to network services as there is no capability for third parties to…make such improvements to the communications between a BlackBerry smartphone and a carrier’s (etisalat’s) network.”
Joseph Hagin, vice-chairman of Ohio-based SMobile and former deputy chief of staff who introduced smartphones into the White House, told Khaleej Times, “We are entering the time period that everyone knew would come; when smartphones are becoming infected just as we’ve seen with personal computers.”
SMobile’s president, Neil Book, said the incident was another example of why all smartphones need to be protected with security software.
“We are now in an age where protecting identities and sensitive data is of paramount concern. Many enterprises and consumers can relate to and understand the need to protect their PC’s with security software,” he said. Daniel Hoffman, chief technology officer of SMobile, and author of the book “Blackjacking: Security Threats to Blackberry, PDAs, and Cell Phones in the Enterprise”, said that users needed to understand that smartphones were used for the same functions as PCs and “are vulnerable to the same threats and require the same types of security protection”.
“With various compliance mandates for publicly traded and healthcare-related companies, these organisations cannot seriously consider themselves compliant if they fail to take the necessary steps to protect their mobile devices,” he said.
“As this latest incident has shown, the need to have a trusted third-party security software provider to ensure the integrity of the devices has become very real.” As mobile devices like the BlackBerry become more widely adopted, ‘sniffer’ threats can lead to security and compliance issues.
“The evolution of smartphone usage is driving the need for management tools that enable IT to audit devices for third-party applications to prevent security breaches from these rogue applications,” Ahmed Datoo, vice-president of marketing at Zenprise, told Khaleej Times. “The widespread consumerisation and general adoption of smartphones in the workplace adds another layer of IT complexity. It’s important to remember that carrying a smartphone is similar to having a computer in your pocket. Therefore, these devices face the same security threats as a PC.
Along with network vulnerabilities that stem from malware embedded Websites and email attachments, applications are also at risk,” he added.
