Enjolt.com | Innovate for Success

Etisalat Network In The United Arab Emirates Spying On It’s BlackBerry Users

// July 5th, 2009 // 19 Comments // Personal

Etisalat Spying

An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.

Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.

These classes implement the various hooks:

• The Recv class implements net.rim.blackberry.api.mail.event.FolderListener and net.rim.blackberry.api.mail.event.StoreListener, allowing it to hook folder and message store updates. It’s installed using addFolderListener().
• The Send class implements net.rim.blackberry.api.mail.event.FolderListener and net.rim.blackberry.api.mail.SendListener, allowing it to hook folder updates and outbound messages. It’s not installed as a listener via addSendListener(), though it’s used explicitly to forward messages later on.
• The StatusChange class implements net.rim.device.api.system.RadioStatusListener and net.rim.device.api.system.GlobalEventListener, allowing it to hook radio events such as a change of network. It’s installed using addRadioListener() and addGlobalEventListener(), and all it really does is remove and re-register the Recv listener when certain network events occur.

More information @ http://www.veracode.com/blog/2009/07/blackberry-spyware-dissected/