Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility. But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question. The patch, which was sent …
Can the users just replace the Registration.jar file with a harmless one? Or is the system robust against such things?
I wonder if President Obama has had any upgrades to his Blackberry recently?
You think he was using Etisalat?
Surely they can capture data from a central intercept location like the Peoples Republic of America.
Pushing this down to the client seems clunky.
Truth - Arab?
<<Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility. (etc.)>>
Friend of mine once told me that in some Arabic countries, truth is regarded as a Variable, not a Constant.
He was an Arab, so should I believe him?
Icon, 'cos he wouldn't.
> Registration.jar includes a complete SMTP client: ideal for avoiding any interaction with the RIM servers over in Canada.
Do all BlackBerries use RIM's SMTP server in Canada then? Don't Etisalat customers use Etisalat SMTP servers?
Any email is encrypted by the device and doesn't get decrypted until it hits the BES -- this could be located in Jamaica if you fealt like it -- it is then sent to its destination address in the usual way.
Much easier to just get a copy of the original message sent to you.
Um no. Not if they are using encrypting . That's why India had a shit fit over the crack berry
Hmm 145,000 - 300 = 105,000?
Not only are handset infected, but calculators too, apparently.
to Eduard Coli
you obviously don't know how BB server works, if you would then you would know that they cannot tap between BB server and device and get the emails cause it's encrypted traffic
"Surely they can capture data from a central intercept location like the Peoples Republic of America.
Pushing this down to the client seems clunky."
Parties with access to update handsets are almost certainly not the same as those with access to infrastructure. This all suggests the snooping is being done by whoever is paying someone working for the software supplier without adequate quality assurance in respect of code review. Or maybe the entire software supplier was collared, but that sounds less likely than a rogue developer, given the supplier of this will get less work in the telecoms sector as a consequence of poor QA, unless the work is from other snoopers and badguys.
The local telco doesn't need to push software down to the client to snoop on their own customers' conversations, and has every reason not to provide evidence of snooping in respect of software pushed down to the client. If whoever arranged this snooping had the ability to tap into the local network infrastructure that would have been the preferred approach. This all implies that for the snooping party, compromising the handsets was the more feasible approach. I really can't imagine many engineers working on mobile telephony infrastructure in the UAE or in many other places for that matter having time to read the source code of handset firmware updates - these probably mostly come from the handset manufacturers or specialist software firms contracting to the handset manufacturers.
"which is clearly related to roaming between 2G and 3G networks"
In this case a little knowledge is clearly a dangerous thing.
<dislaimer> not pretending to be a programer of any description - or even clever </disclaimer>
I understand a little of the code there (the boolean bits) but for the hard of thinking like me, could you explain how this is "clearly" related to cell roaming?
Genuine in ignorance,
Why on earth would an operator need to intercept SMS messages at the phone, they operate the messaging centre, so surely if they wanted a copy of messages they can pick them all up here, and nobody would be any the wiser!?
Same goes for emails, they operate the data carrier the phones receiving and sending emails via, just listen for those conversations on port 110 and port 25.
And a F+++ing good job too
Unless of course you want A-rab terroists running wild again, my betting is that there is a major Americaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaan influence behind this, and for once, I actually agree.
Money is on the CIA.
Good ad for blackberry
So this pretty much demonstrates that Blackberry's encryption is good and that they don't allow random 3rd party phone-tappers into their servers.
If the government doesn't need your help in spying on you - then you have to worry!
Clearly# - Not you - it's sarcasm...
It's not you it's merely a suitably sarcastic critique of the posted code. It has NOTHING to do with 2G/3G switchover, and everything to do with intercepting messages....
What, if anything, does this line mean?
"But its claim that appear fall down at the slightest scrutiny"
President Obama no longer uses a Blackberry. As a top government official, he is required to use a NSA approved secure device, probably the Sectera Edge. Functionally similar to the Blackberry, far more secure.
Is this code a joke?
Surely line 10 would throw an exception if subject is null since all the terms in the if are evaluated at the same time. And why is there an empty catch block and an if statement with nothing after it. Or is this just what happens when you decompile stuff you get inaccuracies?
re. And a F+++ing good job too #
So why is spying on the mainly innocent citizens of the USA a bad thing, but spying on the mainly innocent citizens of an Arab nation a good thing?
This kind of double-standards thinking is why Western nations are not trusted in the middle east; until we start to treat people as equals, with equal rights, we will get nowhere.
What would world opinion be if the UK decided to monitor the communications of every Irish Catholic; just in case they might be a terrorist? Pretty dim I would hope.
Blanket surveillance should be universally condemned.
While I agree with your point about SMS messages not all email sent to and from BlackBerry devices in the UAE will hit the internet in the UAE in unencrypted form. As I mentioned in my previous post your BES can be located in any country you like.
I think those suggesting criminal or US involvement in this forget that in the UAE "All Your Information Is Belong To The Ruler!" -- the country owns all it's citizens and infrastructure and the law is what they say it is when they say it is. Unlike our government they don't even pretend you have privacy out there.
No, that's normal Java code and works perfectly well. Java, like C, uses 'short-circuit' boolean evaluation; expressions are read from left to right, and evaluation stops as soon as the result can be determined. In this case, if subject is null, the first expression is false, so it doesn't matter what's on the right side of the && - the final result must be false, so the program doesn't bother processing any of it.
The empty catch block is common practice as well. Sometimes the compiler forces you to put something in a try block, even though you know your code won't actually produce an exception there. In other cases, such as this one, you want to try to do something, but failure is normal and acceptable, so there doesn't need to be any exception handling.
Detection tool and whitepaper
Hello all, you can find a detection tool here http://bit.ly/YNFsP and whitepaper here http://bit.ly/IV0nr for the spyware.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Shivering boffins nail Earth's coldest spot