So...
Can the users just replace the Registration.jar file with a harmless one? Or is the system robust against such things?
Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility. But its claim that appear fall down at the slightest scrutiny - or at least with a glance at the code in question. The patch, which was …
<<Etisalat, the United Arab Emirates operator who recently pushed snooping software to its BlackBerry-using customers, has explained that it's all in the interests of network compatibility. (etc.)>>
Friend of mine once told me that in some Arabic countries, truth is regarded as a Variable, not a Constant.
He was an Arab, so should I believe him?
Icon, 'cos he wouldn't.
"Surely they can capture data from a central intercept location like the Peoples Republic of America.
Pushing this down to the client seems clunky."
Parties with access to update handsets are almost certainly not the same as those with access to infrastructure. This all suggests the snooping is being done by whoever is paying someone working for the software supplier without adequate quality assurance in respect of code review. Or maybe the entire software supplier was collared, but that sounds less likely than a rogue developer, given the supplier of this will get less work in the telecoms sector as a consequence of poor QA, unless the work is from other snoopers and badguys.
The local telco doesn't need to push software down to the client to snoop on their own customers' conversations, and has every reason not to provide evidence of snooping in respect of software pushed down to the client. If whoever arranged this snooping had the ability to tap into the local network infrastructure that would have been the preferred approach. This all implies that for the snooping party, compromising the handsets was the more feasible approach. I really can't imagine many engineers working on mobile telephony infrastructure in the UAE or in many other places for that matter having time to read the source code of handset firmware updates - these probably mostly come from the handset manufacturers or specialist software firms contracting to the handset manufacturers.
"which is clearly related to roaming between 2G and 3G networks"
In this case a little knowledge is clearly a dangerous thing.
<dislaimer> not pretending to be a programer of any description - or even clever </disclaimer>
I understand a little of the code there (the boolean bits) but for the hard of thinking like me, could you explain how this is "clearly" related to cell roaming?
Genuine in ignorance,
A.
Why on earth would an operator need to intercept SMS messages at the phone, they operate the messaging centre, so surely if they wanted a copy of messages they can pick them all up here, and nobody would be any the wiser!?
Same goes for emails, they operate the data carrier the phones receiving and sending emails via, just listen for those conversations on port 110 and port 25.
Is this code a joke?
Surely line 10 would throw an exception if subject is null since all the terms in the if are evaluated at the same time. And why is there an empty catch block and an if statement with nothing after it. Or is this just what happens when you decompile stuff you get inaccuracies?
So why is spying on the mainly innocent citizens of the USA a bad thing, but spying on the mainly innocent citizens of an Arab nation a good thing?
This kind of double-standards thinking is why Western nations are not trusted in the middle east; until we start to treat people as equals, with equal rights, we will get nowhere.
What would world opinion be if the UK decided to monitor the communications of every Irish Catholic; just in case they might be a terrorist? Pretty dim I would hope.
Blanket surveillance should be universally condemned.
While I agree with your point about SMS messages not all email sent to and from BlackBerry devices in the UAE will hit the internet in the UAE in unencrypted form. As I mentioned in my previous post your BES can be located in any country you like.
I think those suggesting criminal or US involvement in this forget that in the UAE "All Your Information Is Belong To The Ruler!" -- the country owns all it's citizens and infrastructure and the law is what they say it is when they say it is. Unlike our government they don't even pretend you have privacy out there.
No, that's normal Java code and works perfectly well. Java, like C, uses 'short-circuit' boolean evaluation; expressions are read from left to right, and evaluation stops as soon as the result can be determined. In this case, if subject is null, the first expression is false, so it doesn't matter what's on the right side of the && - the final result must be false, so the program doesn't bother processing any of it.
The empty catch block is common practice as well. Sometimes the compiler forces you to put something in a try block, even though you know your code won't actually produce an exception there. In other cases, such as this one, you want to try to do something, but failure is normal and acceptable, so there doesn't need to be any exception handling.