It’s time for Etisalat to explain spyware fiasco

"Reach out. The world's waiting," Etisalat implores visitors to its website. What it doesn't mention is that if you are using a Blackberry to "reach out" - which is lately the bizarre Americanism for communicating - your emails could well be sent on to a third party

Tags: BlackBerryEmirates Telecommunications CorporationPrivacyResearch In MotionUnited Arab Emirates
  • E-Mail
By  Damian Reilly Published  July 25, 2009

"Reach out. The world's waiting," Etisalat implores visitors to its website. What it doesn't mention is that if you are using a Blackberry to "reach out" - which is lately the bizarre Americanism for communicating - your emails could well be sent on to a third party.

At the end of June, Etisalat asked its customers using Blackberry devices to download a "network improvement patch." Many did. Shortly thereafter, their Blackberrys ceased to work. Investigating the malfunction, computer experts discovered that the patch did not improve network performance.

Rather, it was described as a highly sophisticated piece of spyware, the purpose of which was to circumvent state-of-the-art encryption and security systems in order to send private emails to a third party server.

Here's Dan Hoffman, the chief technical officer of SMobile, a company which produces popular anti-virus and security packages for Blackberries: "We did thorough analysis at our global threat centre. No doubt about it, it was intended to intercept people's emails and forward them on to someone else."

In fact, Canadian firm Research in Motion (RIM) which actually makes Blackberrys was so alarmed by Etisalat's claims that the patch was intended to enhance performance that it put out a strongly worded statement, distancing itself from the UAE's largest telecom company.

"It is not a RIM authorised upgrade. Independent sources have concluded that the Etisalat update is not designed to improve performance of your Blackberry, but rather to send received messages back to a central server... In this case, Etisalat appears to have distributed a telecommunications surveillance system," the statement said.

Etisalat had originally claimed that the patch was "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas", but RIM would have none of it.

The RIM statement says flatly: "In general terms, a third-party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low-level radio communications protocols that would be involved in making such improvements."

At the time of writing, no one from Etisalat was available for comment. In the absence of an explanation, it is natural for the UAE's residents to wonder how the company came to ask Blackberry users to download a piece of software that was not designed to improve the quality of the service they were subscribing to, but rather to enable a third party to have access to their private correspondence. Was it just human error?

The whole story brings to mind the concerns of Blackberry addict Barack Obama's security staff following his election. His advisors feared the device might be vulnerable to hacking, and without success tried to dissuade him from using it.

With each passing day that Etisalat remains silent on the issue, the dreams of conspiracy-theorists from Al-Ain to Ras al-Khor will become yet more fervent. Come on Etisalat - you're a huge and normally very eloquent communications company.  It's time you communicated with your customers. What was the purpose of the patch and why did you ask people to download it? Over to you.

Damian Reilly is the editor of Arabian Business English.

2954 days ago
DM

Well, my own sources tell me that this was done as per the regulatory mandates and sooner or later, the other competitor will have to do the same. It wasnt a inadvertent mistake.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code