We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Sun 26 Jul 2009 04:00 AM

Font Size

- Aa +

It’s time for Etisalat to explain spyware fiasco

"Reach out. The world's waiting," Etisalat implores visitors to its website. What it doesn't mention is that if you are using a Blackberry to "reach out" - which is lately the bizarre Americanism for communicating - your emails could well be sent on to a third party.

"Reach out. The world's waiting," Etisalat implores visitors to its website. What it doesn't mention is that if you are using a Blackberry to "reach out" - which is lately the bizarre Americanism for communicating - your emails could well be sent on to a third party.

At the end of June, Etisalat asked its customers using Blackberry devices to download a "network improvement patch." Many did. Shortly thereafter, their Blackberrys ceased to work. Investigating the malfunction, computer experts discovered that the patch did not improve network performance.

Rather, it was described as a highly sophisticated piece of spyware, the purpose of which was to circumvent state-of-the-art encryption and security systems in order to send private emails to a third party server.

Here's Dan Hoffman, the chief technical officer of SMobile, a company which produces popular anti-virus and security packages for Blackberries: "We did thorough analysis at our global threat centre. No doubt about it, it was intended to intercept people's emails and forward them on to someone else."

In fact, Canadian firm Research in Motion (RIM) which actually makes Blackberrys was so alarmed by Etisalat's claims that the patch was intended to enhance performance that it put out a strongly worded statement, distancing itself from the UAE's largest telecom company.

"It is not a RIM authorised upgrade. Independent sources have concluded that the Etisalat update is not designed to improve performance of your Blackberry, but rather to send received messages back to a central server... In this case, Etisalat appears to have distributed a telecommunications surveillance system," the statement said.

Etisalat had originally claimed that the patch was "required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas", but RIM would have none of it.

The RIM statement says flatly: "In general terms, a third-party patch cannot provide any enhancements to network services as there is no capability for third parties to develop or modify the low-level radio communications protocols that would be involved in making such improvements."

At the time of writing, no one from Etisalat was available for comment. In the absence of an explanation, it is natural for the UAE's residents to wonder how the company came to ask Blackberry users to download a piece of software that was not designed to improve the quality of the service they were subscribing to, but rather to enable a third party to have access to their private correspondence. Was it just human error?

The whole story brings to mind the concerns of Blackberry addict Barack Obama's security staff following his election. His advisors feared the device might be vulnerable to hacking, and without success tried to dissuade him from using it.

With each passing day that Etisalat remains silent on the issue, the dreams of conspiracy-theorists from Al-Ain to Ras al-Khor will become yet more fervent. Come on Etisalat - you're a huge and normally very eloquent communications company.  It's time you communicated with your customers. What was the purpose of the patch and why did you ask people to download it? Over to you.

Damian Reilly is the editor of Arabian Business English.

Arabian Business: why we're going behind a paywall

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.
DM 10 years ago

Well, my own sources tell me that this was done as per the regulatory mandates and sooner or later, the other competitor will have to do the same. It wasnt a inadvertent mistake.