UNITED ARAB EMIRATES: Government bugs BlackBerrys with spy program

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

When BlackBerry users in the United Arab Emirates were urged to download what they thought was a routine software upgrade, they had no idea that by doing so they were installing a surveillance program that gives the state-controlled service provider Etisalat unfettered access to their personal mobile devices.

After finding out, over half of Etisalat’s customers, many of whom conduct sensitive business on their BlackBerrys, say they intend to cancel their contracts immediately, according to a poll conducted by Arabian Business and published by local tech-news website itp.net, which has been following the story closely.

The spyware was traced to SS8, an American company specializing in what it calls ‘lawful interception.’

On Tuesday, the Canadian company that makes BlackBerry issued a statement denying any connection to the bugged application.

“Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry, but rather to send received messages back to a central server,” the statement read.

The UAE includes the boomtown city-state of Dubai, which has sought to attract major foreign companies with infrastructure and tax incentives, but continues to struggle with concerns over transparency and workers’ rights. The scandal could damage Dubai’s reputation as a secure and business-friendly corporate haven.

Investigations by local programmers have revealed that once installed, the application allows Etisalat to activate the spyware from its servers, granting the company access to e-mail, text messages and stored personal and contact information.

Ironically, it was Etistalat’s own blunder that led to the discovery of the alleged breach of privacy. So many people rushed to install the patch that the servers were overwhelmed, leading to unusual battery drain that aroused the curiosity of BlackBerry-toting techies.

“The interesting thing is that no one would have known about it if they’d set up the registration server correctly,” Nigel Gourlay, a Doha, Qatar-based programmer who analyzed the application, told itp.net.

“I think that this whole system has been designed for law enforcement agencies to be deployed on a few dozen suspects’ BlackBerry devices,” he added.

-- Meris Lutz in Beirut