Threat Center Security News Malicious code embedded on BlackBerry update
Malicious code embedded on BlackBerry update Print E-mail
Written by Rebecca Mints   
Monday, 20 July 2009 01:24

Users of BlackBerry who are based in the United Arab Emirates have been warned that the latest software update distributed through the Etisalat network are brimming with malicious code that can remotely-trigger spyware.

The BlackBerry update had been distributed as a WAP Push message which turned out to contain an application that, if triggered, can intercept email and even shorten battery life. The attack was accidently discovered by a user who clicked on a Java file contained in the update labeled as "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality."

Users had been tricked to click on the update and eventually found their batteries drained while competing through network traffic to download the said update. The update is housed in a directory labeled as /com/ss8/interceptor/app, which points to UAE networking company SS8.

SS8 however denied sending the update but admitted that it has authored a similar application. Etisalat and RIM, another networking company, have not released a statement regarding the matter. The competing operators though have not come up with a solution and instead chose to keep the issue under their sleeves.

Security experts have found that the application cannot be easily removed and, ironically, one needs to download a utility provided by enterprising hackers, which can also be dangerous.

BlackBerry is renowned for its unique architecture that cannot be easily cracked and blocks off legally-authorized interception which may be unacceptable to some governments. Theories abound that the attack is another attempt to crack the BlackBerry architecture. Other theories point to competition among the operators in UAE who want to duplicate or explore the make up of BlackBerry.

 

WTW Threat Level