Etisalat, one of the largest mobile carriers from the United Arab Emirates, shipped spyware to its BlackBerry customers by hiding it as an official update. The software was discovered, because it had significant battery drainage as an unexpected side-effect.

Last week, BlackBerry Etisalat subscribers received a "performance enhancement patch" via a WAP Push, an unusual delivery channel for such an update. The description told users that it was an "Etisalat network upgrade for Blackberry service" and instructed them to download it in order "to ensure continuous service quality."

One customer reports that he called the company's customer support line and received confirmation that it was an official update. However, after unpacking the Java archive (JAR) file called "registration," he noticed that the directory tree looked very suspicious, suggesting that the application was created by SS8, a developer of lawful communication interception software.

According to ITP, Nigel Gourlay, a certified Java programmer who analyzed the software, concluded that it was capable of intercepting all emails and text messages sent from the BlackBerry device it was installed on. Gourlay suspected that it had been designed for surveillance of specific individuals at the request of the authorities, but that it somehow got deployed en mass, possibly by mistake.

The programmer noted that this would also explain the battery drainage, which arose suspicions in the first place. Once installed, the program is supposed to contact a remote server, register and await for commands, such as "start." The likely scenario is that the high number of registration requests resulted in an effective denial of service attack against the server, which by design was unprepared to handle so many queries.

Without receiving a reply, the devices kept trying continuously to register, thus causing the battery to drain faster. "The interesting thing is that no one would have known about it if they’d set up the registration server correctly. The whole thing wouldn’t have been reported apart from the battery drain," Gourlay commented.

BlackBerry communications are notoriously hard to tap in at network level, because they are protected with at least one layer of encryption. This is one of the reasons for which the BlackBerry is the favorite handheld device of many security professionals, politicians, law enforcement officials, but also criminals.

In Canada, the home of the BlackBerry, the authorities are pushing for legislation that would force wireless operators to adapt their technologies in order to make such communications tappable. However, at the moment, the only solution is to trick suspects into installing programs such as this SS8 Interceptor on their device and capture their messages before being encrypted.

Update: The spyware deployed by Etisalat to its BlackBerry subscribers can be removed using both free and commercial solutions.