BlackBerry users in the Mideast business centers of Dubai and Abu Dhabi who were directed by their service provider to upgrade their phones were actually installing spy software that could allow outsiders to peer inside, according to the device's maker. While many questions about the breach remain unanswered, including who ordered it sent and why, analysts say the disclosure highlights the security risks posed by increasingly popular smart phones like the BlackBerry. Research in Motion Ltd., the Canadian company that makes the mobile gadgets, said in a statement emailed Wednesday that it did not authorize the software installation and “was not involved in any way in the testing, promotion or distribution of this software application.” It is directing customers on how to remove the software. “Independent sources have concluded that it is possible that the installed software could ... enable unauthorized access to private or confidential information stored on the user's smart phone,” the company said in an eight-page statement strongly distancing itself from the decision to install the software. The Abu Dhabi-based mobile service provider Etisalat earlier sent text messages to BlackBerry customers in the country instructing them to follow a link to update their phones. Etisalat says it has more than 145,000 BlackBerry users in the UAE. Some customers who installed the new software said it quickly drained the device's batteries, prompting hundreds of complaints to Etisalat and sending users to Internet message boards looking for ways to fix the problem. In a statement issued following complaints last week, Etisalat described the software change as an “upgrade ... required for service enhancements.” It said the upgrades were required and linked to a handover to the 3G wireless technology standard. The BlackBerry maker dismissed that explanation. “RIM is not aware of any technical network concerns with the performance of BlackBerry smart phones on Etisalat's network in the UAE,” the company said, adding that it “does not endorse this software application.” Etisalat did not respond to requests for comment Wednesday. RIM said the application users unwittingly installed was a surveillance program developed by a privately held Silicon Valley company called SS8 Networks Inc. SS8 describes itself in a company brochure as “the leader in communications interception and a worldwide provider of regulatory compliant, electronic intercept and surveillance solutions.” It markets its services to intelligence agencies, law enforcement and communication service providers. It is not clear why Etisalat encouraged users to install the application or if any private information was compromised. Smith, the security and privacy consultant, said a data thief tapping into a smart phone in theory could turn on the microphone to listen in on a private conversation, provide a list of previous calls or send back the user's location.
