A simple update (or so we thought) for Etisalat BlackBerry (NSDQ: RIMM) users over in the United Arab Emirates may not have been what it appeared to be. The update arrived on customers’ handsets via text message, and urged the install for ‘improved performance’. However, after install many BlackBerry users started experiencing crashes and reduced battery life. This urged some investigation into the issue by RIM… and here’s what they’ve found:

“Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone. Independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server.”

Not cool. Spying huh? Yep, not cool. What we know now is that the update installed an app developed by an American company called SS8 (check out their website…).

This all sounds fishy, and Etisalat has not commented directly on the issue as of yet. All they’ve noted thus far is problems users are experiencing are because of a ’small technical fault’… and that this update was ‘required for service enhancements’. Explain yourself Etisalat. Please.

[Via: BBC]

Forcing inmates to smuggle handsets like this would be a good deterrent.

Jamming cell phone signals in prison sounds like a good idea, on the surface. But, dig a little deeper, and you’ll quickly realize that the government-mandated wireless jamming bill is full of pit-falls and dangerous loopholes. The plan to jam cellular signals in prisons is so controversial that public interest groups have taken action with protests against the wireless signal jamming bill.

It’s true that cellphones pose a major problem for prisons. Inmates can use easily-smuggled (sometimes quite creatively) and even more easily-hidden mobile phones to communicate with the “outside.” With nothing more than a basic cell phone, convicted criminals can order “hits,” manage drug dealings and even threaten US Senators. That last part is no joke. A convicted murderer used a cellphone to call Texas state Senator John Whitmire with complaints of his poor treatment on Death Row.

The problem has gotten bad enough to prompt Texas Senator Kay Bailey Hutchinson to introduce a new bill that would legalize the use of cellphone jammers in prisons (this technology has been otherwise banned by the FCC for its potential danger to public safety) – the Safe Prisons Communication Act of 2009.

Public interest groups have come out against the bill, warning the Senate Commerce Committee that the jamming bill would result in collateral damage to legitimate cellphone users. Instead, the CTIA suggested that prisons could use cell-signal detection systems to help correctional facilities track down offending cellphones. The signal-trackers can pinpoint the location of an unauthorized cell signal, allowing authorities to confiscate the device or monitor communications to and from that cellphone for investigative purposes.

The bill could have long-lasting ramifications that may prove detrimental to public safety and civil rights. If anything, the government’s threat of cellphone jamming legislation has spurred the private sector into action. As Slate puts it,” Is industry better than government at coming up with creative, pinpoint solutions? Yes. Will industry do this without the threat of clumsy, burdensome government intervention? No.”

[Via: Slate]

HTC Touch Diamond, Touch Pro and Touch HD users worried that their Windows Mobile smartphones are open to Bluetooth hacking can now rest easy. HTC has posted a Bluetooth patch that promises to close a security hole that allows nefarious Blue-hackers to gain access to your HTC WinMo handset’s file-system. Once hackers have access to your phone, they can basically do whatever they want without your permission.

Grab the HTC Bluetooth patch here. We recommend all HTC Touch Diamond, HTC Touch Pro and HTC Touch HD users get this patch. Oh, and one more thing, the Bluetooth patch isn’t going to replace common sense.

First off, don’t ever accept Bluetooth connections from untrusted or unknown sources. Especially if you own a Windows Mobile 6.0 or 6.1 smartphone from HTC. As long as you keep an eye on your Bluetooth connection, you’ll be fine. Otherwise, you might end up getting your WinMo-powered HTC device hacked via Bluetooth.

The problem: HTC uses the same hack-able Bluetooth driver in many of its Windows Mobile handsets, including the Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740. This “obexfile.dll” driver is an HTC-specific driver that is vulnerable to “a directory traversal vulnerability in the Bluetooth OBEX FTP Service,” according to security boffin Alberto Moreno Tablado. HTC WinMo devices with Bluetooth and Bluetooth file-sharing enabled are at risk.

What can you do to prevent this from ever happening? Well, like I mentioned above – DO NOT accept untrusted Bluetooth connection. Disable file-sharing over Bluetooth for that extra layer of security. You’ll also want to delete your list of previously paired devices, as nefarious hackers can masquerade as a trusted device in order to gain access to your phone.

It’s unclear if HTC will issue an updated Bluetooth driver.

[Via: PCWorld]

The flood of copyright infringing Chinese clones entering the mobile market has been a bane on major cellphone manufacturers around the world. To date, the Chinese government has been largely hands-off on their flourishing counterfeit mobile phone market. Authorities in India have taken a stab at banning fake Chinese handsets, and it seems Taiwan is also taking matters into their own hands. The Taiwanese National Communications Commission has kicked off a new initiative that will fine anyone trying to bring Chinese counterfeit phones into the country. Any resident of Taiwan risks a fine of up to 300,000 Taiwanese dollars (about $9,055) for bringing in five or more “shanzai phones,” as they’re known to locals, into the country. Taiwan will also levy the fine against anyone importing more than two “shanzai” cellphones through mail.

Fake phones aren’t just an annoyance to big corporations looking to protect their trademarks. These counterfeit phones lack any of the tracking identification numbers that helps keep cellphones out of terrorist hands. “Shanzai” phones can’t be tracked and can’t be monitored, so they pose a serious security risk.

Taiwan’s stance on fake Chinese phones might not be as drastic as India’s, but it’s a step in the right direction. With a little luck, we’ll see more and more countries helping the cause and curtailing sales of Chinese counterfeit phones.

[Via: UnwiredView]

Subscribe to Saturday Morning Breakfast Cereal because he simply rocks:

Enjoy your day.

Aiko Solutions has recently released SecuBox 1.5, an advanced data encryption solution for Windows Mobile phones. The application provides transparent on-the-fly encryption of data stored in the smartphone memory and its media cards, protecting corporate and personal information in case the mobile devices get lost or stolen.

SecuBox is easy to use, and anyone can securely store their confidential documents, private files and images in a SecuBox container, protected by AES 256 bit encryption. The application then automatically locks data when user becomes inactive or when the phone goes into “sleep” mode…

SecuBox runs on Windows Mobile 5 and higher devices and is available for $39.95 for touch and non-touch enabled devices. A free 30 day trial version is also available.

Recently, some 1337 haxx0rz have purportedly broken into T-Mobile (NYSE: DT)’s internal systems and claimed “We have everything, their databases, confidental [sic] documents, scripts and programs from their servers, financial documents up to 2009,” and are offering the goods to the highest bidder. T-Mobile has officially acknowledged the breach, although they’re playing down the repercussions:

“To reaffirm, the protection of our customers’ information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers’ information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.”

Supposedly no competing carriers were biting at the hacker’s offer, but I could see a few rich and unscrupulous bloggers interested… Is anyone worried about the slip-up, or are you going to take T-Mobile’s word for it that nothing of dire importance made it out?

Update: We just got another statement from T-Mobile:

“Following a recent online posting that an alleged hacker apparently accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers’ information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible.”

[via CellPhoneSignal, pic]

Karaway Entertainment is proud to announce the multiple patent pending Gaming Stick® System. This complete electronic gaming system utilizes a USB flash drive device will give a gaming establishment the ability to offer electronic gambling on a casino floor or even at the customer’s home under certain conditions. The Karaway system is designed to allow players to play their choice of multiple games that are multi-denominational on any type of computer with a Windows operating system, special gaming terminal or PDA with a Windows operating system. There is also a special high security micro-mini Gaming Card under development that will be used for mobile gaming on cell phones. It is also part of the Karaway system and will be available in 2009.

Karaway will also start negotiations for movie content for the entertainment sticks upon completion of a test proto-type model (to be completed by 6/15/2009). There will be 4 formats of each movie that can be downloaded into Cards from a computer program or Kiosk. The user has the ability to purchase or rent movies. The user does not have to return to the Kiosk/computer if movies are rented (there is a timer built in to stop the card from playing rented movies after rental period expires.) Each card is individually registered to user and can have password protection.  The user can not copy, hack or accidentally delete content on Card. The Cards have a history section of viewers watching habits and will transfer this data each time viewer buys or rents. The system tracks every penny and can breakdown royalties to be paid. Kiosks can be on a route where operator loads new content each week from a special USB device or it can be connected to central terminal via internet. Skill games, video games, books, or Movies can be loaded into Cards.

FORMATS are Mobile for cell phones, MP4 for MP3 hand held devices, SWF for computers and Full definition for computer/TV. The Cards will be available from 4GB to 32 GB this year and 64 GB next year.

While RIM’s press briefing today at WES 2009 was boring for the most part, but there was this little thing that their security VP brought up that looked really cool. MicroSD cards with embedded Smart Card security have apparently been around at least two years, but it’s certainly new to me. Giesecke & Devrient have a card shown here that carries up to 2 GB of information, in addition to ensuring only the designated device can access the data on that card, as well as being used for key generation. RIM’s big on security, and I could see security-embedded microSD cards taking off with the particularly tight-lipped enterprises of the world. For a closer look at what Giesecke & Devrient’s cards can do, check out their product sheet.