In a rather bizarre piece of news coming out of the United Arab Emirates, BlackBerry users there discovered that they were being spied on by Etisalat, their telecom provider. The provider sent an update to its BlackBerry users, claiming that the update would improve performance. The update was in fact, a piece of software that spied on the users. The provider has rightly been the subject of quite a lot of negative press. This type of activity isn’t appropriate in the UAE or anywhere else. We’d expect this from a rogue criminal, but this is from an established telco and a RIM partner. What were they thinking? And lest we think “it couldn’t happen here,” the patch was actually written by an American company called SS8, which creates surveillance solutions.

According to RIM, the update that was sent out by Etisalat was designed to send received messages back to a central server. And if that’s not enough, instead of improving performance, actually worsened it, made reception poor, and drained the battery. The patch sent by Etisalat could have allowed the telco to receive and read all emails and text messages sent from the BlackBerries with the updates. The company’s not talking, except to issue a statement calling it a “technical fault.” But about half of the provider’s customers are planning to drop their service after hearing the news.

This piece of news should make smartphone users everywhere aware of the fact that it could happen to them, regardless of their telecom provider, and regardless of where they live. A smartphone is really quite a lot more than a phone–it is increasingly almost a fully functioning computer. It can be programmed to do nasty things–and it can most definitely become vulnerable to the same threats as a standard laptop or desktop computer. Standard security precautions should apply. It’s an evolving threat that hasn’t been fully taken advantage of yet, but give it time.

Smartphones have become part of the corporate landscape, and email admins must contend with remote email. There’s no avoiding it, and the productivity gains are just too big to veto them due to security concerns and administrative complexities.

The Apple iPhone may not be the most technologically superior smartphone, but it is the most trendy and cool-looking, and it’s what road warriors ask for. And with the latest iteration of the iPhone now out on the market, that demand is only going to increase. A Silicon.com survey recently asked IT chiefs if they have plans to offer the iPhone, and most responded that they are not. Two out of the 12 panel members said that they would agree to offer it.

When road warriors send and receive email from a smartphone, there are natural security concerns, regardless of which smartphone platform is being used. These include:

1. Is the smartphone secured against malware?
2. Is the user taking advantage of a secure connection (https) to the mail server when checking and sending email?
3. Is there authentication in place?
4. Are there any precautions against physical theft?

More rigorous authentication is needed for remote email, whether it’s from a smartphone or a notebook, simply because of the increased risk of theft. A desktop in the office may typically be configured so that email is automatically checked every 15 minutes, and typically, the user does not have to manually enter the email password to retrieve or send. With a smartphone though, there’s an obvious attraction to a thief, especially if it’s a trendy little goodie like the iPhone. And when they do steal it, if there is no manual password requirement, the thief can get into the owner’s email with no trouble at all.