While many questions about the breach remain unanswered, including who ordered it sent and why, analysts say the disclosure highlights the security risks posed by increasingly popular smart phones like the BlackBerry.

Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics, said smart phones are “the perfect personal spying devices” because as tiny computers they can be programmed to send back a broad range of information.

“This is an evolving threat. As the technology advances, the security problems follow behind,” he said.

Research in Motion Ltd., the Canadian company that makes the mobile gadgets, said in a statement emailed Wednesday that it did not authorize the software installation and “was not involved in any way in the testing, promotion or distribution of this software application.” It is directing customers on how to remove the software.

“Independent sources have concluded that it is possible that the installed software could … enable unauthorized access to private or confidential information stored on the users smart phone,” the company said in an eight-page statement strongly distancing itself from the decision to install the software.

The Abu Dhabi-based mobile service provider Etisalat, which is majority owned by the United Arab Emirates government, earlier sent text messages to BlackBerry customers in the country instructing them to follow a link to update their phones. Etisalat says it has more than 145,000 BlackBerry users in the UAE.

Some customers who installed the new software said it quickly drained the devices batteries, prompting hundreds of complaints to Etisalat and sending users to Internet message boards looking for ways to fix the problem.

In a statement issued following complaints last week, Etisalat described the software change as an “upgrade … required for service enhancements.” It said the upgrades were required and linked to a handover to the 3G wireless technology standard.

The BlackBerry maker dismissed that explanation.

“RIM is not aware of any technical network concerns with the performance of BlackBerry smart phones on Etisalats network in the UAE,” the company said, adding that it “does not endorse this software application.”

Etisalat did not respond to requests for comment Wednesday.

RIM said the application users unwittingly installed was a surveillance program developed by a privately held Silicon Valley company called SS8 Networks Inc.

A person who answered the phone at SS8s Middle East office in Dubai declined to comment and refused to provide a name. He said the companys regional head, Derek Roga, was out of the country. A spokesman at the companys headquarters in Milpitas, California, could not be reached.

It is not clear why Etisalat encouraged users to install the application or if any private information was compromised. The company, one of two major telecommunications providers in the UAE, regularly blocks hundreds of Web addresses – ranging from pornographic sites to the photo-sharing portal Flikr.com – in line with state censorship guidelines.

Etisalat operates phone networks in countries throughout the Middle East and Africa, but a Blackberry spokeswoman said the device maker believes the snooping software was sent only to the operators UAE customers.

Smith, the security and privacy consultant, said a data thief tapping into a smart phone in theory could turn on the microphone to listen in on a private conversation, provide a list of previous calls or send back the users location.

Bruce Schneier, an author and chief security technology officer at BT, the British telecommunications operator, said smart phones are “not inherently more secure.”

Source