Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything

[HeffeD]

The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone.

Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control.

But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.

Read more...

 

[HeffeD]

I don't have an Android phone, but this is pretty scary stuff.

I'm really surprised that this kind of thing gets so far before anyone realizes what is really happening.

 

[McLovin]

I have an Android HTC Wildfire. Very scary actually they could know anything.

 

[Deleted member 178]

Yep scary... they will read all my hot sms i sent and received from girls...im doomed !!!

 

[MetalShaun]

I want my 3310 back.

 

[McLovin]

Yep scary... they will read all my hot sms i sent and received from girls...im doomed !!!

We can't have that If they can read text messages, well I have to make sure that I watch what I say

 

[Jack]

There is this app. that supposedly can detect and remove Carrier IQ software , didn't check my phone yet so I don't know if it works..

Logging Test App v7 by TrevE

As for this rootkit, what can I say , we just aren't allowed to have any privacy on the internet .....

 

[Jack]

If you are running Android, there are notes here on how to tell if Carrier IQ is on your smart phone >> http://forum.xda-developers.com/showpost.php?p=11763089 , Also there is this :

Carrier IQ references discovered in Apple's iOS

To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5.


Read more >>

 

[jamescv7]

A big trouble for anyone using it like Android as they don't know that their privacy was voided without consent of the user.

 

[McLovin]

Android logs keystrokes, SMS messages?

Your Android-based smartphone could be watching just about everything you do, Android security researcher Trevor Eckhart argued in a video posted earlier this week.

Link: Read more.

 

[MrXidus]

RE: Android logs keystrokes, SMS messages?

Google "Carrier IQ lawsuit". Good news.

 

[win7holic]

RE: Android logs keystrokes, SMS messages?

I've heard it last November. thanks for reminder.

 

[WinAndLinuxTutorials]

If you are running Android, there are notes here on how to tell if Carrier IQ is on your smart phone >> http://forum.xda-developers.com/showpost.php?p=11763089

I checked that link, I found the following text: "During every boot, this service is launched - you can see it in Settings > Applications > Running Services as "IQAgent Service"."

I did the steps and didn't find the IQAgent Service, am I safe?

 

[Jack]

Should You Remove Carrier IQ From Your Phone?

There's been a lot of paranoia and FUD surrounding a small, IDC-award winning software company called Carrier IQ, ever since a young security researcher named Trevor Eckhart posted video footage showing how some popular phones use Carrier IQ to collect data on your phone.

Officially, as our sister site Geek.com noted in an excellent explainer piece, Carrier IQ makes software that lets customers track when, where, and how you're using your cell phone, all for the purpose of troubleshooting. As Carrier IQ vice president of marketing, Andrew Coward, told me a couple weeks ago, this diagnostic information makes troubleshooting calls go by a lot faster. The activity log sent from Carrier IQ to your cell phone company is pulled every time you call your operator to report a problem, like dropped calls or random outages.

Sounds innocent enough, but the lack of transparency over this firmware has infuriated many owners, so as requested by many readers, we've shown you how to detect and remove Carrier IQ from your device. But before you do, you should know how it will really affect your cell phone service.

Why You Shouldn't

Independent security researcher Dan Rosenberg has analyzed every bit of diagnostic information Carrier IQ collects, and why, and concluded that Carrier IQ actually performs some useful tasks.

"Based on my research, CarrierIQ implements a potentially valuable service designed to help improve user experience on cellular networks," he wrote in a blog post.

In his meticulous analysis of a Samsung Epic 4G on Sprint, Rosenberg found no malicious, privacy-violating use of Carrier IQ software; it cannot record text messages, keystrokes, phone calls, Web page contents or emails, he said.

However he acknowledged that the software could be altered in the future to "perform nefarious actions."

Similarly Alexandru Balan, a senior product manager at BitDefender, said, "if the application is only used to improve the user experience, it's entirely anonymous and no sensitive information is used to track individuals, you could say that the Carrier IQ user base serves a common good and helps breed improvements."

Neither Sprint, T-Mobile, or AT&T were available to comment at press time, but all have denied privacy violations in their use of Carrier IQ.

An internal document leaked to T-Mo News (good timing, huh?) said T-Mobile uses Carrier IQ for three purposes: to diagnose battery performance anxiety, dropped calls, and application failures.

Read more >>

 

[HeffeD]

Google wants nothing to do with Carrier IQ.

Google's Schmidt calls Carrier IQ software a keylogger - Computerworld

 

[Jack]

Google wants nothing to do with Carrier IQ.

Google's Schmidt calls Carrier IQ software a keylogger - Computerworld

[.............]
We discussed this issue with Trend Micro Researcher Rik Ferguson, and he said that much of the content in Eckhart’s video was created in a verbose debugging mode and does not accurately represent how Carrier IQ has been deployed in the wild. According to the manufacturer, Carrier IQ does log keystrokes in SMS, but only to recognize keystroke sequences that act as local commands to Carrier IQ; for example “upload diagnostics now” while you’re on the phone to technical support. It also monitors incoming SMS, again for messages from the carrier which act as commands for Carrier IQ.

The manufacturer has stated that the app has been designed to discard all non-relevant material before it is even processed by the local app, let alone uploaded to the carrier and does not represent a significant risk to privacy.”

The reaction towards the issue shows how unaware people are of how dependent the functionality of a phone is on its carrier. It seems that people have forgotten that every text message, every call, and every Internet search they make involves the passing of their information to different entities – a routine that is all a part of its execution.
Read more >>

I think the main issue here is the fact that this 'Carrier IQ' was secretly installed without first asking for user consent ... I do believe that the risk is greatly exaggerated right now but still they could have just checked with us before doing any type of monitoring ....

 

[Prorootect]

.
Quote: '..but still they could have just checked with us before doing any type of monitoring ....' :biggrin:

This mean, they must ask permission to the various lawbreakers, criminals, for example? ..
But how the Carrier IQ software could harm me?
I have nothing to hide, because I am not a criminal and so on. I think rightly, it is very good against all the criminals.

But I would agree with this statement: 'I do believe that the risk is greatly exaggerated right now..'

EDIT: Remove possible offended thoughts . But I laughed, that's all ..

 

[HeffeD]

A recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents - but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.

Read more here: FBI: Carrier IQ files used for "law enforcement purposes"

 

[HeffeD]

Some Facts About Carrier IQ

There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States. Subjects of outright disagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself.

Read more here: Some Facts About Carrier IQ | Electronic Frontier Foundation