amenditman Posted December 10, 2011 Share Posted December 10, 2011 (edited) So, this is not new but I did not find it with a search. Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg. http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/ So now, after a few weeks, the politicians are all over this privacy violation. Public hearings and such, another waste of already thin resources. But that's another rant! The Android anti-virus services have released a bunch of tools to help detect if your phone has this application installed. Here's another The Reg article about that. http://www.theregister.co.uk/2011/12/08/ca...roid_detection/ The last 2 paragraphs are worth getting to, stick it out to the end. I use Lookout and they released a tool to detect it. I downloaded it and found that my AT&T Motorola Atrix 4G does not have this particular tracker installed. That does not mean that they aren't using something similar, some as yet undiscovered app which "helps" them to improve service by reporting my activities to them. Removal is another subject. If you have your phone rooted (also read as voided the warranty) you can remove it. If you are not rooted, you can ask your provider to remove it. Good luck with that! Download one of these tools and check your phone. Post here what your phone is, carrier, and whether you are infected or not. Be interesting to see who has been naughty. Edited December 10, 2011 by amenditman Quote Link to comment Share on other sites More sharing options...
zlim Posted December 10, 2011 Share Posted December 10, 2011 The link to Bruce Schneier is old because it links to Sony's rootkit fiasco. Here is a newer one on Carrier IQ http://www.schneier.com/blog/archives/2011...er_iq_spyw.html Program to help you check what sort of things your phone might be logging http://forum.xda-developers.com/showpost.p...p;postcount=110 and another article http://www.geek.com/articles/mobile/how-mu...yours-20111115/ (from link on Bruce Schneier's site). At times I am really glad we have two old dumb cellphones. Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 10, 2011 Share Posted December 10, 2011 A lot fo the news is extremely hyperbolic. Most of the writers know little about the topic they are writing about. http://vulnfactory.org/blog/2011/12/05/car...the-real-story/ Here's a guy who breaks it down. Adam Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 10, 2011 Share Posted December 10, 2011 So, this is not new but I did not find it with a search. Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg. http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/ The issue of not being notified about it is the big issue here. Carrier IQ does not record your text messages, emails, and every keystroke. Apple did use CIQ, but dropped it in iOS 5. They now have their own implementation of a diagnostic feature. When you set up a device on iOS 5, your are specifically asked if you want to send diagnostic info to Apple. You can turn it on or off at any time. You can view the information that will be sent to Apple: CLick to see a log. Apple did this right. So, in the end, I say this is much ado about nothing. Carrier IQ is not spying on you. The data is sent to the carriers, but it is there to measure the performance of the network. The issue of the carriers not notifying users is one that needs to be addressed, but I think the software itself is benign. Adam Quote Link to comment Share on other sites More sharing options...
amenditman Posted December 10, 2011 Author Share Posted December 10, 2011 The video embedded in the first link http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/ watch it all the way to the end. The Carrier IQ program is tracking sms, browser sessions, and keypresses even when there is no cellular radio enabled. Quote Link to comment Share on other sites More sharing options...
ross549 Posted December 10, 2011 Share Posted December 10, 2011 You are correct. It is watching events on the phone. No question there. However, it does very little in the way of *actual logging* of the data. http://blogs.cio.com/smartphones/16672/car...hill-out-people From the article: What's more, a number of security experts with no ties to Carrier IQ have come forward to debunk the scare stories. One of them is Dan Rosenberg, a well-known security expert who works for Virtual Security Research in the Boston area. He reverse-engineered the code on several Android phones, and saw no evidence of a threat. "Everyone is concerned that it is logging keystrokes. But the application is not doing that," he told me when I reached him at his office. But Rosenberg told me that Eckhart misunderstood what he saw. In fact, Carrier IQ only logs keystrokes that are part of a diagnostic sequence a help desk technician would ask a user to input. The keystrokes are transmitted to the application, but aren't recorded and even if they were, they contain no personal information, Rosenberg said. Does Carrier IQ code send some information back to the carriers? It does. But according to Rosenberg, the information has to do with diagnostics information carriers use to monitor and maintain their networks. For example, if your phone or its browser crashes, the software would probably tell the carrier where that happened (using GPs-type data) and what the device was doing that may have been related to the crash. It does not record, and is probably not even capable of recording, the body of a text message or an email. Adam Quote Link to comment Share on other sites More sharing options...
mac Posted December 11, 2011 Share Posted December 11, 2011 At times I am really glad we have two old dumb cellphones. I am also glad we have two old dumb cellphones. We also have a "home" phone VOIP line (no charge for unlimited long distance) service that's included with our triple play Uverse service. We switched both cellphones to a "Pay-as-you-go" plan about a year and a half ago. The family plan that we were on was costing us $50 or more a month, and we were only using about 100 minutes/mo of the 500 minute/mo plan. Plus whenever we traveled out of state, we would get charged a 79¢ per minute roaming charge. Since the switch, we're only spending about $20 a month between the two phones, and there's no roaming charges. Quote Link to comment Share on other sites More sharing options...
zlim Posted December 11, 2011 Share Posted December 11, 2011 Our cellphones cost us $5/month plus tax, each. I have accumulated over $120 on my phone because I rarely use it. My hubby's has over $60 accumulated. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted December 13, 2011 Share Posted December 13, 2011 And the latest news: An enterprising advocate for openness in government has filed a Freedom of Information Act (FOIA) request to the FBI for all information the agency uses related to Carrier IQ, the company under fire for monitoring user activity on smartphones—and his request was flatly denied. The FBI claims data gathered by Carrier IQ software is exempt from disclosure laws because it is located in an investigative file that was "compiled for law enforcement purposes" and "could reasonably be expected to interfere with enforcement proceedings.".......... http://arstechnica.com/tech-policy/news/20...ase-records.ars :thumbsdown: :thumbsdown: Thanks to Cyanogenmod (rom), I do not have CIQ on any of my devices. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted December 13, 2011 Share Posted December 13, 2011 wow. and wow again. our government (and that of most nations) has forgotten that they work for us. Unfortunately that happened long ago Quote Link to comment Share on other sites More sharing options...
mac Posted December 14, 2011 Share Posted December 14, 2011 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted December 14, 2011 Share Posted December 14, 2011 Ha, I love it Mac!! Great one Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.