Jump to content


Carrier IQ


  • Please log in to reply
14 replies to this topic

#1 OFFLINE   amenditman

amenditman

    Posting Prodigy

  • Forum MVP
  • 2,467 posts

Posted 10 December 2011 - 11:10 AM

So, this is not new but I did not find it with a search.

Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg.  http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/

So now, after a few weeks, the politicians are all over this privacy violation. Public hearings and such, another waste of already thin resources. But that's another rant!
The Android anti-virus services have released a bunch of tools to help detect if your phone has this application installed. Here's another The Reg article about that.  http://www.theregister.co.uk/2011/12/08/ca...roid_detection/  The last 2 paragraphs are worth getting to, stick it out to the end.

I use Lookout and they released a tool to detect it. I downloaded it and found that my AT&T Motorola Atrix 4G does not have this particular tracker installed. That does not mean that they aren't using something similar, some as yet undiscovered app which "helps" them to improve service by reporting my activities to them.

Removal is another subject. If you have your phone rooted (also read as voided the warranty) you can remove it. If you are not rooted, you can ask your provider to remove it. Good luck with that!

Download one of these tools and check your phone. Post here what your phone is, carrier, and whether you are infected or not. Be interesting to see who has been naughty.

Edited by amenditman, 10 December 2011 - 11:14 AM.

Tweak it 'til it breaks, then learn how to fix it.

L.I.F.E. (Linux Is For Everyone)

Registered Linux User # 474004 (06/16/2008)


REGLUE

Recycled Electronics and Gnu/Linux Used for Education

Reglue, in a nutshell, gives free Linux computers to under privileged children and their families.

www.reglue.org


#2 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 6,414 posts

Posted 10 December 2011 - 01:22 PM

The link to Bruce Schneier is old because it links to Sony's rootkit fiasco. Here is a newer one on Carrier IQ
http://www.schneier.com/blog/archives/2011...er_iq_spyw.html

Program to help you check what sort of things your phone might be logging
http://forum.xda-developers.com/showpost.p...p;postcount=110

and another article
http://www.geek.com/articles/mobile/how-mu...yours-20111115/ (from link on Bruce Schneier's site).

At times I am really glad we have two old dumb cellphones.



Liz
Registered Linux User # 401459
Posted Image

#3 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 10 December 2011 - 01:46 PM

A lot fo the news is extremely hyperbolic. Most of the writers know little about the topic they are writing about.

http://vulnfactory.org/blog/2011/12/05/car...the-real-story/

Here's a guy who breaks it down.

wink.gif

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#4 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 10 December 2011 - 02:01 PM

QUOTE (amenditman @ Dec 10 2011, 10:10 AM) <{POST_SNAPBACK}>
So, this is not new but I did not find it with a search.

Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg.  http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/


The issue of not being notified about it is the big issue here. Carrier IQ does not record your text messages, emails, and every keystroke.

Apple did use CIQ, but dropped it in iOS 5. They now have their own implementation of a diagnostic feature. When you set up a device on iOS 5, your are specifically asked if you want to send diagnostic info to Apple.

You can turn it on or off at any time.



You can view the information that will be sent to Apple:



CLick to see a log.

Apple did this right.

So, in the end, I say this is much ado about nothing. Carrier IQ is not spying on you. The data is sent to the carriers, but it is there to measure the performance of the network. The issue of the carriers not notifying users is one that needs to be addressed, but I think the software itself is benign.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#5 OFFLINE   amenditman

amenditman

    Posting Prodigy

  • Forum MVP
  • 2,467 posts

Posted 10 December 2011 - 04:20 PM

The video embedded in the first link
http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/
watch it all the way to the end.

The Carrier IQ program is tracking sms, browser sessions,  and keypresses even when there is no cellular radio enabled.

Tweak it 'til it breaks, then learn how to fix it.

L.I.F.E. (Linux Is For Everyone)

Registered Linux User # 474004 (06/16/2008)


REGLUE

Recycled Electronics and Gnu/Linux Used for Education

Reglue, in a nutshell, gives free Linux computers to under privileged children and their families.

www.reglue.org


#6 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 10 December 2011 - 07:32 PM

You are correct. It is watching events on the phone. No question there.

However, it does very little in the way of *actual logging* of the data.

http://blogs.cio.com/smartphones/16672/car...hill-out-people

From the article:

QUOTE
What's more, a number of security experts with no ties to Carrier IQ have come forward to debunk the scare stories. One of them is Dan Rosenberg, a well-known security expert who works for Virtual Security Research in the Boston area. He reverse-engineered the code on several Android phones, and saw no evidence of a threat. "Everyone is concerned that it is logging keystrokes. But the application is not doing that," he told me when I reached him at his office.


QUOTE
But Rosenberg told me that Eckhart misunderstood what he saw. In fact, Carrier IQ only logs keystrokes that are part of a diagnostic sequence a help desk technician would ask a user to input. The keystrokes are transmitted to the application, but aren't recorded and even if they were, they contain no personal information, Rosenberg said.

Does Carrier IQ code send some information back to the carriers? It does. But according to Rosenberg, the information has to do with diagnostics information carriers use to monitor and maintain their networks. For example, if your phone or its browser crashes, the software would probably tell the carrier where that happened (using GPs-type data) and what the device was doing that may have been related to the crash. It does not record, and is probably not even capable of recording, the body of a text message or an email.


wink.gif

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#7 OFFLINE   mac

mac

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 552 posts

Posted 11 December 2011 - 11:49 AM

QUOTE (zlim @ Dec 10 2011, 11:22 AM) <{POST_SNAPBACK}>
At times I am really glad we have two old dumb cellphones.


I am also glad we have two old dumb cellphones. We also have a "home" phone VOIP line (no charge for unlimited long distance) service that's included with our triple play Uverse service. We switched both cellphones to a "Pay-as-you-go" plan about a year and a half ago. The family plan that we were on was costing us $50 or more a month, and we were only using about 100 minutes/mo of the 500 minute/mo plan. Plus whenever we traveled out of state, we would get charged a 79¢ per minute roaming charge. Since the switch, we're only spending about $20 a month between the two phones, and there's no roaming charges.
Mac
"Long ago, when men cursed and beat the ground with sticks,
it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

#8 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 6,414 posts

Posted 11 December 2011 - 03:06 PM

Our cellphones cost us $5/month plus tax, each. I have accumulated over $120 on my phone because I rarely use it. My hubby's has over $60 accumulated.
Liz
Registered Linux User # 401459
Posted Image

#9 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,867 posts

Posted 12 December 2011 - 12:15 AM

everything that does not log, will.
logging and collecting are the wave of today.

cell phones are the boon marketers and law enforcement alike needed,
both need to know where you are, for obvious reasons.

dr. eric fossom, pretty much the inventor of digital imaging as we know it today, also expressed fears of "his" technology being used to constantly spy on us.  here he is giving a speech on the history of electronic imaging at yale:  http://www.youtube.com/watch?v=JkBh71zZKrM
where after the history, he expresses his concerns.
Posted Image

#10 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 16,012 posts

Posted 13 December 2011 - 01:58 PM

And the latest news:
QUOTE
An enterprising advocate for openness in government has filed a Freedom of Information Act (FOIA) request to the FBI for all information the agency uses related to Carrier IQ, the company under fire for monitoring user activity on smartphones—and his request was flatly denied. The FBI claims data gathered by Carrier IQ software is exempt from disclosure laws because it is located in an investigative file that was "compiled for law enforcement purposes" and "could reasonably be expected to interfere with enforcement proceedings."..........

http://arstechnica.com/tech-policy/news/20...ase-records.ars

thumbdown.gif thumbdown.gif thumbdown.gif thumbdown.gif    

Thanks to Cyanogenmod (rom), I do not have CIQ on any of my devices.
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#11 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,867 posts

Posted 13 December 2011 - 02:14 PM

wow.  and wow again.

our government (and that of most nations) has forgotten that they work for us.  icon8.gif
Posted Image

#12 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 16,012 posts

Posted 13 December 2011 - 02:24 PM

QUOTE (Temmu @ Dec 13 2011, 12:14 PM) <{POST_SNAPBACK}>
wow.  and wow again.

our government (and that of most nations) has forgotten that they work for us.  icon8.gif

Unfortunately that happened long ago  whistling.gif
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#13 OFFLINE   mac

mac

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 552 posts

Posted 14 December 2011 - 11:34 AM


Mac
"Long ago, when men cursed and beat the ground with sticks,
it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

#14 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 16,012 posts

Posted 14 December 2011 - 12:12 PM

Ha, I love it Mac!! Great one  hysterical.gif
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#15 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,867 posts

Posted 09 January 2012 - 01:55 AM

lol!
i thot the punch line was going to be,
lol, they've been doing that with our pc and the internet for decades!
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users