14 replies to this topic

[amenditman]

So, this is not new but I did not find it with a search.

Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg.  http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/

So now, after a few weeks, the politicians are all over this privacy violation. Public hearings and such, another waste of already thin resources. But that's another rant!
The Android anti-virus services have released a bunch of tools to help detect if your phone has this application installed. Here's another The Reg article about that.  http://www.theregister.co.uk/2011/12/08/ca...roid_detection/  The last 2 paragraphs are worth getting to, stick it out to the end.

I use Lookout and they released a tool to detect it. I downloaded it and found that my AT&T Motorola Atrix 4G does not have this particular tracker installed. That does not mean that they aren't using something similar, some as yet undiscovered app which "helps" them to improve service by reporting my activities to them.

Removal is another subject. If you have your phone rooted (also read as voided the warranty) you can remove it. If you are not rooted, you can ask your provider to remove it. Good luck with that!

Download one of these tools and check your phone. Post here what your phone is, carrier, and whether you are infected or not. Be interesting to see who has been naughty.

Edited by amenditman, 10 December 2011 - 11:14 AM.

[zlim]

The link to Bruce Schneier is old because it links to Sony's rootkit fiasco. Here is a newer one on Carrier IQ
http://www.schneier.com/blog/archives/2011...er_iq_spyw.html

Program to help you check what sort of things your phone might be logging
http://forum.xda-developers.com/showpost.p...p;postcount=110

and another article
http://www.geek.com/articles/mobile/how-mu...yours-20111115/ (from link on Bruce Schneier's site).

At times I am really glad we have two old dumb cellphones.

[ross549]

A lot fo the news is extremely hyperbolic. Most of the writers know little about the topic they are writing about.

http://vulnfactory.org/blog/2011/12/05/car...the-real-story/

Here's a guy who breaks it down.



Adam

[ross549]

So, this is not new but I did not find it with a search.

Carrier IQ has been in the news for a few weeks. What it does is track almost everything you do with/on your smartphone, as well as location data, then it phones home to report on you. It is supposed to be for the phone provider to use to improve service, but it does so much more than is required for that. Another problem is that it is a BIG secret, you were never informed of it's presence or activities. Here's a short article about it's discovery from the Reg.  http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/

The issue of not being notified about it is the big issue here. Carrier IQ does not record your text messages, emails, and every keystroke.

Apple did use CIQ, but dropped it in iOS 5. They now have their own implementation of a diagnostic feature. When you set up a device on iOS 5, your are specifically asked if you want to send diagnostic info to Apple.

You can turn it on or off at any time.



You can view the information that will be sent to Apple:



CLick to see a log.

Apple did this right.

So, in the end, I say this is much ado about nothing. Carrier IQ is not spying on you. The data is sent to the carriers, but it is there to measure the performance of the network. The issue of the carriers not notifying users is one that needs to be addressed, but I think the software itself is benign.

Adam

[amenditman]

The video embedded in the first link
http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/
watch it all the way to the end.

The Carrier IQ program is tracking sms, browser sessions,  and keypresses even when there is no cellular radio enabled.

[ross549]

You are correct. It is watching events on the phone. No question there.

However, it does very little in the way of *actual logging* of the data.

http://blogs.cio.com/smartphones/16672/car...hill-out-people

From the article:

What's more, a number of security experts with no ties to Carrier IQ have come forward to debunk the scare stories. One of them is Dan Rosenberg, a well-known security expert who works for Virtual Security Research in the Boston area. He reverse-engineered the code on several Android phones, and saw no evidence of a threat. "Everyone is concerned that it is logging keystrokes. But the application is not doing that," he told me when I reached him at his office.

But Rosenberg told me that Eckhart misunderstood what he saw. In fact, Carrier IQ only logs keystrokes that are part of a diagnostic sequence a help desk technician would ask a user to input. The keystrokes are transmitted to the application, but aren't recorded and even if they were, they contain no personal information, Rosenberg said.

Does Carrier IQ code send some information back to the carriers? It does. But according to Rosenberg, the information has to do with diagnostics information carriers use to monitor and maintain their networks. For example, if your phone or its browser crashes, the software would probably tell the carrier where that happened (using GPs-type data) and what the device was doing that may have been related to the crash. It does not record, and is probably not even capable of recording, the body of a text message or an email.

Adam

[mac]

At times I am really glad we have two old dumb cellphones.

I am also glad we have two old dumb cellphones. We also have a "home" phone VOIP line (no charge for unlimited long distance) service that's included with our triple play Uverse service. We switched both cellphones to a "Pay-as-you-go" plan about a year and a half ago. The family plan that we were on was costing us $50 or more a month, and we were only using about 100 minutes/mo of the 500 minute/mo plan. Plus whenever we traveled out of state, we would get charged a 79¢ per minute roaming charge. Since the switch, we're only spending about $20 a month between the two phones, and there's no roaming charges.

[zlim]

Our cellphones cost us $5/month plus tax, each. I have accumulated over $120 on my phone because I rarely use it. My hubby's has over $60 accumulated.

[Temmu]

everything that does not log, will.
logging and collecting are the wave of today.

cell phones are the boon marketers and law enforcement alike needed,
both need to know where you are, for obvious reasons.

dr. eric fossom, pretty much the inventor of digital imaging as we know it today, also expressed fears of "his" technology being used to constantly spy on us.  here he is giving a speech on the history of electronic imaging at yale:  http://www.youtube.com/watch?v=JkBh71zZKrM
where after the history, he expresses his concerns.

[securitybreach]

And the latest news:

An enterprising advocate for openness in government has filed a Freedom of Information Act (FOIA) request to the FBI for all information the agency uses related to Carrier IQ, the company under fire for monitoring user activity on smartphones—and his request was flatly denied. The FBI claims data gathered by Carrier IQ software is exempt from disclosure laws because it is located in an investigative file that was "compiled for law enforcement purposes" and "could reasonably be expected to interfere with enforcement proceedings."..........

http://arstechnica.com/tech-policy/news/20...ase-records.ars

    

Thanks to Cyanogenmod (rom), I do not have CIQ on any of my devices.

[Temmu]

wow.  and wow again.

our government (and that of most nations) has forgotten that they work for us.  

[securitybreach]

wow.  and wow again.

our government (and that of most nations) has forgotten that they work for us.  

Unfortunately that happened long ago  

[mac]

[securitybreach]

Ha, I love it Mac!! Great one  

[Temmu]

lol!
i thot the punch line was going to be,
lol, they've been doing that with our pc and the internet for decades!