Malware optimize

Carrier IQ snooping: Another good reason to root your phone

Get the basics on the Carrier IQ snooping software that has privacy-minded people up in arms and watch researcher Trevor Eckhart's video illustrating his findings.
[Update: While CNET's Declan McCullagh reports that Carrier IQ has been falsely accused of keylogging and that the private data being collected is not being transmitted to carriers by Carrier IQ, serious privacy issues still remain. Dan Rosenberg, the researcher McCullagh cites, doesn't let them off the hook entirely. Rosenberg notes in InfoWorld, "Carrier IQ does a lot of bad things. It's a potential risk to user privacy, and users should be given the ability to opt out of it." The issue remains that a lot of data is being stored on devices without user consent or the ability to opt out, leaving open the threat that the information could be compromised by unauthorized parties.]

When intrepid system administrator Trevor Eckhart released his disturbing findings about the Carrier IQ "analytics program," he touched off a real firestorm of questions and outrage about just how much we're being snooped on by carriers who use this software on mobile devices to collect data, ostensibly, data that provides performance feedback only, no doubt to improve our mobile "experience." However, Eckhart's research -- conducted using his own HTC device -- seemed very clearly to illustrate that Carrier IQ is providing much more.

Eckhart found evidence that the software was recording keystrokes and text messages of users and transmitting that data to Carrier IQ servers. There is evidence of the program in Android and Blackberry devices and others have claimed that it is also on Apple devices. According to the Washington Post report:

"[Up] through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone," wrote security researcher Grant Paul on his blog. He said that the program appears to be controlled by the "Diagnositcs and Usage" setting on Apple devices, meaning that it appears users can disable the program on those phones. He wrote that he's "reasonably sure that it has no access" to text messages, browsing history or Web history.

Unsurprisingly, anyone who is concerned about basic privacy rights, is outraged. And then there are those pesky wiretap laws that may have been violated, as pointed out by Forbes.com. You know, when the U.S. Senate starts talking about anything technology related, there's bound to be trouble. Senator Al Franken is on the case:

Senator Al Franken, chairman of the Senate subcommittee on privacy, technology and law, sent a letter to Carrier IQ on Thursday asking the company to address a number of concerns that have arisen after security expert Trevor Eckhart revealed the software might allow wireless carriers to spy on customers. "I am very concerned by recent reports that your company's software - preinstalled on smartphones used by millions of Americans - is logging and may be transmitting extraordinarily sensitive information from consumers' phones," Senator Franken wrote in his letter.

But if you want to get a sense of the problem, straight from the horse's mouth, watch Trevor Eckhart's video explanation, which is up on Youtube:

Also see:

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

14 comments
kfields
kfields

We are sooo in trouble if that is what is standing between us and ... well most anything.

sqlerror
sqlerror

Can't we as millions of consumers be so polite to pay CarrierIQ a nice visit back, right at their front door?. Let's all simultaniously surf to Carrier-iq, call them or e-mail them with our smartphones. Milions of mobile users will generate more data than CarrierIQ can chew. Communicators in all countries Unite and call back!

Dr_Zinj
Dr_Zinj

I loved Star Trek and their communicators. Talk to anyone all over the world, and no relay stations, towers, or satellites needed. But you still needed Uhura to switch the call. I loved Star Trek: The Next Generation communicators. Tap it, tell it who you want to talk to, and bingo. But the darn things had locaters built in, and were possible to turn on remotely. And several episodes had conflicts with those faults built in. Did you ever notice that the only times people didn't immediately respond to a communicator hail was if they were dead, literally tied up, or had deliberately removed the device?

ThePrairiePrankster
ThePrairiePrankster

From this page on Carrier' site: http://carrieriq.com/overview/IQInsightExperienceManager/index.htm "With user experience increasingly viewed as the key differentiator between mobile providers, IQ Insight enables you to align your business improvements with the things customers truly value. Identify exactly how your customers interact with services and which ones they use. See which content they consume, even offline. Identify problems in service delivery, including the inability to connect to the service at all. This actionable intelligence enables you to focus on critical quality and customer satisfaction issues." I like the sentence : "See which content they consume, even offline."

wdewey@cityofsalem.net
wdewey@cityofsalem.net

I would like to see a packet sniff of the traffic across the wireless network to see if the data is actually going some where or if it is just being stored on the phone.

Gisabun
Gisabun

Many carriers and smartphone manufacturers have distanced themselves from this mess. Of those who said anything, Apple claimed that any Carrier IQ software will be removed ???completely??? in a ???future software update???. This, of course means that it is on iPhones. Of the carriers, Sprint confirmed it uses Carrier IQ but only to ???analyze our network performance.???

ian3880
ian3880

... that I stayed with my trusty Nokia 6120 with its Symbian OS. That means the owner is smart, not the phone! :-D Unless, of course, someone finds there's a CarrierIQ for S80, of course! :-(

ITGrouch
ITGrouch

CIQ can use all of the flowery, five dollar words they want...they are spying on users and I do wonder if this activity falls under the auspices of the federal wiretap laws. And for the carriers to make no offer for its customers to opt-out of this activity borders on being criminal. Now it is time to see what, if anything, the carriers do now that the cat is out of the bag.

rhonin
rhonin

Try reading an article, not an opinion. Then go to Carriers website. They admit they collect it and it can be identified to the specific device it came from.

ThePrairiePrankster
ThePrairiePrankster

Read the article you cited. It is an opinion, not a fact. It all depends on how the teclo configures the software. Until the telcos tell us how it is configured and how to turn it off, it is a security threat. Nice try.

rhonin
rhonin

In a follow up release by Carrier, they acknowledged they get the information but do not read the information. If you go to their website, they claim you can drill down and monitor to the specific device. Part of their marketing claims.