A security researcher has posted a video detailing hidden software installed on smart phones that logs numerous details about users' activities.
In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software – known as Carrier IQ – logs every text message, Google search and phone number typed on a wide variety of smart phones - including HTC, Blackberry, Nokia* and others - and reports them to the mobile phone carrier.
The application, which is labeled on Eckhart’s HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "HTTPS," Eckhart said.
The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video.
"Why is this not opt-in and why is it so hard to fully remove?" Eckhart wrote at the end of the video.
In a post about Carrier IQ on his website, Eckhart called the software a "rootkit," a security term for software that runs in the background without a user's knowledge and is commonly used in malicious software.
Eckhart's video is the latest in a series of attacks between him and the company. Earlier this month, Carrier IQ sent a cease and desist letter to Eckhart claiming he violated copyright law by publishing Carrier IQ training manuals online. But after the Electronic Frontier Foundation, a digital rights group, came to Eckhart’s defense, the company backed off its legal threats.
The Electronic Frontier Foundation said the software that Eckhart has publicized "raises substantial privacy concerns" about software that "many consumers don’t know about."
Carrier IQ could not immediately be reached for comment. But the company told Wired.com that its software is used for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
On its website, Carrier IQ, founded in 2005, describes itself as "the world's leading provider of Mobile Service Intelligence solutions."
*A Nokia spokeswoman said CarrierIQ does not ship products for any Nokia devices.
UPDATE 1: Grant Paul, a well-known iPhone hacker who goes by the screenname "chpwn", wrote on his blog that Apple has included Carrier IQ on the iPhone, but the software's default is disabled.
UPDATE 2: Want to find out if your phone is secretly tracking you? Check out our comprehensive list of the devices and carriers known to use Carrier IQ.
UPDATE 3: Senator Al Franken, concerned that Carrier IQ's software may violate federal law, sent a letter to the company requesting an explanation of the software's purpose. (Click here to read more.)
UPDATE 4: Carrier IQ has come forward with a statement regarding its "tracking" software. Many mobile carriers and device manufacturers have also responded to the controversy with statements of their own.http://www.huffingtonpost.com/2011/11/30/carrier-iq-trevor-eckhart_n_1120727.html?ref=mostpopular
Watch video of Eckhart explaining his findings:
Carrier IQ On iPhone, Android, BlackBerry, Windows Phone: Which Devices Have Controversial 'Tracking' Software?
You might have heard about Carrier IQ, software that comes pre-installed on millions of smartphones that has the capability to record and store your keystrokes, the text messages you send and receive, the Internet websites you visit and more. If you own a smartphone -- a BlackBerry, an iPhone, an Android, a Windows Phone, whatever -- you are probably wondering whether or not Carrier IQ is on your smartphone, and if it is, how you can remove it.
Here is a rundown of everything we know about Carrier IQ, OS by OS. For a full background on Carrier IQ, what it does and why it has so many people nervous, read my colleague Gerry Smith's thorough piece from earlier.
ANDROID
The furor over Carrier IQ started with the discovery of the nosy software on Android smartphones and is only getting noisier (Senator Al Franken recently asked Carrier IQ for an explanation of its practices).
Unless you have a rooted Android device, you won't be able to see if your phone is running Carrier IQ. But here's what we know:
- No Nexus smartphones (the Google Nexus One, the Nexus S and the Galaxy Nexus) have Carrier IQ software, according to a source who spoke with The Verge. That source also claimed that no Motorola Xoom tablets have Carrier IQ.
- Verizon, the largest mobile carrier in the United States, told GigaOM in an email that it did not install Carrier IQ on any of its smartphones.
- Sprint has issued a statement to The Verge. They do use Carrier IQ -- from their statement:
Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint.- AT&T and T-Mobile have not yet issued statements.
- The Kindle Fire tested negative for Carrier IQ, per Gizmodo.
- On Android phones, developer Trevor Eckhart has written an app that can detect and possibly remove Carrier IQ; however, your Android phone has to be "rooted," a step that the non-tech-savvy probably should not take. Better to wait for Carrier IQ and the carriers to resolve this mess than to risk bricking your phone, voiding the warranty or opening yourself up to malware.
WINDOWS PHONE
- 9to5Mac reports that Windows Phone appears to be totally free of Carrier IQ.
BLACKBERRY
Research in Motion told Business Insider that its phones do not have Carrier IQ preinstalled, nor does it authorize its carriers to do so. This does not mean, however, that carriers have not installed Carrier IQ without authorization.
The full statement:
RIM is aware of a recent claim by a security researcher that an application called “CarrierIQ” is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.IPHONE
Noted iOS hacker chpwn found traces of Carrier IQ in iPhones running iOS 3.1.1 and up -- all the way up to iOS 5. However, it appears that the verison of Carrier IQ installed was tracking much less information than it was on Android phones.
From chpwn's blog:
Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian, BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off “Diagnostics and Usage” in Settings appears to be enough.chpwn continues thus, adding more reassurances for concerned iDevice users:
I am reasonably sure [Carrier IQ on the iPhone] has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.Still worried? To disable Carrier IQ on the iPhone:
1. Go into Settings.
2. Go into General.
3. Go into About.
4. Go into Diagnostics and Usage.
5. Click "Don't Send." On the chance that your iPhone does indeed have Carrier IQ installed, the information it is gathering will no longer be sent to Apple.
UPDATE: Apple has issued this statement to AllThingsD:
“We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”-----
So, there you have it. Gizmodo has a list of smartphones, manufacturers and carriers that do not have Carrier IQ installed that it is constantly refreshing, and we'll keep updating you with the latest on the Carrier IQ saga as it developers. Until then, we'll be awaiting new statements from mobile carriers, handset makers and Carrier IQ itself on what the plans are to correct what seems like an invasion of privacy.
(Read on to see official statements on this controversy from Carrier IQ, as well as from Apple, Google, Verizon, AT&T, Microsoft and others.)
Check out our slideshow (below) to see the 13 smartphones that were rated most vulnerable to hackers and malware in 2011.
PLAY
FULLSCREEN
ZOOM
No comments:
Post a Comment