Murka Terroristka Homepage


  Reply to this topicStart new topicStart Poll

> OMFG: Wer setzt dem ein ENDE???, Unter Kontrolle ...
TJA
Posted: December 01, 2011 11:08 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

SPIEGEL ONLINE
01. Dezember 2011, 16:24 Uhr
CarrierIQ
US-Firma liefert Ăśberwachungssoftware fĂĽr 150 Millionen Handys

Von Konrad Lischka

Tastatureingaben, Positionsdaten, Kurznachrichten: Eine Diagnosesoftware kann laut Entwicklern Handydaten mitlesen, die man lieber für sich behält. Das Programm ist auf 150 Millionen Geräten vorinstalliert und läuft im Hintergrund - allein zur Qualitätssicherung, sagt der Hersteller.

Auf 150 Millionen Mobiltelefonen weltweit könne man beobachten, wie Mobilgeräte "jeden Tag benutzt werden", meldete die US-Firma CarrierIQ im Oktober stolz. Damals schloss CarrierIQ eine Partnerschaft mit den Marktforschern von Nielsen. Die sollten anhand der CarrierIQ-Daten analysieren, welche Erfahrungen Konsumenten mit ihren Smartphones und Tablets machen - CarrierIQ verfüge da über eine "einzigartige Wissenquelle".

Wie weit das Wissen aus dieser einzigartigen Quelle reicht, erforscht der Systemadministrator Trevor Eckhart aus Connecticut. Der junge Mann entwickelt auch Anwendungen für Android-Smartphones und stieß bei der Arbeit auf die Software CarrierIQ. Das Programm war auf einem HTC-Gerät vorinstalliert, das Eckhart untersuchte. Die Software wird von Herstellern oder Mobilfunkanbietern auf von ihnen ausgelieferten Geräten vorm Verkauf an Kunden installiert.

Die Ergebnisse der bisherigen Analyses Eckhart sind beunruhigend. Die gut getarnte und fĂĽr Laien nicht zu deaktivierende und schon gar nicht zu deinstallierende Ăśberwachungssoftware von CarrierIQ hat dem Entwickler zufolge Zugriff auf sensible Informationen.

Trevor Eckhart sagt, dass die CarrierIQ-Software auf dem von ihm untersuchten Android-Smartphone …

    * …Zugriff auf Tastatureingaben hat.
    * …sehen kann, welche Websites er im Browser aufruft.
    * …bei einem per SSL verschlĂĽsselten Zugriff auf die Google-Suche mitlesen kann, welche Suchanfrage er eintippt.
    * … Details der Login-Strings mitlesen kann, die bei der Anmeldung beim Bezahldienst PayPal anfallen.
    * …berechtigt ist, auf SMS-Nachrichten, Positionsdaten, das Adressbuch zuzugreifen und SMS-Nachrichten zu versenden und sogar Anrufe zu tätigen.

Wie die Auftraggeber der CarrierIQ-Installation auf diese Daten zugreifen können, versucht Eckhart in einem zweiten Artikel auf Basis von Lehrmaterial der Firma CarrierIQ nachzuvollziehen. Das Fazit des Entwicklers:

    "Geräte werden auf dem Wartungsportal nach Gerätenummern oder Kundennummern angezeigt. Die Administratoren können die Geräte in Gruppen zusammenfassen, zum Beispiel, um zu sehen, bei welchen Geräten in Kalifornien um fĂĽnf Uhr abends die Netzverbindungen zusammengebrochen sind." Allerdings könne der Auswerter die von Telefonen ĂĽbertragenen Daten auch so anzeigen: "Anstatt abgebrochene Netzverbindungen in Kalifornien zu analysieren, könnte man auch anzeigen, wo Herr XY an einem bestimmten Tag gewesen ist, was auf seinem Mobilgerät läuft, welche Tasten er drĂĽckt und welche Anwendungen er nutzt."

CarrierIQ: "Wir beobachten viele Aspekte der Geräteleistung"

CarrierIQ bestreitet, dass die Software zum Protokollieren von Tastatureingaben genutzt werden kann. Das Unternehmen teilt mit, die Software würde von Geräteherstellern und Netzbetreibern auf Mobilgeräten installiert, um "die Netzqualität zu verbessern und Probleme mit Endgeräten zu analysieren".

Das Unternehmen sagt, man beobachte "viele Aspekte der Geräteleistung", zeichne aber nicht "Tastatureingaben auf" und biete auch keine Funktion zum "Tracken" einzelner Geräte. Alle von den Endgeräten abgefragten Informationen würden "verschlüsselt und gesichert" in den Netzwerken der Kunden von CarrierIQ oder bei CarrierIQ selbst verwaltet.

Im Gespräch mit "Wired" sagte CarrierIQ-Marketingchef Andrew Coward, seine Firma lese keine Textnachrichten: "Wir zählen Dinge. Wie viele Kurznachrichten haben Sie gesendet, wie viele konnten nicht verschickt werden." Auf die Frage eines "Wired"-Redakteurs, ob die CarrierIQ-Software theoretisch Textnachrichten auf den Endgeräten auslesen könnte, antwortete Coward: "wahrscheinlich ja".

Hersteller HTC verweist auf Mobilfunkfirmen

Welche Anbieter die CarrierIQ-Software auf ihren Geräten installieren, ist unklar. Ein Überblick:

    * HTC hat auf eine Anfrage von SPIEGEL ONLINE zum Einsatz der Software in Deutschland nicht bis zur Veröffentlichung dieses Artikels nicht geantwortet. Zur Lage in den USA verweist HTC auf die Netzbetreiber: "HTC ist kein Kunde oder Partner von CarrierIQ, wir erhalten keine Daten von dieser Anwendung, der Firma oder den Netzbetreibern, die mit CarrierIQ zusammenarbeiten. HTC sucht nach Möglichkeiten, Kunden eine Option zum Deaktivieren der Datensammlung durch die CarrierIQ-Anwendung zu bieten."
    * Samsung Deutschland hat auf eine Anfrage von SPIEGEL ONLINE bislang nicht geantwortet.
    * Laut dem iPhone-Hacker chpwn findet sich auf iPhone eine Version der CarrierIQ-Software, diese sei aber standardmäßig deaktiviert. Apple hat auf eine Anfrage von SPIEGEL ONLINE bis zu Veröffentlichung dieses Artikels nicht geantwortet.
    * Nokia bestreitet den Einsatz der Software: "CarrierIQ liefert keine Produkte fĂĽr Nokia Geräte aus."

Deutsche Mobilfunkanbieter wollen Hersteller befragen

In Deutschland ist die Software bei den groĂźen Mobilfunkanbietern nicht im Einsatz:

    * T-Mobile nutzt nach eigenen Angaben die Software Carrier IQ nicht. Ob und in welcher Firmware bei diversen Endgeräte-Hersteller diese Software zum Einsatz kommt, könne man aber nicht sagen. Um das zu klären, will T-Mobile die Geschäftspartner bitten, "umfänglich ĂĽber implementierte Anwendungen zu informieren".
    * Auch O2 prĂĽft derzeit, ob auf von Herstellern gelieferten Geräten solche Software installiert ist. Eine Sprecherin sagt: "Nach unserem jetzigen Kenntnisstand wurden keinerlei Kundendaten an uns ĂĽbermittelt."
    * Vodafone Deutschland nutzt laut einem Sprecher "CarrierIQ und andere Diagnosesoftware nicht".
    * Ein Sprecher der E-Plus-Gruppe sagt, dass die Firma die Software CarrierIQ und vergleichbare Diagnose-Software nicht einsetzt.
    * Die Freenet-Gruppe (Debitel/Mobilcom/Klarmobil/Callmobile) hat eine Anfrage von SPIEGEL ONLINE bis zur Veröffentlichung dieses Artikels nicht beantwortet.


URL:

    * http://www.spiegel.de/netzwelt/gadgets/0,1518,801083,00.html

Mehr im Internet

    * CarrierIQ
      http://www.carrieriq.com/company/PR.Nielse...Oct_19_2011.pdf
    * Eckharts Analyse
      http://androidsecuritytest.com/features/lo...arrieriq-part2/
    * Netzticker 17.11.2011 #4
      http://androidsecuritytest.com/features/lo...gers/carrieriq/
    * Stellungahme von Carrier IQ (PDF)
      http://www.carrieriq.com/Media_Alert_User_...rs_11_16_11.pdf
    * "Wired" ĂĽber CarrierIQ
      http://www.wired.com/threatlevel/2011/11/rootkit-brouhaha
    * iPhone-Hacker chpwn
      http://blog.chpwn.com/post/13572216737?fe250de0
      SPIEGEL ONLINE ist nicht verantwortlich
      fĂĽr die Inhalte externer Internetseiten.


© SPIEGEL ONLINE 2011
Alle Rechte vorbehalten
Vervielfältigung nur mit Genehmigung der SPIEGELnet GmbH


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:17 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

Nielsen and Carrier IQ Form Global Alliance to
Measure Mobile Service Quality

New York and Mountain View, CA – October 19, 2011 – Nielsen, a global
information and measurement company, and Carrier IQ, the standard for mobile
intelligence solutions, today announced an alliance to measure the performance of
mobile services, networks, and devices. Together, they will deliver critical insights
into the consumer experience of mobile phone and tablet users worldwide, which
adhere to Nielsen’s measurement science and privacy standards. This alliance will
leverage Carrier IQ's technology platform to gather actionable intelligence on the
performance of mobile devices and networks.

Nielsen has extensive experience measuring mobile service quality from the
consumer perspective in the United States and of leveraging surveys, device
metering, retail measurement and opt-in consumer panels to understand mobile
trends worldwide. “Nielsen’s service quality performance benchmarks are already
the de-facto standard for network optimization and advertising claims in the US,”
said Larry Lenhart, CEO of Carrier IQ. “They also have a comprehensive
understanding of mobile consumers around the world, derived from years of
studying and tracking the market. We are delighted that our technology will add
value to their portfolio of mobile solutions.”

Carrier IQ’s Mobile Intelligence software is currently deployed on more than 150
million devices worldwide. It enables mobile service providers and device
manufacturers to solve business and technology issues through the lifecycle and
support of devices and networks by delivering mission critical intelligence on how
services perform and how devices actually work in the hands of end users.

“Carrier IQ is already working with mobile operators and device manufacturers
around the world to help them improve customer care, device management and
network planning and operations,” said Jonathan Carson, GM of Digital at Nielsen.
“After an extensive market review, Nielsen chose to work with Carrier IQ to offer a
best-in-class solution to set performance benchmarks worldwide and help clients
deliver a better mobile experience to their customers.”

About Carrier IQ
Carrier IQ is the leading provider of Mobile Intelligence solutions, currently deployed
on over 150M devices from leading mobile device vendors worldwide. Carrier IQ
delivers a unique source of knowledge, directly from the mobile device, which
represents an objective, impartial view of how handsets and devices are performing

on the network, and how mobile devices are being used day-to-day. This is all done
in a highly secure, private and anonymized environment. Founded in 2005 and
headquartered in Mountain View, California, Carrier IQ is a privately held, venture-
backed company with offices in the U.S., UK, Korea and Malaysia. For more
information, please visit www.carrieriq.com.

About Nielsen 
 Nielsen Holdings N.V. (NYSE: NLSN) is a global information and
measurement company with leading market positions in marketing and consumer
information, television and other media measurement, online intelligence, mobile
measurement, trade shows and related properties. Nielsen has a presence in
approximately 100 countries, with headquarters in New York, USA and Diemen, the
Netherlands. For more information, visit www.nielsen.com.

Carrier IQ, the Carrier IQ logo, and Mobile Service Intelligence Platform are
trademarks of Carrier IQ, Inc.

MEDIA CONTACTS:
Mira Genser Woods, Carrier IQ
Phone: 617-513-7020
mwoods@carrieriq.com

Marivi Lerdo de Tejada, NIELSEN
Phone: 415 260 3787
marivi.lerdo@nielsen.com


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:18 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

Carrier IQ is on iOS

Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian, BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off “Diagnostics and Usage” in Settings appears to be enough.

I do realize the info below is a bit technical, but that’s the best way for me to share what I’ve figured out so far at this point. Please feel free to let me know if you discover something else here.

Carrier IQ is run from a number of different daemons, depending on the firmware version of the device: (You can view this on a jailbroken iPhone with iFile or extract it from a software update bundle if you want to check the files out yourself.)

    * iOS 3: /usr/bin/IQAgent
    * iOS 4 and 5: /usr/bin/awd_ice2 or /usr/bin/awd_ice3

The startup routine verifies that it is running on either a compatible device and exits if it is not. In addition, and most importantly: it appears it will only run if:

    * iOS 3: The DiagnosticsAllowed key is set to true in the com.apple.iqagent preferences — which it does not appear to be enabled on any of my devices. (If anyone knows what would cause this key to be set to true, please let me know.)
    * iOS 4: Unknown, probably like iOS 3.
    * iOS 5: Copies the ShouldSubmit value from lockdownd, under the domain com.apple.MobileDeviceCrashCopy. I believe this value is set by the “Submit Logs to Apple” option during the iOS 5 setup sequence, and so Carrier IQ logging is toggled with that setting.

There is also a check to ensure that your carrier supports the logging: it appears some carriers support it only over WiFi, others over 3G. However, despite those restrictions and never enabling the above checks, I do see Carrier IQ log files stored on all of the devices I tested:

    * iOS 3: /var/logs/IQAgent
    * iOS 4: /var/wireless/Library/Logs/IQAgent
    * iOS 5: /var/wireless/Library/Logs/awd

But is this version of Carrier IQ the same keylogger/rootkit as on Android? The answer appears to be: not quite. It does access a reasonable amount of information, however: (Be sure to note that I have not confirmed which, if any, of this data is sent remotely.)

    * CoreTelephony
          o your phone number
          o your carrier
          o your country
          o active phone calls
                + (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)
    * CoreLocation
          o your location (Only, however, if Location Services are enabled.)
    * (Possibly more I haven’t yet found.)

As Carrier IQ claims in their video, communication with the remote server is all done via SSL. Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.

It appears that if you really care about this, Windows Phone 7 is the only mobile operating system without this installed. ;P However, I think the blame here really belongs with the US carriers who obviously demanded this: personally, I am completely fine with this data being sent off (especially if it helps AT&T’s network improve), but I would definitely prefer if it was more transparent — even if you can disable it with that toggle, Apple only explains that it “might contain location data”.

Update: From my examinations, Apple’s recent statement on the issue appears to be entirely accurate.
November 30, 2011
77 notes


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:24 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

[ currently missing ]


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:25 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

CarrierIQ Part 2
Carrier IQ Information – Part #2
Written by Trevor Eckhart

Watch Carrier IQ Video

Video Contents:

Part 1: 0:00 – Device setup
Part 2: 3:15 – Where we don’t see CIQ
Part 3: 5:05 – Finding CIQ Application

Part 4
8:34 – Watching Carrier IQ Watch Us
8:39 – Keypresses
12:27 – Receiving a SMS Message
13:35 – Using Browser on WiFi

Part 5: 15:45 – Carrier IQ on an out of service device
Part 6: 16:49 – Conclusions



Carrier IQ believes some of my statements may cause confusion, so I would like to back up my research with more supporting details.  All logs posted here were created using standard Android tools.  My research focuses on HTC Android devices, but Carrier IQ is on many other devices, too, and may use information differently in those contexts.

I am looking to Carrier IQ for answers here and not HTC because of how many devices this is on.  I just happen to use HTC devices, which is why I discovered the application on those phones.

Let’s talk about rootkits

The Carrier IQ application as shown in the “stock clients” zip file is how the program looks before it’s modified to carrier specifications and is potentially useful to carriers. For end users the stock client indicates that it’s running by displaying an icon in the status bar and is contained in a single APK file.  We have never seen this version of the CIQ used in the “real world.” and to be clear is what fits my definition of a “rootkit”

Here’s how Wikipedia defines a “rootkit.” I will take the relevant parts step by step from Wikipedia-

A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.

The way Carrier IQ works, as seen in the training documents (see last article here), is by enabling someone continued privileged access to our computers (which are Android devices).  The application is hidden in nearly every part of our phones, including the kernel (source – http://htcdev.com/devcenter/downloads).

Carrier IQ also subverts standard operating system functionality.  For any application, I believe standard operating functionality includes having a descriptively named application; a launcher icon, settings menu, widget, or other method to allow the end user to access the application; and a privacy policy clearly available on the device the application is installed on.  Also, as seen in  the video, only an application named HTC IQAgent is displayed as a running application on my HTC device. A second program called IQRD never makes itself known as a running application.

It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself.  Even on old devices, IQRD runs continuously because it’s set to start automatically at boot.  The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run. This is all particularly
concerning when Carrier IQ publicly states that “When Carrier IQ’s products are deployed, data gathering is done in a way where the end user is informed or involved.”
http://carrieriq.com/company/privacy.htm

The very extensive list of Android security permissions granted to IQRD would raise anyone’s eyebrow, considering that it’s remotely controlled software, but some things such as reading contact data, Services that cost you money, reading/edit/sending sms, recording audio(?!??!?) and writing/changing wireless settings seem a bit excessive (see full list in screenshots below).  Even all this is not everything the user has apparently agreed to.  IQRD and HTC IQAgent application (shown below) talk to other root-running binaries, and other APK’s (such as browser) talk to these two applications and kernel locations. IQRD is able to see actions outside of its own application this way, something I don’t see any other apps capable of doing at this level.  It’s even in the browser looking at data such as HTTPs sessions (see below section for logs).

The second and more obviously named application – HTC IQ Agent – shows no permissions required.  This application has an “about” button that shows an HTC logo but no privacy policy or information explaining what the program is.  When HTC was asked about it – the company said users need to understand third-party privacy policies.

Third-Party Software: (from HTC http://www.xda-developers.com/android/htc-...ds-once-again/)

It is also important to note that the phones we build are a compilation of not only software and services from HTC, but also from third parties. These third-party applications and services, such as Carrier IQ (CIQ) and Google Check-in, serve to further improve the customer experience and have their own privacy policies. We encourage consumers to understand the specific policies of any application or service that is enabled on their device.

If HTC’s privacy policy doesn’t cover the information collected by Carrier IQ, it’s unclear whose privacy policy does  Carrier IQ has a minimal privacy policy (http://carrieriq.com/company/privacy.htm), but it says, “Our products are designed and configured to work within the privacy policies of our end customers[.]” So whose policy covers this data — Carrier IQ, or the phone manufacturer, or the carrier? Nobody knows for sure.



The only choice we have to “opt out” of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones.  Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.

The second part of the definition from wikipedia:

The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool).

CarrierIQ runs the binaries as user root in our ramdisk.  The Carrier IQ code is in almost every application: browser, dialer, SMS, media player, the kernel itself, who knows where else. Please read more about the kernel below.

From wikipedia -

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem.



In real-world usage, it’s very hard for an average user to even be aware of Carrier IQ.  To see it, we need to look in low-level file systems, kernel source code, and system logcat logs.  It has no launcher icon, no settings, no program to opt in to. Even DRM, which is typically another “hidden service”, has a notice about activation when you use HTC Watch.

you are able to decline if you do not want to use the DRM service, but you can not decline to use Carrier IQ.

It’s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else.  The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.





Devices out of Contract especially have an issue

IQ Insight Experience Manager uses data directly from the mobile device to give a precise view of how the services and the applications are being used, even if the phone is not communicating with the network. (From http://www.carrieriq.com/company/PR.Experi...A-09.090325.pdf )

Such profile transmission to the SQC 402 residing on the target device(s) may be achieved using any of a variety of transport mechanisms and standards including Short Message Service (“SMS”), Hypertext Transport Protocol (“HTTP”), Hypertext Transport Protocol Secure (“HTTPS”), Wireless Application Protocol (“WAP”) Push, IP-based Over-the-Air (IOTA) protocol, OMA/DM, or other protocols that are known in the art or that may be developed in the future. (From http://www.patents.com/us-7609650.html)


But Carrier IQ’s Woods said that her company’s software is set to disable data collection if the device’s SIM card or mobile carrier changes. (From – http://www.informationweek.com/news/securi...1903096?pgno=2)

There are a few problems with all of this.  There are no SIM cards on CDMA phones – CDMA users have no options to take a device completely off a network. It’s not common for CDMA devices to change carriers (without cloning a device, which is probably frowned upon in most cases).  Every time I get a new phone, I stick the old one in airplane mode with wifi, then activate the new phone. On the old phones CIQ collectors are still shown to be running in the background passing data around, and there’s no way to stop and remove them (the same logcat logs as above are visible). Furthermore, they’re looking to the URL in iqprofile.pro, which is an HTTPS address.

Developers are constantly getting new devices to make apps, themes, etc.  Regular users buy new devices like the HTC EVO 3d just to play with innovative new features.  Android devices are linux computers with hardware that (sometimes) includes a phone radio. In short, there are tons of ways to use these devices other than as a phone.  Sometimes users don’t sign a service contract with anyone, never turn on the cell radio, and use the device exclusively on wifi.

Below are the only opt-in switches/legal terms on my HTC device. In the statement in the above section, HTC says we must understand that third-party software is not HTC software, and is subject to third-party terms.  Where are Carrier IQ’s terms and policies for allowing this application to run and collect data — even if it’s just local — on any device out of a carrier’s service?  As we saw from the permissions requested by the IQRD application, the program is able to log very sensitive user data, including reading contacts/SMS, recording audio, modifying network connections and more.

What do we see Carrier IQ actually doing?

Before I begin, remember this anaylsis is specific to Android and HTC.  There are other devices and platforms that could use the Carrier IQ API differently; this is just what I know Carrier IQ is capable of doing on an HTC device.

Let’s start with what’s seen when the IQD binary application runs. The only text we see is about using PCAP (https://en.wikipedia.org/wiki/Pcap)

# iqd
IQMetricsPCAPThread_Start – setting up PCAP link
pcap_thread
pcap_open_live –> 494640,113
IQ_InitializeBoosterPackIP –> 0

On HTC devices, the easiest way to watch the rest of Carrier IQ is to run a logcat.  We can see two identifiers (AgentService_J and HTC_SUBMITTER_C) doing most of the work, but this is only a brief look at what’s happening, and doesn’t reflect everything that might be going on or all data being looked at

*SECURITY ALERT*  The interesting thing is because we are able to see this happening in logcat, anything with the right permissions can see the same thing.  It means programs other than CIQ, such as crash reporting software or any app that can read logs, will also be able to see the same exact logs.

Webpage visited –

V/AgentService_J(  713): Action[1021]:com.htc.android.iqagent.action.al34
I/HTC_SUBMITTER_C(  713): (0) submitAL34:-1155628198,https://www.google.com/
V/AgentService_J(  713): (0)dwPageID:1321694298970,szURL:https://www.google.com/


Location Statistics – (seems to trigger whenever location updates or get queried)
Intent – com.htc.android.iqagent.action.lc30

V/AgentService_J(  716): Action[157]:com.htc.android.iqagent.action.lc30
I/HTC_SUBMITTER_C(  716): (516010663) submitLC30:234,40752055,-73806468,911,113,0,516010663
V/AgentService_J(  716): (0)lc30_TStamp_lo:516010663,lc30_Tstamp_hi:234,lc30_Latitude:40752055,lc30_Longitude:-73806468,lc30_Accuracy:911,lc30_ResultsValid:113,lc30_Method:0

Media Statistics – (from Test UI)
Intent – com.htc.android.iqagent.action.mp03

V/AgentService_J(  723): Action[787]:com.htc.android.iqagent.action.mp03
V/AgentService_J(  723): ErrorCode:103
V/AgentService_J(  723): NumTracks:3
V/AgentService_J(  723): mp03_dwSize:201
V/AgentService_J(  723): mp03_dwPktRcvd:202
V/AgentService_J(  723): mp03_dwPktDup:203
V/AgentService_J(  723): mp03_dwPktLoss:204
V/AgentService_J(  723): mp03_dwPktSent:205
V/AgentService_J(  723): mp03_dwAvgJitter:206
V/AgentService_J(  723): mp03_dwAvgLatency:207
V/AgentService_J(  723): mp03_wAvgRate:208
V/AgentService_J(  723): mp03_ucCodec:209
V/AgentService_J(  723): mp03_ucPad:210
I/HTC_SUBMITTER_C(  723): (0) submitMP03:103,3,sizeof(arrStats):96



SMS Received –
Intent – com.htc.android.iqagent.action.smsnotify

D/SMSDispatcher( 2464): dispatchWapPushToCIQ  >>>
D/SMSDispatcher( 2464): dispatchWapPushToCIQ  >>>
D/SMSDispatcher( 2464): dispatchSmsToCIQ in
D/SMSDispatcher( 2464): mPdus >[a message pdu is in hex(??) here, removed]
V/AgentService_J(  713): Action[877]:com.htc.android.iqagent.action.smsnotify
V/AgentService_J(  713): get SMS
V/AgentService_J(  713): 43
V/AgentService_J(  713): +checkSMS:-1
V/AgentService_J(  713): +checkSMS  BODY >>: [a message body is here(hex??), removed]
I/HTC_SUBMITTER_C(  713): (0)checkSMS:testing123  [the contents of the message sent]
I/HTC_SUBMITTER_C(  713): hii
I/HTC_SUBMITTER_C(  713): (this Is my message)EWT,48



Keypress made -
Intent – com.htc.android.iqagent.action.ui01 –

Pressed 1: (wkeycode 49), you can see ucKeyEvent = 0 when key is pressed

V/AgentService_J(  716): Action[170]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  716): actionUI01:49,0
I/HTC_SUBMITTER_C(  716): (0) convert01:49,0
V/AgentService_J(  716): (0)wKeyCode: 49, ucKeyEvent: 0

ucKeyEvent  = 1 when released
V/AgentService_J(  716): Action[171]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  716): actionUI01:49,1
I/HTC_SUBMITTER_C(  716): (0) convert01:49,1
V/AgentService_J(  716): (0)wKeyCode: 49, ucKeyEvent: 1



I pressed the button 2: (wkeycode 50)

V/AgentService_J(  716): Action[182]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  716): actionUI01:50,0
I/HTC_SUBMITTER_C(  716): (0) convert01:50,0
V/AgentService_J(  716): (0)wKeyCode: 50, ucKeyEvent: 0

V/AgentService_J(  716): Action[183]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  716): actionUI01:50,1
I/HTC_SUBMITTER_C(  716): (0) convert01:50,1
V/AgentService_J(  716): (0)wKeyCode: 50, ucKeyEvent: 1

I press the button 3: (wkeycode 51) (cut off key released from here on, you get the point by now)

V/AgentService_J(  716): Action[191]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  716): actionUI01:51,0
I/HTC_SUBMITTER_C(  716): (0) convert01:51,0
V/AgentService_J(  716): (0)wKeyCode: 51, ucKeyEvent: 0

Button 4 (wkeycode 52):

V/AgentService_J(  716): Action[196]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  716): actionUI01:52,0
I/HTC_SUBMITTER_C(  716): (0) convert01:52,0
V/AgentService_J(  716): (0)wKeyCode: 52, ucKeyEvent: 0

Home button pressed (wkeycode 11)

V/AgentService_J(  713): Action[528]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  713): actionUI01:11,0
I/HTC_SUBMITTER_C(  713): (0) convert01:11,0
V/AgentService_J(  713): (0)wKeyCode: 11, ucKeyEvent: 0

Back Button pressed: (wkeycode 27)

V/AgentService_J(  713): Action[554]:com.htc.android.iqagent.action.ui01
I/HTC_SUBMITTER_C(  713): actionUI01:27,0
I/HTC_SUBMITTER_C(  713): (0) convert01:27,0
V/AgentService_J(  713): (0)wKeyCode: 27, ucKeyEvent: 0

Screen On/Off –
Intent – com.htc.android.iqagent.action.ui02

Screen On –

V/AgentService_J(  717): Action[355]:com.htc.android.iqagent.action.ui02
I/HTC_SUBMITTER_C(  717): (0) submitUI02:1,0,0
V/AgentService_J(  717): (0)OldUIState:1,NewUIState:0,UIEvent:0

Screen Off –

V/AgentService_J(  717): Action[357]:com.htc.android.iqagent.action.ui02
I/HTC_SUBMITTER_C(  717): (0) submitUI02:0,1,0
V/AgentService_J(  717): (0)OldUIState:0,NewUIState:1,UIEvent:0

Signal Changes –

V/AgentService_J(  713): Action[935]:com.htc.android.iqagent.action.ui08
I/HTC_SUBMITTER_C(  713): actionUI08 metric:6, 3
V/AgentService_J(  713): (0)ASU, TECH:6, 3

Battery Usage Changes – (yes the typo is in logcat not me) smile.gif

I/HTC_SUBMITTER_C(  713): (0) submitUI09:5
V/AgentService_J(  713): Battery Dispaly:5

Application Opened Intent – com.htc.android.iqagent.action.ui15

Application Focused:
Intent – com.htc.android.iqagent.action.ui19–

V/AgentService_J(  713): Action[561]:com.htc.android.iqagent.action.ui19
I/HTC_SUBMITTER_C(  713): (0) submitUI19:-1725705692,0
V/AgentService_J(  713): (0)ui19_dwAppID:-1725705692,ui19_ucFocusEvent:0
V/AgentService_J(  713): Action[562]:com.htc.android.iqagent.action.ui19
I/HTC_SUBMITTER_C(  713): (0) submitUI19:-1725705692,0
V/AgentService_J(  713): (0)ui19_dwAppID:-1725705692,ui19_ucFocusEvent:0






Now let’s talk about HTTPs

In the online world, HTTPs is pretty much the only thing protecting sensitive data moving around. In a nutshell, when you first connect to https://www.yourbank.com, the browser checks SSL certificates and makes sure the site operator is who it says it is. After that, all traffic between the user and the site is encrypted.

From https://blog.httpwatch.com/2009/02/20/how-s...ngs-over-https/, we see an example of this. HTTPs strings + data after the SSL handshake really can’t be sniffed outside of browser.  Now, although it’s insecure, HTTPs usernames/passwords CAN be passed in plain text.  So while my examples are based on a google search, if you did https://mysite.com?username=MYNAME&password=MYPASS, that exact string would be passed into the CIQ application.

Googling Hello World over SSL:

V/AgentService_J(  713): Action[1035]:com.htc.android.iqagent.action.al34
I/HTC_SUBMITTER_C(  713): (0) submitAL34:-1155376757,https://www.google.com/search?hl=en&site=&q=hello+world&oq=hello+world&aq=f&aqi=g5&aql=&gs_sm=e&gs_upl=[removed some sensitive looking information]
V/AgentService_J(  713): (0)dwPageID:1321694550411,szURL:https://www.google.com/search?hl=en&site=&q=hello+world&oq=hello+world&aq=f&aqi=g5&aql=&gs_sm=e&gs_upl=[removed some sensitive looking information]



Below are a few excerpts from logcat that show what Carrier IQ was doing while I logged into PayPal. I did not feel comfortable posting more information than this, since the login strings Carrier IQ grabbed were detailed. Notice it even says (from:com.android.browser) showing that Carrier IQ has been integrated directly into the browser’s code.  The application is reading not only HTTP, but the HTTPs details about the page I visited down to the JS(javascript) and CSS(Cascading Style Sheets) files which are all the “background code” that control how webpages look and feel.

V/AgentService_J(  468): Action[1328]:com.htc.android.iqagent.action.nt10
I/HTC_SUBMITTER_C(  468): (-3) actionNT10:0,-1,304,4,0,0,4,https://www.paypalobjects.com/en_US/i/pui/core/nav_sprite.gif
V/AgentService_J(  468): (-3)Size:0,SocketID:-1,Type:304,AppType:0Mode:4,URI:https://www.paypalobjects.com/en_US/i/pui/core/nav_sprite.gif(from:com.android.browser)
V/AgentService_J(  468): Action[1328]:com.htc.android.iqagent.action.nt10
I/HTC_SUBMITTER_C(  468): (-3) actionNT10:0,-1,304,4,0,0,4,https://www.paypalobjects.com/en_US/i/icon/icon_load_roundcorner_lock1_186x42_withlock.gif
V/AgentService_J(  468): (-3)Size:0,SocketID:-1,Type:304,AppType:0Mode:4,URI:https://www.paypalobjects.com/en_US/i/icon/icon_load_roundcorner_lock1_186x42_withlock.gif(from:com.android.browser)
V/AgentService_J(  468): Action[1329]:com.htc.android.iqagent.action.nt10
I/HTC_SUBMITTER_C(  468): (-3) actionNT10:0,-1,304,4,0,0,4,https://www.paypal.com/en_US/i/logo/paypal_logo.gif
V/AgentService_J(  468): (-3)Size:0,SocketID:-1,Type:304,AppType:0Mode:4,URI:https://www.paypal.com/en_US/i/logo/paypal_logo.gif(from:com.android.browser)

V/AgentService_J(  468): Action[1315]:com.htc.android.iqagent.action.nt0f
I/HTC_SUBMITTER_C(  468): (-3) actionNT0F:722,-1,0,5,0,0,4,https://www.paypalobjects.com/WEBSCR-[SOME_UNIQUEID]/css/core/global.css
V/AgentService_J(  468): (-3)Size:722,SocketID:-1,Code:0,AppType:0Mode:4,URI:https://www.paypalobjects.com/WEBSCR-[SOME_UNIQUEID]/css/core/global.css(from:com.android.browser)

V/AgentService_J(  468): Action[1328]:com.htc.android.iqagent.action.nt10
I/HTC_SUBMITTER_C(  468): (-3) actionNT10:0,-1,304,4,0,0,4,https://www.paypalobjects.com/WEBSCR-[SOME UNIQUEID]/js/lib/min/widgets.js
V/AgentService_J(  468): (-3)Size:0,SocketID:-1,Type:304,AppType:0Mode:4,URI:https://www.paypalobjects.com/WEBSCR-[SOME_UNIQUEID]/js/lib/min/widgets.js(from:com.android.browser)

My Conclusions

I have shown what the Carrier IQ application is capable of doing on an HTC device. The fact that it’s embedded into the shipped device raises very serious security and privacy concerns.  My original article was intended to be my take on the entire process with enough information for anyone to verify.  I cited my sources throughout the article and mirrored training files to support my findings. Everything I wrote continues to be to the best of my knowledge.  Many people are clearly confused about this application and what it does, and it’s being explained to nobody.

  1. The CIQ application is embedded so deeply in the device that it can’t be fully removed without rebuilding the phone from source code.  This is only possible for a user with advanced skills and a FULLY unlocked device. Even where a device is out of contract, there is no OFF switch to stop the application from gathering data.  The files and code littered across many protected operating system locations will ALWAYS be there, and we can see logcat proof of it running — wasting CPU cycles, PMEM space, and whatever else.  Regardless, the applications should not be allowed to run and collect data outside of possibly a contract with a carrier.  Any user who wants a full removal method should have one.
  2. The CIQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings.  HTTPs data is the only thing protecting much of the “secure” Internet.  Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above — and can be seen going into the CIQ application.
  3. The CIQ portal is not anonymous if devices upload packages by equipment id and other identifying metrics and can individually be tasked packages, as we saw in the training document. (see previous article) I would like to know exactly who has seen this data, what data has been recorded, and who has recorded it. This data should also be subject to some clear privacy policy. The only existing privacy policy we can find rings hollow when we know the software logs sensitive identifiable data:
        1. Our data gathering and data storage policies are built from industry best practice. Our products allow us to address privacy & security requirements that vary country-by-country and customer-by-customer. There are a variety of techniques involved in protection of privacy and in implementation of security policy, including anonymization of certain user-identifiable data, aggregation of data and encryption of data, etc. (From http://carrieriq.com/company/privacy.htm)
  4. If a bad actor discovered a vulnerability or used malware, he could potentially exploit that opportunity to become a “CIQ operator,” leaving many users helpless against the extensive collection and misuse of their own information and no way to stop it.  With so much moving code across the operating system, I would say the chances of malware looking here isn’t that far-fetched.

An application should never be this hard to fully remove for security reasons—especially out of contract—when it serves no good purpose for the user, and its use should be opt-in ONLY. 


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:34 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

The Register®

Original URL: http://www.theregister.co.uk/2011/11/30/sm...one_spying_app/
BUSTED! Secret app on millions of phones logs key taps

Researcher says seeing is believing

By Dan Goodin in San Francisco

Posted in Security, 30th November 2011 02:34 GMT

Free whitepaper – VMready

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.

In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer Android debug options while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

Ironically, he says, the Carrier IQ software recorded the “hello world” dispatch even before it was displayed on his handset.

Eckhart then connected the device to a Wi-Fi network and pointed his browser at Google. Even though he denied the search giant's request that he share his physical location, the Carrier IQ software recorded it. The secret app then recorded the precise input of his search query – again, “hello world” – even though he typed it into a page that uses the SSL, or secure sockets layer, protocol to encrypt data sent between the device and the servers.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” the 25-year-old Eckhart says.

The video was posted four days after Carrier IQ withdrew legal threats against Eckhart [1] for calling its software a “rootkit.” The Connecticut-based programmer said the characterization is accurate because the software is designed to obscure its presence by bypassing typical operating-system functions.

In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses.

“Our technology is not real time,” he said at the time. "It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses.”

Coward went on to say that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers detailed information about the causes of dropped calls and other performance issues.

Eckhart said he chose the HTC phone purely for demonstration purposes. Blackberrys, other Android-powered handsets, and smartphones from Nokia contain the same snooping software, he claims.

The 17-minute video concluded with questions, including: “Why does SMSNotify get called and show to be dispatching text messages to [Carrier IQ]?” and “Why is my browser data being read, especially HTTPS on my Wi-Fi?”

The Register has put the same questions to Carrier IQ, and will update this post if the company responds. ®
Update

More than 19 hours after this post was first published, Carrier IQ representatives have yet to respond to a request for comment. Meanwhile, computer scientists have uncovered an unrelated Android glitch [2] that could also invade smartphone users' privacy, and iOS Devices may be running Carrier IQ also [3].

Follow dangoodin001 [4]
Links

  1. http://www.theregister.co.uk/2011/11/24/ca..._iq_about_face/
  2. http://www.theregister.co.uk/2011/11/30/go...d_security_bug/
  3. http://www.theregister.co.uk/2011/12/01/io...rier_iq_client/
  4. https://twitter.com/#!/dangoodin001

Related stories

    * BUSTED TWO: Carrier IQ monitor-ware on iPhones too? (1 December 2011)

      http://www.theregister.co.uk/2011/12/01/io...rier_iq_client/
    * Android glitch allows hackers to bug phone calls (30 November 2011)

      http://www.theregister.co.uk/2011/11/30/go...d_security_bug/
    * Twitter crypto purchase leaves Egypt dissidents in lurch (28 November 2011)

      http://www.theregister.co.uk/2011/11/28/tw...hisper_systems/
    * Software maker sorry for trying to silence security researcher (24 November 2011)

      http://www.theregister.co.uk/2011/11/24/ca..._iq_about_face/
    * Mobe anti-virus biz Lookout eyes Euro telcos (9 November 2011)

      http://www.theregister.co.uk/2011/11/09/lo...obile_security/
    * HTC Android handsets spew private data to ANY app (3 October 2011)

      http://www.theregister.co.uk/2011/10/03/ht...droid_security/
    * Just how will Apple restrict device-ID snooping in iOS 5? (24 August 2011)

      http://www.theregister.co.uk/2011/08/24/wh...ce_identifiers/
    * Android app logs keystrokes using phone movements (17 August 2011)

      http://www.theregister.co.uk/2011/08/17/android_key_logger/
    * App developer slurped kids' data without consent (17 August 2011)

      http://www.theregister.co.uk/2011/08/17/ap..._data_says_ftc/
    * Want to keep Android apps from spying on you? (22 June 2011)

      http://www.theregister.co.uk/2011/06/22/android_privacy_app/
    * TomTom sorry for giving customer driving data to cops (27 April 2011)

      http://www.theregister.co.uk/2011/04/27/to...omer_data_flap/

© Copyright 1998–2011



--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:36 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

Editorial: Carrier IQ -- the 'evil' we agree to and hate that we did it
By Jerry Hildenbrand  30 Nov 2011 12:00 am

HTC Legal

Seems like every time you turn around you'll see corporations using sneaky tricks to gain a competitive advantage over a different, yet equally sneaky corporation.  That's usually how money is made by the people who are best at making lots of it -- at the expense of others.  The cell phone industry is no different, even though we wish it were.  Yes, I'm talking about Carrier IQ, and it's my turn to bitch.

Carrier IQ sells a stock client for BlackBerry, Symbian, and Android.  There's strong evidence that  they also make client software for other smartphone platforms, and even semi-smartphone OS's like Bada or BREW.  But they're only making it easy to get the same type of data your carrier has been collecting about you since the minute you turned your cell phone on.  If they're collecting it in an insecure manner, which has happened, that's bad on them, and they need to fix it -- pronto. But they're not doing it on their own. They're doing it at the behest of the manufacturer and the carrier, who uses the data to determine how to make changes that get you to spend more money when they offer you the latest shiny.  If 72 percent of the people use a certain feature, you can bet your last dollar that more work goes into making that feature "better" so it's a stronger selling point.  Carrier IQ, as a company, could care less what you do with your smartphone, when you do it, or why.  All they do is make it easier for the people you give your money to each month to see why you like your phone.  I don't work for HTC or AT&T, but I'm sure easy data collection and aggregation makes for a compelling sales pitch.

CIQ isn't doing anything it's not supposed to be doing, unless there's a software bug in play.  The software was purposefully placed there in order to track what you're doing in real time.  Apparently, it works pretty well.  Some may argue that it's a rootkit, or a flaw of some sort, but to the people using the product -- again, the carrier and manufacturer -- it's a feature, one that they pay money to include.  Remember, you are not HTC's (or Samsung, or LG, or RIM, etc.) customer -- companies like Verizon and Sprint are, and all parties find the data that's collected pretty damn useful, so they aren't likely to stop collecting it.

It could be argued that you don't have a choice in the matter. You bought the phone. And while there might be (and usually is -- see the picture above from a CIQ enabled HTC phone) some vague reference to the phone collecting data about how you use it, you likely skipped over that section, and it's not all that up-front about what's being collected or how it's being done. But on the other hand, that's probably true about 90 percent of what your phone's doing at any given time.  It works exactly how it's supposed to work.  Getting mad about it after the fact isn't very productive, and isn't going to solve the problem any time soon.

Vote with your wallet.  You have the option to say no to this sort of data collection software, and that's done by not buying phones that use it.  Every major carrier in the world now carries one of those.

Yes, I think Carrier IQ is a bad thing, done by unscrupulous people so they have more pennies to count.  But all the hate towards the company that writes and sells the software is misguided.  They are only filling a need, and if they stop someone else will step up to replace them.  Enough words have been written about it, yet the solution for Android fans only needs three:

Buy a Nexus.


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
TJA
Posted: December 01, 2011 11:39 pm
Quote Post


ROOT
************

Group: Administrator
Posts: 13836
Member No.: 1
Joined: March 18, 2004



QUOTE

Carrier IQ and mobile (in)security
By Doug Groves on 30 Nov 2011

Back in October, a story ran on XDA Developers about software running on HTC Android phones called Carrier IQ (CIQ) that appeared to be collecting a fair amount of data about your device and not doing a good job of storing it securely.  Beyond your device ID, it collected phone numbers, geo-location and account names. Since that initial discovery, there’ve been reports of it being even more invasive, leading Carrier IQ to issue a Cease and Desist letter and denying what it does.

When Trevor Eckhart (TrevE) wrote about what he discovered, calling it a rootkit, Carrier IQ was quick to send a Cease and Desist letter, claiming that they don’t record as much information as TrevE is reporting.  That’s when the Electronic Frontier Foundation got involved on TrevE’s behalf.  CIQ quickly backed down and issued a press release stating that the CIQ software doesn’t do all that.  They claim they don’t record keystrokes, provide tracking tools nor inspect the content of your communications (emails and SMS).

Of course, that didn’t stop TrevE.  He’s just put out another video that appears to prove all those claims wrong.  In the video, TrevE is quick to point out that while he’s using an HTC phone, the software is also present on other devices.  People on XDA Developers have found it on a number of devices from multiple manufacturers.  The software appears to be embedded at the kernel level, making it almost impossible to completely remove.  In fact, while the IQRD app can be seen in the Android task manager, it’s impossible to issue a force quit on it.


YouTube video link
Download:
FLVMP43GP

In the above video TrevE uses his factory reset HTC Android device to demonstrate what Carrier IQ does.  In the first few minutes, he actually sets up his phone to decline all geo-location services, as well as declines any geo-location, social networking  or OEM debugging information.  In short he runs the phone at a bare minimum, and uses Android’s USB debugging tool to see what’s happening on his phone.  CIQ’s IQRD application runs in the background and records the following…

    * geo-location of phone
    * hardware button presses
    * application launches
    * individual key presses
    * email and SMS content
    * data recording in a supposedly secure HTTPS session (recorded unencrypted by IQRD)

In short, it records just about everything you do with your phone, and that information is unencrypted.  While he presses keypad numbers to demonstrate that IQRD records the information, he doesn’t actually make a phone call.  The IQRD application does have permission to record audio on your phone though.

Since TrevE’s initial findings, the software has also been found Android devices by other manufacturers including Samsung, as well as on Blackberry and Nokia Symbian devices.  In fact, Carrier IQ’s home page shows a running total that as of this writing stated that it was on over 141 million phones, with a new device being added every second.  There’s no definitive list of partners available, but Carrier IQ is known to be on Sprint and Verizon phones, and Carrier IQ has partnerships with Vodafone Portugal as well as hardware makers NEC and Huawei.  Out of the other major OSes, it appears that both iOS and Windows Phone are free of Carrier IQ software. UPDATE: according to one blogger, CIQ is also on iOS devices, but he has posted an easy way to disable it, unlike Android.

From the Carrier IQ home page:

    Carrier IQ is the leading provider of Mobile Service Intelligence Solutions to the Wireless Industry.  As the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers’ mobile experience.

Unprecedented sounds about right, when you record everything your phone does.  While I’m not implying that CIQ is doing anything malicious with the information, and Carrier IQ claims they don’t sell it to 3rd parties, I’m skeptical when I see the term “market researchers” in their press releases (PDF link).

Whenever you set up your phone with accounts, be it from the OS maker, hardware manufacturer, or a 3rd party app, you’re generally greeted with permissions pages, asking you whether the software can collect information.  You’re given the choice.  With CIQ, there’s no way to opt out, and since CIQ isn’t your carrier, the device maker or the OS maker, it’s unclear exactly what privacy policy this falls under.

Ultimately, end users should know what exactly their phones are logging, and what bits of privacy they’re giving up and to whom.  The very existence of Carrier IQ flies in the face of that.

Additional updates:  According to this Globe and Mail report, neither RIM nor any of the big three Canadian wireless carriers make use of the Carrier IQ service.
Related Posts Plugin for WordPress, Blogger...
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

    * Slashdot
    * Digg
    * Technorati
    * StumbleUpon
    * Facebook
    * TwitThis
    * e-mail

Tags: Android, Blackberry, Carrier IQ, Carrier IQ iOS, CIQ, EFF, Electronic Frontier Foundation, iPhone, IQRD, mobile security, Nokia, rootkit, security, Symbian, TrevE, xda developers

    *
      http://mashable.com/2011/12/01/carrier-iq/ Carrier IQ Is Tracking You on Android, But Not Google Nexus

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://www.dotnetz.net/index.php/?p=16675 Carrier IQ Tracking Scandal Spirals Out of Control | www.dotnetz.net

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://techdott.com/2011/12/carrier-iq-tra...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Tech Dott – Daily Technology News Magazine

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://fronteirasemlimites.com.br/2011/12/...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control « Fronteira sem Limites

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://bursst.co.uk/home/news/2011/12/carr...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | bursst.com

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://freewebspace.biz/2011/12/01/carrier...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Discuss the world !

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://downwithapp.com/carrier-iq-tracking...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control Down With A.P.P.

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://cloudy.ie/?p=3852 Carrier IQ Tracking Scandal Spirals Out of Control | cloudy.ie

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://www.techxpress.in/?p=463 Carrier IQ Tracking Scandal Spirals Out of Control | TechXpress

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://randomsmartstuffs.com/2011/12/01/ca...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Random Smart Stuffs

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://www.brianlfontenot.com/2011/12/01/c...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Brian's Blog Site

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://ingenuatur.com/blog/?p=4720 Carrier IQ Tracking Scandal Spirals Out of Control –

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://eskobo.com/2011/12/01/carrier-iq-tr...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Tech News Aggregator

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://pre-paidphones.info/2011/12/carrier...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control « Pre Paid Phones « Prepaid Phones

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://businesssmallbusiness.org/uncategor...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Business Small Business

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since [...]
    *
      http://www.socialreach.biz/2011/12/01/carr...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control | Social Reach

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]
    *
      http://www.planobrickhouse.com/hacks/carri...out-of-control/ Carrier IQ Tracking Scandal Spirals Out of Control « Plano Brick House

      [...] currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s [...]

blog comments powered by Disqus


--------------------
> CS1.5 forever!
> GO and view Michael Moore´s Fahrenheit 9/11
> Apple: Ist krank. Macht krank!
> Apple: Is ill. Makes ill!
PMUsers Website
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll

 



[ Script Execution time: 0.0288 ]   [ 11 queries used ]   [ GZIP Disabled ]   [ Server Load: 0.02 ]