toad
1st December 2011, 22:51
http://a57.foxnews.com/static/managed/img/Scitech/660/371/spyphone.jpg
Over 100 million smartphones are tracking their owners’ every step, Android developer Trevor Eckhart claims, thanks to software that comes preinstalled on phones from most major carriers.
During a security demonstration revealed on Monday, Eckhart showed how software developed by Carrier IQ tracks virtually everything a user does -- going as far as logging individual keystrokes and button presses. The company claims it helps its customers improve quality and performance “by counting and measuring operational information in mobile devices.” Security experts call it spyware.
Here's what YOU need to know:
What exactly is it watching?
Eckhart found evidence that Carrier IQ was doing much more than simply helping improve network quality; he said the company's software detects every button pressed, every text message sent, every website browsed to. His findings have not been confirmed, however, and at least one researcher suggested that, despite receiving such activity, there was no evidence that Carrier IQ was recording it.
What's a 'rootkit'?
Eckhardt described the Carrier IQ software a "rootkit," a word with negative connotations in the tech world. A rootkit is software buried deep within a computer (or smartphone) that has "root" or administrator-level access. While such software can be used for reasonable purposes -- total access to a device or computer would certainly be useful for quality assurance purposes -- it has gained notoriety through an associate with malware.
So isn't what Carrier IQ is doing illegal?
If the software is doing what the company claims, there shouldn't be any issue. If Eckhardt's findings are correct, however, and Carrier IQ is monitoring smartphones without informing their owners, that may be grounds for a class-action lawsuit based on a federal wiretapping law.
“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very [like] a federal wiretap,” Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School, told Forbes.
So why is it there in the first place?
Carrier IQ claims its software is intended to help carriers monitor and evaluate network quality. It's a mobile analytics platform, used to improve the quality and the user experience, they claim, helping with issues such as dropped calls and battery drain.
Which carriers use the software?
Wireless carriers AT&T and Sprint have confirmed that their smartphones do come with the Carrier IQ software preinstalled on them. Verizon, on the other hand, has distanced itself from the software, insisting that its phones don’t carry Carrier IQ.
Which handset manufacturers have it?
Blackberry-maker RIM and Nokia announced Thursday that their smartphones don't come with Carrier IQ . But Eckhart said phones from many major manufacturers does include it, such as HTC and Samsung. Apple has not said whether its phones come with Carrier IQ, though some reports indicate they may as well.
What's going to happen?
On Thursday, Minnesota Senator Al Franken wrote a letter to Carrier IQ CEO Larry Lenhart, asking him to spell out exactly what sort of data his software is collecting. "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," Franken said in a statement. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling." Carrier IQ promises a complete investigation by independent security analysts -- but until then, the company won't comment further.
Read more: http://www.foxnews.com/scitech/2011/12/01/carrier-iq-spyware-or-handy-tool-what-need-to-know/#ixzz1fKGyjoZM
Carrier IQ, the carrier-sanctioned keylogger and activity monitor that has been confirmed to exist on Android devices, on AT&T and Sprint networks, has been found in iOS. In our post yesterday, we wrongly assumed that Carrier IQ was something that carriers added to smartphones — but now it’s clear that Apple bakes Carrier IQ into its closed-source iOS for use by carriers.
At this point it isn’t clear if Carrier IQ is snooping on your everyday iPhone use. It sounds like it’s only active when “Diagnostics & Usage” is turned on, and that should only be enabled if you clicked “Submit Logs to Apple” during the iOS 5 setup process. There’s also no proof that this data is actually transmitted across the internet to Carrier IQ servers — but to be honest, if Apple has gone to the trouble of installing multiple third-party daemons on its infallible fondleslab, it’s fairly safe to assume that it’s being used.
In other news, Nokia has confirmed that none of its devices have ever used Carrier IQ, and Verizon has also gone on the record to say that it doesn’t use the software. Google, too, has confirmed that none of its flagship Nexus devices (or the Xoom tablet) have Carrier IQ installed. As we reported yesterday, CyanogenMod is safe as well. Over on The Verge, someone who appears to be an employee of RIM says that RIM has never used, or allowed, Carrier IQ to be installed on its BlackBerry devices.
There are also very few reports of Carrier IQ being found on European phones, from carriers like Vodafone, Three, and Orange. For now, it seems like CIQ is mostly contained to AT&T and Sprint devices in the US.
How to detect and remove Carrier IQ
CIQ Check for AndroidIf you’re using an Android phone or tablet, install Trevor Eckhart’s Logging Test App from XDA-Developers (version 7 at the time of publishing; scroll all the way down). Unfortunately, as this is an off-market app (an APK installer), you will need to push it to your device manually. The easiest way to do this is to email the APK to yourself, then download the attachment on your phone. If that doesn’t work, you need to install the Android SDK and use ADB. Your phone needs to be rooted, too (yes, carriers do not make this easy — to root your phone, Google “how to root PHONE_MODEL_HERE_”).
Hit “CIQ Checks” (see right) and the app will tell you if it’s installed. Pay $1 and the app will try to remove it for you (this doesn’t always work, though). Sadly, there doesn’t seem to be any other way to disable CIQ on Android devices. Carriers like AT&T and Sprint will almost certainly provide some kind of workaround in the next few days, though; the clamoring crowd is impossible to ignore at this point.
iOS Diagnostics & Usage disabledIf you’re using an iPhone or iPad, head into Settings > General > About > Diagnostics & Usage, and click “Don’t Send.”
Update: This route is only available if you’re using iOS 5. If you’re stuck using iOS 3 or 4, and you have a jailbroken device, you can follow Chpwn’s instructions to disable CIQ.
Preventative measures
Ultimately, the safest solution is use a phone that doesn’t have Carrier IQ installed, and a carrier that has resisted the sweet temptation of keylogged telematics. If you currently use an infected Android phone on AT&T, switch to the Galaxy Nexus on Verizon. If your contract isn’t up yet, install CyanogenMod on your phone.
If you’re stuck with your iPhone, either pray that disabling Diagnostics & Usage is enough, or perhaps switch to Windows Phone 7 — so far, it seems like Microsoft’s nippy, tile-based wonder might be the only smartphone OS without Carrier IQ installed.
http://www.extremetech.com/computing/107427-carrier-iq-which-phones-are-infected-and-how-to-remove-it
This just dropped in the past few days, and the internet is swarming. The company who created CarrierIQ has claimed quite vigurously that it doesnt do what it claims, but the man who found it on accident shows quite clearly that it is doing other then they say. What you guys think?
here is the original video from Eckhart;
T17XQI_AYNo
Over 100 million smartphones are tracking their owners’ every step, Android developer Trevor Eckhart claims, thanks to software that comes preinstalled on phones from most major carriers.
During a security demonstration revealed on Monday, Eckhart showed how software developed by Carrier IQ tracks virtually everything a user does -- going as far as logging individual keystrokes and button presses. The company claims it helps its customers improve quality and performance “by counting and measuring operational information in mobile devices.” Security experts call it spyware.
Here's what YOU need to know:
What exactly is it watching?
Eckhart found evidence that Carrier IQ was doing much more than simply helping improve network quality; he said the company's software detects every button pressed, every text message sent, every website browsed to. His findings have not been confirmed, however, and at least one researcher suggested that, despite receiving such activity, there was no evidence that Carrier IQ was recording it.
What's a 'rootkit'?
Eckhardt described the Carrier IQ software a "rootkit," a word with negative connotations in the tech world. A rootkit is software buried deep within a computer (or smartphone) that has "root" or administrator-level access. While such software can be used for reasonable purposes -- total access to a device or computer would certainly be useful for quality assurance purposes -- it has gained notoriety through an associate with malware.
So isn't what Carrier IQ is doing illegal?
If the software is doing what the company claims, there shouldn't be any issue. If Eckhardt's findings are correct, however, and Carrier IQ is monitoring smartphones without informing their owners, that may be grounds for a class-action lawsuit based on a federal wiretapping law.
“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very [like] a federal wiretap,” Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School, told Forbes.
So why is it there in the first place?
Carrier IQ claims its software is intended to help carriers monitor and evaluate network quality. It's a mobile analytics platform, used to improve the quality and the user experience, they claim, helping with issues such as dropped calls and battery drain.
Which carriers use the software?
Wireless carriers AT&T and Sprint have confirmed that their smartphones do come with the Carrier IQ software preinstalled on them. Verizon, on the other hand, has distanced itself from the software, insisting that its phones don’t carry Carrier IQ.
Which handset manufacturers have it?
Blackberry-maker RIM and Nokia announced Thursday that their smartphones don't come with Carrier IQ . But Eckhart said phones from many major manufacturers does include it, such as HTC and Samsung. Apple has not said whether its phones come with Carrier IQ, though some reports indicate they may as well.
What's going to happen?
On Thursday, Minnesota Senator Al Franken wrote a letter to Carrier IQ CEO Larry Lenhart, asking him to spell out exactly what sort of data his software is collecting. "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," Franken said in a statement. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling." Carrier IQ promises a complete investigation by independent security analysts -- but until then, the company won't comment further.
Read more: http://www.foxnews.com/scitech/2011/12/01/carrier-iq-spyware-or-handy-tool-what-need-to-know/#ixzz1fKGyjoZM
Carrier IQ, the carrier-sanctioned keylogger and activity monitor that has been confirmed to exist on Android devices, on AT&T and Sprint networks, has been found in iOS. In our post yesterday, we wrongly assumed that Carrier IQ was something that carriers added to smartphones — but now it’s clear that Apple bakes Carrier IQ into its closed-source iOS for use by carriers.
At this point it isn’t clear if Carrier IQ is snooping on your everyday iPhone use. It sounds like it’s only active when “Diagnostics & Usage” is turned on, and that should only be enabled if you clicked “Submit Logs to Apple” during the iOS 5 setup process. There’s also no proof that this data is actually transmitted across the internet to Carrier IQ servers — but to be honest, if Apple has gone to the trouble of installing multiple third-party daemons on its infallible fondleslab, it’s fairly safe to assume that it’s being used.
In other news, Nokia has confirmed that none of its devices have ever used Carrier IQ, and Verizon has also gone on the record to say that it doesn’t use the software. Google, too, has confirmed that none of its flagship Nexus devices (or the Xoom tablet) have Carrier IQ installed. As we reported yesterday, CyanogenMod is safe as well. Over on The Verge, someone who appears to be an employee of RIM says that RIM has never used, or allowed, Carrier IQ to be installed on its BlackBerry devices.
There are also very few reports of Carrier IQ being found on European phones, from carriers like Vodafone, Three, and Orange. For now, it seems like CIQ is mostly contained to AT&T and Sprint devices in the US.
How to detect and remove Carrier IQ
CIQ Check for AndroidIf you’re using an Android phone or tablet, install Trevor Eckhart’s Logging Test App from XDA-Developers (version 7 at the time of publishing; scroll all the way down). Unfortunately, as this is an off-market app (an APK installer), you will need to push it to your device manually. The easiest way to do this is to email the APK to yourself, then download the attachment on your phone. If that doesn’t work, you need to install the Android SDK and use ADB. Your phone needs to be rooted, too (yes, carriers do not make this easy — to root your phone, Google “how to root PHONE_MODEL_HERE_”).
Hit “CIQ Checks” (see right) and the app will tell you if it’s installed. Pay $1 and the app will try to remove it for you (this doesn’t always work, though). Sadly, there doesn’t seem to be any other way to disable CIQ on Android devices. Carriers like AT&T and Sprint will almost certainly provide some kind of workaround in the next few days, though; the clamoring crowd is impossible to ignore at this point.
iOS Diagnostics & Usage disabledIf you’re using an iPhone or iPad, head into Settings > General > About > Diagnostics & Usage, and click “Don’t Send.”
Update: This route is only available if you’re using iOS 5. If you’re stuck using iOS 3 or 4, and you have a jailbroken device, you can follow Chpwn’s instructions to disable CIQ.
Preventative measures
Ultimately, the safest solution is use a phone that doesn’t have Carrier IQ installed, and a carrier that has resisted the sweet temptation of keylogged telematics. If you currently use an infected Android phone on AT&T, switch to the Galaxy Nexus on Verizon. If your contract isn’t up yet, install CyanogenMod on your phone.
If you’re stuck with your iPhone, either pray that disabling Diagnostics & Usage is enough, or perhaps switch to Windows Phone 7 — so far, it seems like Microsoft’s nippy, tile-based wonder might be the only smartphone OS without Carrier IQ installed.
http://www.extremetech.com/computing/107427-carrier-iq-which-phones-are-infected-and-how-to-remove-it
This just dropped in the past few days, and the internet is swarming. The company who created CarrierIQ has claimed quite vigurously that it doesnt do what it claims, but the man who found it on accident shows quite clearly that it is doing other then they say. What you guys think?
here is the original video from Eckhart;
T17XQI_AYNo