Unprecedented level of spying on consumers using Android and Apple smart phones

[gravenewworld]

Quite scary.

http://www.pcworld.com/article/245229/carrier_iq_rootkit_reportedly_logs_everything_on_m illions_of_phones.html

If you use an Android, BlackBerry, or Nokia smartphone then you may be at risk of being illegally wire-tapped by Carrier IQ--a provider of performance monitoring software for smartphones--according to reports.

Earlier this month, security researcher Trevor Eckhart announced that he found software made by Carrier IQ that may be logging your every move on your mobile phone. Trevor referred to it as a "rootkit", a piece of software that hides itself while utilizing privileged access like watching your every move. Carrier IQ didn't take too kindly to this accusation, and responded aggressively with a cease-and-desist letter, and went on to deny this accusation. However, to further back his accusation, Eckhart released a video that he says shows the software in action.



In the video, Eckhart shows that Carrier IQ is also logging Web searches. While this doesn't sound all that bad by itself, it suggests that Carrier IQ is logging what happens during an HTTPS connection which is supposed to be encrypted information. Additionally, it can do this over a Wi-Fi connection with no 3G, so even if your phone service is disconnected, IQRD still logs the information.

[Evo]

And it's on Apple devices also.

References to data logging software Carrier IQ have been found on Apple’s iOS

1st December 2011 by Aayush Arya

Given Apple’s much more closed ecosystem and tighter control over both the hardware and software of its phones, and its famed refusal to let the carriers dictate what comes preinstalled on an iPhone, it had seemed unlikely that its operating system would have any traces of Carrier IQ’s software, but that has turned out to not be the case.

http://thenextweb.com/apple/2011/12/01/references-to-data-logging-software-carrier-iq-have-been-found-on-apples-ios/

[gravenewworld]

Here is the video. It's absolutely eye popping. Can you imagine how many people check things like their bank accounts everyday with their smartphone? or input their social security numbers?


http://www.youtube.com/watch?v=T17XQI_AYNo&feature=player_embedded

[dlgoff]

Quite scary.

Wikipedia even speaks of the Rootkit controversy (http://en.wikipedia.org/wiki/Carrier_IQ#Rootkit_controversy) and on the Carrier IQ web site (http://www.carrieriq.com/index.htm), they flaunt their ability to

Identify exactly how your customers interact with services and which ones they use. See which content they consume, even offline.

[Borg]

I'm glad that I don't have a cell phone.

[gravenewworld]

How many doctors use smart phones to look up patient information and medications or to discuss operations and patients? Can you imagine how many times HIPAA laws have been violated by this little program? It really is essentially a wiretap on 150 million Americans by private companies.

[rhody]

I didn't realize someone beat me to this. I did a search before posting but apparently didn't pick up on the words in the title above. Borek pointed this out. I would not object to having the thread deleted.

I thought this would be an interesting addition to what has already been posted here, so I included it from my original post.

The carrier's justification for having the software on the devices is to spot problems across a network, where and why calls are being dropped, battery life problems, and general phone software glitches. Apple says it stopped supporting it in the latest version of iOS and will completely eliminate Carrier IQ from all iPhones and iPads in an upcoming software update.

Aren't rootkits fun ? I wonder if Kasperski's (http://www.google.com/url?sa=t&rct=j&q=kaspersky&source=web&cd=3&sqi=2&ved=0CHcQjBAwAg&url=http%3A%2F%2Fwww.kaspersky.com%2Ftrials&ei=x93YTvhqwvDSAf20mIUO&usg=AFQjCNGj8RgyZyXDDt2RuRnX6hmw_liqhw) latest tool to detect them has a cell phone app as well as for a PC. I have it on my PC, and it has detected and removed google web page redirects (rootkit) nicely. Every time you execute it, it goes out and downloads a new version of the software in a .zip file, it takes only seconds to run as well. I run the free version. Rootkit insurance is what I like to call it.

Rhody...

[rhody]

FYI. Something to mull over...

FBI using Carrier IQ info for "law enforcement purposes," refuses to release records (http://arstechnica.com/tech-policy/news/2011/12/fbi-using-carrier-iq-info-for-law-enforcement-purposes-refuses-to-release-records.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss)
Morisy speculates that "What is still unclear is whether the FBI used Carrier IQ's software in its own investigations, whether it is currently investigating Carrier IQ, or whether it is some combination of both—not unlikely given the recent uproar over the practice coupled with the US intelligence communities reliance on third-party vendors. The response would seem to indicate at least the former, since the request was specifically for documents related directly to accessing and analyzing Carrier IQ data."

Rhody... :uhh:

[rhody]

I must be on a roll today...

Android Infected? Microsoft Offers WP7 Giveaway (http://informationweek.com/news/security/mobile/232300423)
Google recently removed 22 applications from the Android Market on suspicion of being malware. The apps in question, spotted by security firm Lookout, mainly targeted Android smartphone users across Europe and included premium SMS fraud services that cost users money. The main culprit was called RuFraud and affected users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia, Great Britain, Italy, Israel, France, and Germany. The malware didn't jump across the Atlantic to affect North American users.

and...

(I hope the irony is obvious to everyone here: Microsoft handing out free hardware for infected devices? C'mon, that's golden.)

One user responded: "(shamefully admitting) I fell for the Cut the Rope SMS exploit, they got me for $352.26. #droidrage #windowsphone #androidsucks."

Another said: "I've had to flash my Android phone twice because of malware. Not to mention the fragmentation issues + battery life."
Be careful what you download people...

Rhody... :rolleyes:

[feathermoon]

Did this program transmit pictures or video from the phones, or just text? I can't even IMAGINE how disastrous this is for personal privacy.

Not entering the smart phone market until this is cleared up!

[Adyssa]

Wow. Go me and my 6 year old Nokia. I've been slow on the uptake with smart phones, but I'm less and less concerned about it every day!

[jhae2.718]

Smart phones are awesome if you keep in mind that they are basically a computer that can be also used as a phone, and thus require all the care and responsibilities that a general purpose computer does.