A 25-year-old has discovered a piece of software installed on millions of phones by wireless telecom providers that can log every keystroke and send it to the carrier mothership. What they do with that information is their business, not yours. For his trouble, this guy was harassed by Carrier IQ, the company that sells the software, but with the EFF’s help, they were forced to back off and even apologized.
Here’s a summary of what we know so far:
* Some Android and Blackberry phones have Carrier IQ. It was originally discovered on a HTC Android phone, and it ran whether or not the user opted-out of data collection.
* Carrier IQ has been found on iPhones, but it appears to collect far less information than on Android, and if the user chooses a privacy opt-out, no information is gathered.
* Verizon has denied installing Carrier IQ on any of its phones. So the threat is probably limited only to certain carriers.
* Carrier IQ is not installed on Google-controlled devices (the Nexus line of phones and the original Xoom tablet) since Google manages the software on those phones, not the carriers.
If you need any more reason to prove that we need more regulation of wireless telco, here it is, in spades. The most comprehensive coverage of this story is at The Verge, which is a new tech publication run by Markos Moulistas’ Vox communications. And if you want to see a good fisking of some of Carrier IQ’s bullshit, Jon Gruber has one.
The Snarxist Formerly Known as Kryptik
All this means is that Congress will get right on requiring that ALL mobiles MUST have this software under pain of death because SECURITY BITCHES! The Telecoms can never be wrong, and if you think that you’re a dirty fucking hippie that isn’t suited for this country so get the fuck out!!
Yeah…sorry for that little bout of limitless optimism and idealism there. :/
terraformer
If you opt-out of such data collection, quite obviously, you hate America.
Jennifer
This is one of the reasons, besides cost, that I stick to using the old-fashioned flip phone, that just sends and receives calls. While it would be possible to text on this phone, I don’t use texting because that’s what email is for and I don’t like having to type on a stupid keypad, and I don’t want to pay for it, so I’ve blocked texting on the phone so I don’t get any incoming, either. I’ve not trusted the telecoms ever since their illegal data-mining on behalf of BushCo and figured that I’d just as soon they know as little about my communications as possible – and I’m pretty sure it wouldn’t be that difficult to save a copy of every text as opposed to recording every voice conversation.
The Snarxist Formerly Known as Kryptik
Oh yeah, I forgot. Obviously, the solution is more mergers and market concentration because that’s what the market demands and if you disagree you’re a flaming fucking commie.
The Moar You Know
No need for potentially illegal wiretaps when the carriers can just record all the activity at the source.
Can’t wait to see how ugly and big this gets, the software’s in iPhones as well.
willard
I assume that everything is being logged since it has to pass through a somebody else’s network and unlike my PC I have little control over the base software install. There really isn’t any privacy because gigabytes are so cheap and there is a financial motive to mine that data.
Villago Delenda Est
@The Snarxist Formerly Known as Kryptik:
I believe you’s summed up the gist of the entire thing right here.
What do they want the keyboard data for? Well, to sell it to marketing asswipes who will then send you ads you never asked for.
Michael D.
I can tell you with absolute certainty that Verizon Wireless doesn’t add Carrier IQ to its phones.
Gromit
@willard:
Part of the scandal here is that, according to the guy who discovered this, some stuff that is supposed to be encrypted is logged as clear text. That’s a big deal.
Winston Smith
This needs to be an opt-in feature that can be disabled. The really infuriating thing about this is that you can’t disable or remove it.
That said, I haven’t seen any evidence that Carrier IQ is actually sending anything “to the mothership.” That’s an assumption with no proof (that I’ve seen). Trevor Eckhart has shown that sensitive data is being logged (a serious screw up) but not that the logs are going anywhere other than your handset. Carrier IQ could do anything it wants with your private data, but so can a lot of applications you download. I just installed Swiftkey X (which I like). It can log my keystrokes, too, but I’m not calling the EFF about it.
Eckhart’s analysis shows that he doesn’t understand some basic things about how the system works, either. I need to read some of the links supplied in this post, but so far, I don’t see this as anything more than a major PR mess.
RossInDetroit
@Gromit:
Yup. Next fat target for hackers: smartphones. And when they can get your bank data or passwords in clear text you’re wide open to ripoffs. Ironically, it may be the financial institutions that are on the side of privacy advocates here. Banks eat billions in hacker fraud. Any cell provider that’s leaving a back door open to hackers is going to come under heavy pressure from financial institutions who want to keep their customers’ mobile business without getting bled dry by fraud.
Winston Smith
@Gromit:
Yes and no.
That data shouldn’t have been sent to the logs; logging data like that (which could include credit card numbers) is just a major screwup. The fact that Carrier IQ sees it unencrypted is not even remotely weird. It just means that Carrier IQ is receiving browser events which are way above encryption in the “stack.” Eckhart seems to believe that Carrier IQ is sniffing his WiFi and he’s just wrong.
Gromit
@The Moar You Know:
So far it doesn’t appear to do the really egregious stuff in iPhones (on Android it was demoed logging keypresses and text messages), and users can opt out without jailbreaking or rooting the device, an option that is offered on initial setup. From what I understand the only way to kill this thing on Android phones where it is installed by the carrier is to install a modified version of the OS.
Of course the iPhone revelations are still developing.
gene108
How can we grow our way out of this “recession”, if we block new avenues for the free market to expand?
I’m sure there were buggy-whip makers, who were screaming for protection a 100 years ago, when the automobile was clearly the way of the future. I’m sure we’d all be better off, if we still made sure buggy-whip makers had a market, even though there’s no demand for the services on any significant scale.
It’s potential interference like this that is forcing businesses to sit on $2 trillion of cash and not invest.
To borrow some internet jargon, you guys are a bunch of “morans”.
/sarcasm
RossInDetroit
A quote from a Boing Boing summary (with video) that clarifies the ‘unencripted’ issue a bit:
Villago Delenda Est
These guys COULD clear this all up by explaining what this particular piece of software is designed to do, and why it does it, and what benefit it is for the consumer.
If they can’t do that, well, people are going to wonder why exactly this piece of software, unknown to them until now, is on their phones.
And they’re going to suspect the worst.
Because, very wisely, no one trusts the Ferengi greedheads who run the Telcos.
kindness
C’mon. The user of the device is the one who is supposed to be able to control their device. They should be the ones who have final say over whether something like Carrier IQ is active or even on a device or not.
I’ve got an iPhone and you can be sure that tonight when I get home I’m hooking that baby up to my mac to run through the diagnostics review. Apparently within the sync diagnostics there’s a Carrier Allowed setting that supposubly by default is set to no. In that setting, Carrier IQ is inactive. But I don’t know that for sure. It isn’t a setting I’ve touched as of yet. Tonight I’ll know.
The larger question is this is a Big Brother ramification issue and individual rights should easily trump it, but that isn’t what corporate America wants. Who wins then? I’d say legislation is needed apparently.
@gene108: sarcasm? looks more like thread jacking spam.
Culture of Truth
Has Andy Sullivan weighed in on the Carrier IQ?
William Hurley
ah yes, another lesson from the “ether” that we, me and you too, are not individuals nor customers, we’re products.
We’re products that device and software makers help service-providers, marketers and advertisers shape for better, more lucrative resale value up-stream.
Your behavior, beliefs and desires are their intellectual property.
Welcome to the era of e-baojia.
Also, beware giving your trust to those whose marketing persona declares “do no evil”.
Michael D.
@kindness:
?
Villago Delenda Est
@Michael D.:
I think that’s snark. Like “prezactly” is.
I had a friend in college who was very well spoken, except that he could not pronounce “supposedly” in the standard manner. He said “susposedly”. In the dorm, everyone started using that pronunciation, it caught on, in part as a gentle gibe at my friend, but also in part because it was different, and distinctive.
Soonergrunt
Here is a link to an app to check to see if you have CarrierIQ, or other loggers installed on your Android phone. You’ll have to root your phone to use it, though:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
Also, check the user oriented forums for your carrier. My carrier, US Cellular, does not put this software on Android phones, or at least it doesn’t show up on our phones, including my model, according to other forum users. If you are feeling adventurous, you could always root your phone and then replace the ROM with a custom job, but that can cause some issues.
William Hurley
As a complement to the materials on the matter linked in the opening post I offer this Wired article on the matter.
Note cIQ’s brazen disregard for legal and social diplomacy.
“You are not supposed to know that nicotine’s addictive – silly product! Give us back our secrets, now, or else! Comply and conform and all will be forgotten.”
Ain’t transparency grand?!??!
Three-nineteen
Here’s an article on how to disable the software on the iPhone:
http://preview.tinyurl.com/7n7qbzk
I had already disabled it, even though I didn’t know what exactly it was. The phone says “Help Apple improve it’s products and services by automatically sending daily diagnostic and usage data”. I had shitcanned that option the second I got the phone.
Re-checking that I’m opted out is always good, plus while I was noodling around in there I found an option that lets me know how much battery life I have expressed in a percentage rather than that stupid picture of a battery.
El Tiburon
Random thought: why the need to point out this person’s age? The implication being he is a youngster?
So, I guess in your world, he is old enough to strap on an M-16 and die in a foreign land but not old enough to sass Sen. Brownback or find some embedded software?
You, sir, are a fascist pig.
Villago Delenda Est
@El Tiburon:
I don’t think that’s the point of the age at all.
Just pointing out that them young’uns who grew up with the intertubes can be right clever about these things.
Belafon (formerly anonevent)
@Winston Smith: Having read through some of the stuff, Winston, you are correct, Carrier IQ is not itself sending the information back. But, it is making everything available for the phone itself to send to whoever the phone company tells the phone to send it to. Carrier IQ was partially stupid for trying to block the researcher. The phone companies, on the other hand, were trying to sneak something in without telling the user and giving them a way to opt out.
ETA: And making it available before any encryption software has a chance to deal with it.
Seebach
@El Tiburon: Nah, it just means baby boomers no longer contribute anything of use to society.
mistermix
@El Tiburon: When did you become a troll?
Origuy
My aunt just posted the old myth about cell phones numbers being put in a directory. Except for dates, it was word for word the email in the Snopes page I replied with. But I can see how someone could believe it, when the telcos do something like this.
gene108
@kindness:
Hasn’t hijacked thread yet. Your fear is unwarranted.
RalfW
People quite literally laugh at me for having a 5 year old dumb as rocks Verizon flip phone (ohhhh, I can text to google and get a restaurant phone # by return text!).
But I’m pretty sure it’s not telling Verizon anything other than:1) I’m cheap as hell and 2) where my phone is and the numbers I dial/calls I get.
dmbeaster
@Winston Smith:
This is insanely naive.
Winston Smith
@Villago Delenda Est:
According to their press release, they are gathering aggregate profile data. For example (my example, not theirs), they might collect the average delay between a web request and the receipt of a response from the network. This metric might tell the carrier something about how their network is performing and whether it needs some tweaking to improve performance. The benefit to the consumer, theoretically, is that the carrier can monitor network quality and address problems that lower your user experience.
I for one, believe Carrier IQ when they say that’s what they’re doing. They’re major screw-up is that while they may be aggregating the data they send to “the mothership,” they are writing sensitive data to the log. If they’re scrubbed their log entries of sensitive data, this wouldn’t be an issue.
Winston Smith
@dmbeaster:
Because of course it is.
9/11 was an inside job!
RalfW
@William Hurley:
Which is why I don’t use any loyalty cards at gas stations or grocery stores. In fact I do my best to not shop at stores that require cards to get “deals.” I suppose it is capitalism at work – I sell my valuable shopping habits for 50 cents off Toasted Frosty Nipples, but is it worth that?
I do use my bank card, though, so my overall purchases are tracked. I learned that over a decade ago when – pre-recovery – I was mailed a “Beer lovers MasterCard” offer. Awkward!
Winston Smith
@Belafon (formerly anonevent):
Yeah, but the phone companies don’t need Carrier IQ to do this if they want to do this. They install the version of Android, and unless you want to install your own build (some people do), then you really can’t stop them from doing any of this. Also, with things like calls and SMS, there’s no need for them to put anything on your phone because that stuff goes over their network unencrypted anyway.
Yes on both. The really troubling issue for me is the lack of user control. If you want to opt-in to helping your carrier collect statistics, that should be your choice, but as it is, it’s very difficult to opt OUT.
I don’t think that’s a huge problem — I think the huge problem is that the encrypted data is written to the log without any kind of scrubbing.
El Tiburon
@mistermix:
Someone needs to tell Francis to lighten up and recalibrate their snarkometer.
Villago Delenda Est
@El Tiburon:
Poe’s Law: it’s the ironclad rule of political blogs
Catsy
@Three-nineteen:
Oh, good. Because my default response to any such question is “not only no, but FUCK NO”. Some of that information has legitimate value and purpose from a customer service and product improvement standpoint, but I fundamentally don’t trust any service or developer enough to open that door for them–because once you do, you have no say or control over exactly what they know. And I don’t have the bandwidth in my life to spend all my time figuring out who the good guys and bad guys are and exactly what they all want to collect.
THE
Yes I’ve avoided smartphones like the plague too, because of all the creepy, intrusive, software.
I hate it when my phone knows more about me than I do. It’s like the recording angel or the Akashik records.
Gin & Tonic
I also think that “A 25-year-old” beginning is pointless and dumb. Yeah, I know it’s in TFA on Threat Level, but it’s pointless and dumb there, too, and you don’t have to repeat their dumbitude.
El Cid
@RalfW: I just fill out the loyalty card applications with false information. Like for grocery stores.
mistermix
@El Tiburon: OK, I guess being called an ageist all the time has broken my snarkometer on that subject.
Donut
@Culture of Truth:
Andy sez the black model iPhones are not as intelligent as the white models, but since there are no yellow or brown phones, that is all he’s got to go on.
@Origuy:
GAH! You’re not supposed to point stuff like this out. The fact that people are sometimes overloaded and confused by stray pieces of crap floating around the toilet bowls of the Internet (see also: Wolf, Naomi), and end up believing stuff that turns out to be utter nonsense in the end, well, it is not at all relevant.
It’s the same thing as defending the conspiracy theory, dontcha know.
Well, let me self-correct – if you point this out in relation to Telecoms, it’s okay, but don’t try saying anything like it’s a perfectly normal reaction for people to mistrust the Department of Homeland Security, because, you know, the “good guys” are in charge of it, for now.
Winston Smith
@Donut:
FTW.
dmbeaster
@Winston Smith: OK, I will give you the long version.
Justice Holmes is famous for his analysis of the law based on the concept of how it influences the bad man. The underlying assumption is that the rules we fashion should assume that the bad man will seek to exploit the loopholes that might exist, and that it is not sound to presume moral obedience in fashioning minimum legal rules of conduct.
So here, you have to assume that someone given an extraordinary power to commit fraud or other harm using such critical data will at some time do so, or alternatively, will accidentally enable some other wrongdoer through carelessness or inadvertence.
It does not matter if Carrier IQ is as pure as driven snow, or that the underlying motive for the app was purely to address network quality and other problems with user experience. You cannot judge the seriousness of this issue based on such, since it is the potential for misuse which should guide your thinking.
Therefore, believing that something is not an issue because you think it unlikely that misuse will actually occur is naive. Misuse always occurs at some point, and if the potential for misuse can have such dramatic consequences as it would here, you simply must adopt means to police it. Relying on the good faith of the industry as your sole prophylactic is always going to end badly.
RossinDetroit
My 4.5 YO Verizon Samsung Alias I is perfect for my needs. I’m a hardware and software tech guy, and when this breaks I’ll fix it or buy another.
The bleeding edge is for other people.
Nobody should be surprised that smartphones have unannounced functions. They’re highly sophisticated machines that are utterly opaque to 99.9% of users. The’re part of a multibillion dollar, highly profitable industry. In a day and age when info about you has a dollar value, damn right they’re going to collect it without your knowledge.
carpeduum
Should have known you were a Markos
fanboyshill. That orange site of his has become one massive embarrassment to everyone else on the left. Makes all of us look as dumb as freepers.Winston Smith
@dmbeaster:
OK, fine, but your argument also applies to your service provider as well. Regardless of which phone you use, your service provider DOES:
– Log the time, duration and dialed number of every call you make.
– Log the time and destination of every SMS you send.
– Log your data usage.
– Effectively log your actual web usage through the implementation of edge caches.
– Hold your phone messages in their possession.
– Hold some portion of the “cloud” data you utilize
Further, your service provider CAN:
– Record all your calls
– Record all your text messages
– Record all of your network traffic. Although traffic sent with HTTPS will be encrypted, the web server you contact will be known.
– Log every single thing you do with your phone
– Log the wealth of sensor data available on fancy phones including GPS, but also other telemetry.
– Activate the microphone and camera on your phone without your permission
Having a phone at all, much less a smart phone, is already an enormous exercise in trust.
HyperIon
@Jennifer:
Yes.
But of course I am old so that explains a lot.
Nash
@Winston Smith:
Here’s the problem you’re missing:
Yes, carriers can record all this data. But Carrier IQ represents a potential security hole: any of this data could be accessed by hackers simply because 1) Carrier IQ can log it, 2) Carrier IQ can be turned on remotely, and 3) Carrier IQ exists, acting as a great big wide open backdoor into your phone.
Look up the Sony CD Rootkit debacle; it’s the same deal.
Nash
I think there are other concerns here being overlooked.
I just mentioned that this thing acts as a rootkit and a gaping security hole, but this is also a concern for corporate phone users.
Who wants a phone that can log all the activities you or your employees make using that phone? That’s a whole bag of bad juju and I’m pretty sure a lot of CEO’s (the ones who pay attention, at any rate) are already on the phone to their lawyers . . .
William Hurley
@RalfW:
Well done. I’ve found that most “customer” convenience cards/clubs are still blunt, unsophisticated instruments. As such, I provide the minimum amount of “info” to secure a card – none of which is actually accurate.
Unfortunately, there are times and circumstances when authorities decide that knowing where you are at all times supersedes your right to be a beneficiary of the 4th and 5th Amendments. The they use to forestall efforts to repair Constitutional primacy is to enforce deep secrecy about the decision-making apparatus and its processes – let alone the actual outputs from that extra-Constitutional arrangement.
dmbeaster
@Winston Smith:
I agree with your points in that comment, but all that it does is further emphasize mistermix’ point in the first place:
and undermine your counterpoint in no. 10 above that:
And that is what I was calling naive.
Gromit
@Winston Smith:
This is news to me. Are you including offline app usage and even keypresses?
RareSanity
@Winston Smith:
There are a couple of points that I’m going to disagree with you on.
The main one being that, if I choose, there are applications that will encrypt basically anything that goes out of my phone. I can use an SMS app that encrypts my texts before sending them out. I can use a VoIP app that encrypts voice calls.
The major issues with CarrierIQ, is that it is logging data, using the facilities of the operating system. It is grabbing key presses at the same time that the applications is. It’s basically, someone standing over my shoulder, watching me login into my bank’s website. Nothing is secure, if it can be logged before any security can be applied to it.
Also, the articles specifically pointed out that the software does “call home”. This was proved when he did the testing where he was on a WiFi connection, with a phone that had not been activated with a carrier.
In addition, there is passive and active monitoring. There may or may not be data, that is automatically sent, constantly. The problem is, the carrier (or an agent of the carrier), can open an ACTIVE monitoring session on your phone, without you knowing, and will have access to any CarrierIQ data that has been (and is being) logged…which we can see is a lot.
You won’t know if it’s happening, you can’t stop it (short of turning your phone off), and there doesn’t have to be any specific reason for a session to be initiated.
And this…
Is just wrong. Without something like CarrierIQ, carriers have absolutely no access to telemetry data, other than GPS. Congress gave them that access with the wonderful E911 law. They can’t log anything you do, unless it goes over the network. They also cannot activate your microphone or camera.
Where did you get that idea from?
Winston Smith
@dmbeaster:
Yes, you’re right, I waaaaay understated the case in that post.
@Nash:
The problem is not that Carrier IQ can log it, but that Carrier IQ does log it. Carrier IQ can (and should) be changed to sanitize its log entries. Applications (and therefore “hackers”) can only read this log if they are granted permission. I don’t download obscure applications that request unexpected permissions. (“Fun Game App! Requires permission to read your low-level logs!” — uh, no.) People who aren’t careful about permissions and so forth have much bigger things to worry about than this. The current favorite trick of malicious apps is for them to send SMS messages (without your permission) to costly SMS services. The charges show up on your phone bill and you can’t do anything about them. Of course, people download apps without checking for spurious “write SMS” permissions all the time.
I agree that it is disgraceful that users are forced to have this service on.
Sort of. You do actually have some control over access to this back door (at least on Android).
Um. No it isn’t. The claim that this is ignores the fact that a user can refrain from downloading applications with “Read low-level log” permission. Really, this is a weird permission that only highly-technical application would want or need. It is an exploitable hole because people are stupid. In the case of the Sony rootkit, you could be the most expert Windows user in the world and there still wasn’t anything you could do to protect yourself from the exploits.
Winston Smith
@RareSanity:
I was saying that they could do these things if they were acting maliciously. What you’re saying is that this is illegal. If you’re also claiming that it’s impossible then you’re obviously wrong. The telcos provide the basic operating system for the phone and they could put all kinds of nefarious back-doors in it.
Furthermore, if carriers can’t legally collect data like keystrokes and so on, then Carrier IQ can’t legally do it either.
Gromit
@Winston Smith:
To be clear, this is the case for Android, but not for all OS’s.
Winston Smith
@Gromit:
iOS and Windows Phone have OEM-tailored installs that could certainly include low-level modifications. I don’t know what restrictions Apple and Microsoft place on these modifications, however, so you might be right.
But you might also be wrong.
Winston Smith
@Gromit:
Sure. That could be written to a log (and conveniently it is thanks to Carrier IQ) and uploaded later. Now, I’m saying this hypothetically. It’s been pointed out that this would be illegal, so they probably aren’t doing anything like this, even with Carrier IQ at work.
I was responding to the suggestion that you have to assume that any system will be exploited by bad actors. In the case of this problem, those bad actors would have to be willing to operate outside the law. As it turns out, it’s pretty easy to avoid downloading apps that can exploit this illegally (at least on Android). This was not the case in Trevor Eckhart’s last big find:
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
I believe that has been patched at this point.
RareSanity
@Winston Smith:
I made no statements about the legality.
What I was saying, is that the E911 law gave carriers access to GPS and location information, but didn’t really put a lot of restriction on when and why that info could be accessed.
The telcos do not provide the, “basic operating system”, the phone manufacturers do. Yes, there are carrier specific applications that are also added. There is a difference between those applications and “back-doors”. CarrierIQ, is a back-door.
Do to the nature of Android, the phone manufacturers must release the source code for the linux kernel they used in their devices. Android community developers (hobbyists) have been compiling custom kernels, for as long as Android has been around.
If you can compile your own kernel, you can account for EVERY resource that is being used on that device, be it an user level application, or a kernel level device driver. That is how all of this was discovered in the first place.
The ability to have access to the kernel source and change the operating system as I see fit, are the reasons I use Android. It is the same reason that I will never own an iPhone or Windows phone.
Winston Smith
@RareSanity:
The point is that whoever puts the OS on your phone has an awful lot of power to mess with you. That includes all the nefarious things I listed.
Unless you compile your own kernel, you have no idea what’s in it, and most people certainly don’t do that. It could, but I don’t — too much trouble.
Carrier IQ is not a “back door” as it does not provide you access to privileged features. It leaks sensitive information. That’s not a “back door.”
Carrier IQ’s foolish logging will cause me — and anyone else careful about which apps they download — exactly zero exposure to exploits. I should be changed so that it can be removed and so that it sanitizing log entries, but the breathless conspiracy theories are just ridiculous.
RareSanity
@Winston Smith:
CarrierIQ DOES provide a backdoor…for CarrierIQ’s remote applications. That is the point of the articles. If someone can figure out how to access CarrierIQ’s server running on the phone, they too can have complete remote access to your phone.
CarrierIQ is a client/server solution. The server runs on the phone constantly collecting data. A client, run by either the carrier, or whomever they delegate (network maintenance techs, etc), can connect to the server on the phone. That client then controls the operation of the server on the phone.
The CarrierIQ server, runs as “root” on your phone, that means it has access to anything. Being that it can be connected to, by a remote entity, that remote entity also has root access to your phone. It has parts of it’s implementation from the application layer, to the OS layer, it has access to everything.
It would be trivial for a shell script to be copied and executed on your phone, from that remote client.
I don’t know if what you’re saying is coming from a place of not understanding how operating systems, specifically linux, work. Or, it is coming from a general “they wouldn’t do anything like that”, naivete. But, the fact of the matter is if CarrierIQ is running on phone, every aspect of that phone can be accessed and controlled remotely, without the user’s knowledge.
Any phone with that program running on it IS vulnerable to an exploit. CarrierIQ is exploiting it now. If someone figures out how to plug into that application, they will too.
Gromit
@Winston Smith:
This is true, but a tremendous amount comes down to the “who” in “whoever”. Apple, for instance, does not let the carriers install software on its phones. Saying the OS is tailored to the carrier is vastly different from saying the carriers control the base OS.
Google, on the other hand, hands it’s OS out for free, and the carriers and hardware manufacturers work out their own terms for what gets put on the devices, up to and including forking off their own flavors of the OS. The difference is night and day, and the opportunities for mischief on the part of carriers (who are at the center of this shitstorm — Google and the hardware folks are washing their hands) is dramatically enhanced by the Android model.
Winston Smith
@RareSanity:
You’re going to have to provide an explicit reference for this claim because I’ve not seen it anywhere else.
Winston Smith
@Gromit:
Yes, but I’m still sticking with Android.
As you pointed out, I could install my own build if I wasn’t lazy (that’s me admitting to being lazy, not you calling me lazy). I think it works. I’m pissed that I have a phone with Carrier IQ, but at least it didn’t have that back door that was on the HTC phones. As these things happen, phone companies are going to wise up about security. This is a PR nightmare.
When it was discovered that iOS was logging users’ locations… then what? You can’t choose another OS vendor, and you obviously can’t trust Apple not to do stupid things. Microsoft has a long history of bad security architecture and disregard for the rights of its uses, so I don’t even need to justify staying away from Windows phone.
RareSanity
Here is information from the original blog post that spurred all of this. The site was down at the moment I went, but Google had a cached copy, I’m sure it’ll be back up soon
Original blog post
Google cache copy
From the CarrierIQ Document describing the client software that gathers the info “IQ Experience Manager”:
It has access to everything, even when not on the network.
From the patent on CarrierIQ:
If data collection “profiles”, can be pushed to the devices through any one of those methods, couldn’t other data be pushed? Mind you, this information is being pushed, to a device side application, with root access.
This is a rootkit. It’s bad enough that CarrierIQ has this unfettered access, what if someone with even more nefarious intentions, gains access to it?
RareSanity
@Gromit:
There is a difference, I agree.
I am not going to bash Apple’s products, I don’t like getting into the OS battle.
For me, the difference is openness. Yes, Google gives their operating system away, for free, to whomever wants it. But that includes everybody, even the user’s. Anyone can go and download a copy of Android and pour through the very bowels of the operating system.
It is that very openness, that lead to the discovery of this application. It is also that openness, that allows someone to change from the carrier provided software, to a non-carrier developed version, in a matter of minutes.
If something like this were running on a phone with iOS or Windows Phone, depending on how well it was hidden, no one would ever know because there no direct access to the underlying operating system.
The “jailbroken” iPhones do allow some access. But, even if something like this were discovered, it would still be up to Apple to remove it…if it was as intertwined with the operating system as this is. There is no method for someone to generate their own version of the underlying operating system, from publicly available source code, free from any modifications made by the manufacturer.
It is one of the philosophies of open source software. You cannot have true credibility, nor true security, unless your product can withstand in-depth, public scrutiny.
Winston Smith
@RareSanity:
Why would it NEED the network? It runs ON THE PHONE. I can’t say this any more clearly: DUH.
Like what? This is a real application, not something in a Tom Cruise movie. It doesn’t suddenly gain new powers because Neo sneezes on it.
Yeah, that also describe every SSHd in the universe. So what?
Considering the fact that even Trevor Echhart hasn’t been able to take control of a phone with a malicious remote application, it pretty solidly fails to demonstrate the key feature of a rootkit.
RareSanity
@Winston Smith:
I’m not arguing about this anymore.
You seem to be perfectly fine with this software collecting data since there is “no proof of it sending it to a mothership”. That’s your prerogative.
But let me ask you this, do you think someone paid CarrierIQ, to put this application on phones to never use it?
Winston Smith
@RareSanity:
Sure they use it, nitwit. They use it to collect performance metrics concerning phone use and network response, which is what it is designed and marketed to do.
For reasons that escape me, you seem to have decided that this software does all sorts of things that it could hypothetically do, but no one — not even Trevor Eckhart — has shown that it actually does. Well great, hypothetically, I’m a sentient marmoset. Just because there is no evidence of this doesn’t mean you shouldn’t consider it an established fact.
Gromit
@RareSanity:
I’m not here to bash Android, either. I’m not making value judgments over whether “open” is better then closed, since I think each is better for some subset of users and worse for others. If you’re the type of person whose eyes don’t glaze over at the thought of compiling and installing your own phone OS, or who doesn’t break out in a cold sweat at the thought of trying to maintain it (including potentially dealing with stuff like this rootkit) I don’t feel any need to persuade you to use my preferred mobile platform.
But it is important to make clear that the primary beneficiaries of Android’s “openness” are not the users, most of whom will not been able to sniff stuff like this out without help, but the carriers, who are able to carry on with a lot of the terrible practices on Android that Apple has been working to eradicate, like loading phones up with carrier-specific media apps and installing low-level crap like this keylogger.
Jason
Please don’t use the wingut term “Fisk.” Robert Fisk may not be perfect, but he knows the middle east better than wingnuts know their own cocks.
stormhit
@Winston Smith:
“Microsoft has a long history of bad security architecture and disregard for the rights of its uses”
Spurious claim, at best. The at best being if you’re talking about 1990s MS as if that actually means anything today.
Winston Smith
@stormhit:
We are talking about the same Microsoft that STILL makes Internet Explorer, the least secure browser ever created, right?