# Millions of phones have keyloggers - put there by manufacturers/carriers



## FridgeMagnet (Nov 30, 2011)

> Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control.
> 
> But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.





> The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google.
> 
> Cringe as the video shows the software logging each number as Eckhart fingers the dialer.
> 
> ...



http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/

Ever so slightly worrying. The question is, which phones and which carriers and are any outside the US?


----------



## editor (Nov 30, 2011)

Big respect to Eckhart for pursuing this:



> Carrier IQ's secretive software is installed by default and near-impossible for an end user to detect. It can be found on Android, BlackBerry and Nokia handsets if you know where to look, and was uncovered by security researcher Trevor Eckhart in an expose that earned him a cease and desist letter threatening a $150,000 court case if he didn't shut up.
> 
> Eckhart, naturally, got the Electronic Frontier Foundation involved, and Carrier IQ wisely backed down and apologised for its knee-jerk reaction. "Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company's snivelling apology read. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
> 
> Read more: http://www.thinq.co.uk/2011/11/30/carrier-iq-hot-water-over-keystroke-monitoring/


----------



## Crispy (Nov 30, 2011)

Fucking outrageous


----------



## kabbes (Nov 30, 2011)

Crispy said:


> Fucking outrageous


Shut up, this is just a thread for moderators.  Not for the likes of you and me.


----------



## Crispy (Nov 30, 2011)

Post reported


----------



## FridgeMagnet (Nov 30, 2011)

I wonder if they'll try some sort of "it was all for homeland security" defence?


----------



## Corax (Nov 30, 2011)

http://www.carrieriq.com/company/privacy.htm


> In providing our products and services, Carrier IQ enables our customers to gather information on Mobile User Experiences. Carrier IQ's products were developed from inception to respect and protect user privacy and security. We have established "Best Practices" approach to privacy and security. Our products are designed and configured to work within the privacy policies of our end customers and include functions such as anonymization and encryption. When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved.


O rly?


----------



## Kid_Eternity (Dec 1, 2011)

Crispy said:


> Fucking outrageous



It's a bit more than that. Google, RIM and Nokia should be sued into oblivion over this.


----------



## editor (Dec 1, 2011)

Kid_Eternity said:


> It's a bit more than that. Google, RIM and Nokia should be sued into oblivion over this.


Really. Why's that then?


----------



## editor (Dec 1, 2011)

Update from the Telegraph:


> It is not known if Carrier IQ is in use in Europe, where it might present a serious breach of the Data Protection laws.
> A source at a leading mobile operator said his company didn't install it but that he had been investigating whether UK manufacturers had done so and “couldn’t give a definitive answer”.
> 
> Carrier IQ said in a statement that it “assists operators and device manufacturers in delivering high quality products and services to their customers … by counting and measuring operational information in mobile devices – feature phones, smartphones and tablets.
> ...


----------



## twentythreedom (Dec 1, 2011)

Is it on iPhones?


----------



## JimW (Dec 1, 2011)

We get this all done free by the state in China, so you don't need any third-party private software.


----------



## grit (Dec 1, 2011)

I'm pretty sure this isint implemented in Europe. I have friends in Canada and USA who have rooted a lot of sample phones and ran a check, All samsungs have been clean fwiw.

To be honest your network has access to this data anyway, its not that big of a deal.


----------



## editor (Dec 1, 2011)

twentythreedom said:


> Is it on iPhones?


Probably not, although no one's sure yet (and you can be sure Apple won't be telling!), although it's not impossible that they might be using something similar. This article seems to offer a sensible take:





> Carrier IQ sells a stock client for BlackBerry, Symbian, and Android. There's strong evidence that they also make client software for other smartphone platforms, and even semi-smartphone OS's like Bada or BREW.
> 
> But they're only making it easy to get the same type of data your carrier has been collecting about you since the minute you turned your cell phone on. If they're collecting it in an insecure manner, which has happened, that's bad on them, and they need to fix it -- pronto.
> 
> ...


----------



## fogbat (Dec 1, 2011)

Doesn't worry me. I don't have keys. I got a _screen_


----------



## paolo (Dec 1, 2011)

As I understand it, this is a carrier instigated mod to the OS.

On Apple's iOS, there's no option for carriers to mod the OS. If Apple themselves wanted to keylog, they wouldn't need to use a 3rd party dev house to do it.

So it's fanciful to think that Carrier IQ are rooting iPhones.


----------



## joustmaster (Dec 1, 2011)

grit said:


> I'm pretty sure this isint implemented in Europe. I have friends in Canada and USA who have rooted a lot of sample phones and ran a check, All samsungs have been clean fwiw.
> 
> To be honest your network has access to this data anyway, its not that big of a deal.


i think the article says they get clear ssl data too...


----------



## EastEnder (Dec 1, 2011)

I haven't got a smartphone, so am free to continue texting my mum and other terrorists with impunity.


----------



## Kid_Eternity (Dec 1, 2011)

twentythreedom said:


> Is it on iPhones?



If it was it'd be making big headlines you can bet! The funny thing is Steve Jobs said this was as much the case during 'locationgate' and was gleefully dismissed by the usual fandroids online...


----------



## editor (Dec 1, 2011)

paolo999 said:


> So it's fanciful to think that Carrier IQ are rooting iPhones.


Oh, OK then. Oh, but hang on....


> *Carrier IQ references discovered in Apple's iOS*
> To date, the user tracking controversy surrounding Carrier IQ has focused primarily on Android, but today details are surfacing that the company also may have hooks into Apple's iOS. Well-known iPhone hacker Chpwn tweeted today that versions at least as recent as iPhone OS 3.1.3 contained references to Carrier IQ and later confirmed it's in all versions of iOS, including iOS 5.
> 
> We were able to independently verify that at the very least, references to Carrier IQ's servers do exist within iPhoneOS 3.1.3 in a file located at /usr/bin/IQAgent. What exactly that binary is able to access or how it may communicate with either carriers or Carrier IQ is not yet known, though there are references to an IQAgent log on the device as well as references to collector.sky.carrieriq.com.
> ...


----------



## grit (Dec 1, 2011)

joustmaster said:


> i think the article says they get clear ssl data too...



_Of course_ they do, you are connecting to their proxy to get out onto the net!


----------



## FridgeMagnet (Dec 1, 2011)

It's keylogging, it's not decrypting the SSL.


----------



## editor (Dec 1, 2011)

That article I linked to above sets out a good case why all smartphone manufacturers are likely to be using this system (or something similar).
It's really worth a read:
http://www.androidcentral.com/carrier-iq-evil-we-agree-and-hate-we-did-it


----------



## editor (Dec 1, 2011)

The normally sensible John Gruber seems to lost all sense of reality over this.


> On his Talk Show podcast Wednesday, Daring Fireball's John Gruber offered the fact that Carrier IQ-gate isn't headline news all over the world as proof of the media's anti-Apple bias.




The article - by Forbes - has the headline: "ExtremeTech: Carrier IQ-gate is best reason to buy an iPhone"
They may need to look at changing that now.


----------



## joustmaster (Dec 1, 2011)

grit said:


> _Of course_ they do, you are connecting to their proxy to get out onto the net!


the encryption is between the website and the browser. not the proxy and the website.


----------



## Crispy (Dec 1, 2011)

It _looks _like the iOS version is less invasive, having no keylogging functions
http://blog.chpwn.com/post/13572216737
Also, turning off "Diagnostics and Usage Reporting" in settings disables it entirely.


----------



## grit (Dec 1, 2011)

joustmaster said:


> the encryption is between the website and the browser. not the proxy and the website.



The point is, your network carrier as a man in middle can intercept that if they want.


----------



## EastEnder (Dec 1, 2011)

grit said:


> The point is, your network carrier as a man in middle can intercept that if they want.


Yes, they can intercept encrypted data. What's your point?


----------



## grit (Dec 1, 2011)

EastEnder said:


> Yes, they can intercept encrypted data. What's your point?



That this is a non story in the sense that all ciq is doing, is automating the collection of private data for the carriers.


----------



## editor (Dec 1, 2011)

Crispy said:


> It _looks _like the iOS version is less invasive, having no keylogging functions
> http://blog.chpwn.com/post/13572216737
> Also, turning off "Diagnostics and Usage Reporting" in settings disables it entirely.


It says:


> But is this version of Carrier IQ the same keylogger/rootkit as on Android? The answer appears to be: not quite. It does access a reasonable amount of information, however: (Be sure to note that I have not confirmed which, if any, of this data is sent remotely.)


And here's the important bit from that same post which suggests he thinks it's all being overblown.


> It appears that if you really care about this, Windows Phone 7 is the only mobile operating system without this installed. ;P However, I think the blame here really belongs with the US carriers who obviously demanded this: personally, I am completely fine with this data being sent off (especially if it helps AT&T’s network improve), but I would definitely prefer if it was more transparent — even if you can disable it with that toggle, Apple only explains that it “might contain location data”.


----------



## editor (Dec 1, 2011)

grit said:


> That this is a non story in the sense that all ciq is doing, is automating the collection of private data for the carriers.


So you don't agree with KE that, "Google, RIM and Nokia should be _sued into oblivio_n over this"?


----------



## joustmaster (Dec 1, 2011)

grit said:


> The point is, your network carrier as a man in middle can intercept that if they want.


I'm pretty sure you can't MiM SSL/https without a certificate error.
Even if you could, the difference is that one is a specific action on a connection, and the other is gathering all data on all connections, regardless


----------



## Crispy (Dec 1, 2011)

I await further data on this subject.


----------



## EastEnder (Dec 1, 2011)

grit said:


> That this is a non story in the sense that all ciq is doing, is automating the collection of private data for the carriers.


They are using keylogging software to record the keys you press on the phone, just as if someone was watching you type over your shoulder. That's quite different to intercepting SSL traffic. It's stealing information _before_ it gets the chance to be encrypted. In the absence of a keylogger, by the time SSL data leaves your phone it is heavily encrypted - so it wouldn't matter whether the mobile carriers intercepted it or not.


----------



## grit (Dec 1, 2011)

editor said:


> So you don't agree with KE that, "Google, RIM and Nokia should be _sued into oblivio_n over this"?



I'm not commenting on the legal/social aspect. I've been reading a bit about it online and there are some corners who are amazed this is possible. The only true privacy you will get on a phone is through obscurity, thats all.


----------



## 2hats (Dec 1, 2011)

Welcome to...

http://www.cyanogenmod.com/


----------



## EastEnder (Dec 1, 2011)

grit said:


> I'm not commenting on the legal/social aspect. I've been reading a bit about it online and there are some corners who are amazed this is possible. The only true privacy you will get on a phone is through obscurity, thats all.


What are you on about? A smartphone that has no nefarious software installed is quite capable of establishing an SSL connection to a server. The data will pass through the mobile carriers network, but they would be no more able to decrypt that data than your home ISP is.


----------



## elbows (Dec 1, 2011)

editor said:


> So you don't agree with KE that, "Google, RIM and Nokia should be _sued into oblivio_n over this"?



I wouldn't sue them into oblivion, but I would like to see a negative PR shitstorm of such proportions that companies learn a big lesson and shy away from this sort of terrible crap in future.

It is a disgrace, although I do not find it surprising at all. Personally I opt out of 'diagnostics & support' stuff whenever I am given the choice.


----------



## mauvais (Dec 1, 2011)

Where's the evidence that it comes with OEM phones from the manufacturer? As far as I know it has nothing to do with manufacturers or platform vendors, and all to do with carriers (who integrate and presumably spec it) and obviously CarrierIQ (who make it).


----------



## editor (Dec 1, 2011)

mauvais said:


> Where's the evidence that it comes with OEM phones from the manufacturer? As far as I know it has nothing to do with manufacturers or platform vendors, and all to do with carriers (who integrate and presumably spec it) and obviously CarrierIQ (who make it).


Well, exactly. It seems daft to start insisting that Google, RIM and Nokia "should be sued into oblivion" over this when so little is actually known about their direct involvement.

It seems a much more sensible move to wait a bit and see what emerges before calling foul.


----------



## mauvais (Dec 1, 2011)

Has he demonstrated that the collected stuff is sent over the air somewhere? I've watched the 'Carrier IQ part 2' video and it shows on-device data collection, but not what happens to it.


----------



## sim667 (Dec 1, 2011)

Luckily I own an iphone and I always turn any kind of bug reporting or diagnostics and usage reports off.


----------



## stuff_it (Dec 1, 2011)

sim667 said:


> Luckily I own an iphone and I always turn any kind of bug reporting or diagnostics and usage reports off.


http://news.cnet.com/8301-13506_3-57334575-17/carrier-iq-tracking-iphone-customers-too-hacker-says/

TBF he does say that if you turn off tracking it stops it working.


----------



## Kid_Eternity (Dec 1, 2011)

elbows said:


> I wouldn't sue them into oblivion, but I would like to see a negative PR shitstorm of such proportions that companies learn a big lesson and shy away from this sort of terrible crap in future.
> 
> It is a disgrace, although I do not find it surprising at all. Personally I opt out of 'diagnostics & support' stuff whenever I am given the choice.



That's why someone suing would be great, it'd create the stink needed to keep the focus on this shit rather than it being spun into a non story by the companies and their sycophants.


----------



## mauvais (Dec 1, 2011)

Who do you think (for example) Vodafone and CarrierIQ's sycophants are?

I had a look for CarrierIQ-related packet sniffing and I don't see a thing. I'm sure it does send data back, otherwise what would be the point of it, but there's not actually any evidence.

One threat vector it does offer is that it exposes this data to LogCat, which other applications can potentially read without permission.


----------



## Crispy (Dec 1, 2011)

stuff_it said:


> http://news.cnet.com/8301-13506_3-57334575-17/carrier-iq-tracking-iphone-customers-too-hacker-says/
> 
> TBF he does say that if you turn off tracking it stops it working.



You'd have to have turned it on first anyway - the default is off.


----------



## sim667 (Dec 1, 2011)

I always turn it off......

Can we have an iPhone vs Android bunfight now? We all know its coming and might aswell just get it over and done with.


----------



## editor (Dec 1, 2011)

Kid_Eternity said:


> That's why someone suing would be great, it'd create the stink needed to keep the focus on this shit rather than it being spun into a non story by the companies and their sycophants.


I've really no idea who these 'company sycophants' are or what possible relevance they have to this story.

Anyway, it looks like there's one company you're going to have to strike off your kneejerk "sue them into oblivion" list:


> Research In Motion said on Thursday that it does not install or authorize its carrier partners to install, "Carrier IQ" software on its BlackBerry smartphones.
> 
> The company made the statement after a security researcher said the "Carrier IQ" application, which can monitor what device users are doing, has been installed on mobile devices from multiple vendors without the knowledge or consent of customers.
> 
> http://www.reuters.com/article/2011/12/01/us-rim-idUSTRE7B01PA20111201


----------



## editor (Dec 1, 2011)

I pretty much go along with this:


> Carrier IQ claims the information it’s gathering is “a mission critical tool to improve the quality of the network, understand device issues and ultimately improve the user experience.”
> 
> Whatever the case, it sounds like this should have been disclosed, that customers ought to be given the option to “opt out,” and that it needs to be made crystal clear that nothing–absolutely nothing–is being transmitted back to the carrier without a user’s explicit permission (and no, slipping it into a mountain of legalese in a use agreement at startup won’t wash). If Carrier IQ or the carriers it’s partnered with have a problem with any of that, let’s see how long their position holds up in court.
> http://techland.time.com/2011/12/01/carrieriq-wiretap-debacle-much-ado-about-something/


----------



## Kanda (Dec 1, 2011)

editor said:


> Well, exactly. It seems daft to start insisting that Google, RIM and Nokia "should be sued into oblivion" over this when so little is actually known about their direct involvement.
> 
> It seems a much more sensible move to wait a bit and see what emerges before calling foul.



Just like everyone did with Apple in tracking gate


----------



## editor (Dec 1, 2011)

Kanda said:


> Just like everyone did with Apple in tracking gate


I don't remember anyone calling for the complete demise of Apple, you know.


----------



## Kanda (Dec 1, 2011)

editor said:


> I don't remember anyone calling for the complete demise of Apple, you know.



I meant this bit:



> _It seems a much more sensible move to wait a bit and see what emerges before calling foul._


----------



## Kanda (Dec 1, 2011)

Apple statement:



> _We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so._



from http://www.macrumors.com/2011/12/01...q-in-ios-5-complete-removal-coming-in-future/


----------



## Pickman's model (Dec 2, 2011)

according to this thread http://talk.sonyericsson.com/message/132327 it isn't on sony ericson xperia phones, and if that's the case it's unlikely to be on other se phones.


----------



## paolo (Dec 2, 2011)

Haven't Nokia now declared they've never used it? I think I read that earlier.


----------



## Pickman's model (Dec 2, 2011)

paolo999 said:


> Haven't Nokia now declared they've never used it? I think I read that earlier.


http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true

http://www.theregister.co.uk/2011/12/01/apple_sprint_carrier_iq/


----------



## Paulie Tandoori (Dec 2, 2011)

i've just swallowed my sim card to be on the safe side


----------



## Kanda (Dec 2, 2011)

Paulie Tandoori said:


> i've just swallowed my sim card to be on the safe side



Now they know where your right bollock is at any given time!!!!


----------



## paolo (Dec 2, 2011)

Pickman's model said:


> http://www.guardian.co.uk/technology/2011/dec/01/carrier-iq-uk-mobile-networks?newsfeed=true
> 
> http://www.theregister.co.uk/2011/12/01/apple_sprint_carrier_iq/



"Claims that the software is installed on Nokia phones were rebutted by the Finnish company in a statement: "Nokia is aware of inaccurate reports which state that software from Carrier IQ has been found on Nokia devices. Carrier IQ does not ship products for any Nokia devices, so these reports are wrong."

Taken at face value (no reason not to), sounds clean to me.


----------



## Riklet (Dec 2, 2011)

Niiice, knew i bought a Nokia again for a reason....

This seems crazy, how can those that are logging get away with it?


----------



## paolo (Dec 2, 2011)

Riklet said:


> Niiice, knew i bought a Nokia again for a reason....



You didn't know why you bought it, but now you know.


----------



## editor (Dec 2, 2011)

So, here's the important bit for us Brits:



> *Carrier IQ 'not used by UK mobile networks'*
> UK mobile networks have insisted that they do not install or use Carrier IQ's smartphone diagnostics software, after privacy concerns were raised in the US over its discovery on Android phones and Apple's iPhone there*...*
> 
> Vodafone, Orange and O2 told the Guardian on Thursday that they do not install the software in the UK and that to the best of their knowledge it is not shipped in any of the phones they sell.
> ...


----------



## editor (Dec 2, 2011)

Carrier IQ have made a statement about what their software does, which suggests that the whole affair has been massively overblown. It looks it's not on any Brit networks either.


> Carrier IQ, maker of a network diagnostic tool installed on millions of smartphones, has a simple rebuttal to accusations that its software logs keystrokes on the devices on which it is installed:
> It doesn’t.
> 
> While CIQ might “listen”* to a smartphone’s keyboard, it’s listening for very specific information. Company executives insist it doesn’t log or understand keystrokes. It’s simply looking for numeric sequences that trigger a diagnostic cue within the software. If it hears that cue, it transmits diagnostics to the carrier.
> ...


----------



## editor (Dec 2, 2011)

Apple has made a statement too:


> Apple is circulating a new statement to media outlets that seems to put to rest any fears about software tracking in the iPhone and iPad. "We stopped supporting Carrier IQ [a piece of software that tracks user activity] with iOS 5 in most of our products, and we're going to remove it completely in a future software update," the Apple statement says.
> 
> But we were a bit curious about what "most of our products" means in that context. In response to our question, Apple tells us there is only one device running iOS 5 that still runs Carrier IQ, and it's the iPhone 4. Other devices running iOS 5, such as the iPad, the new iPhone 4S, and older iPhone models updated to iOS 5 have had Carrier IQ stripped out. But Apple says it has never used Carrier IQ to record keystrokes or personal messages.
> http://arstechnica.com/tech-policy/...-4-but-we-dont-read-your-e-mail-and-texts.ars


----------



## stuff_it (Dec 2, 2011)

Aha, but what about this then? Looks like it's not just Carrier IQ that's a potential risk....

http://gizmodo.com/5864456/security...aks-in-fundamental-pre+installed-android-apps


----------



## editor (Dec 2, 2011)

And here's an app to let you know if your Android device hosts CarrierIQ rootkit or not.
https://market.android.com/details?id=org.projectvoodoo.simplecarrieriqdetector


----------



## editor (Dec 2, 2011)

stuff_it said:


> Aha, but what about this then? Looks like it's not just Carrier IQ that's a potential risk....
> 
> http://gizmodo.com/5864456/security-researchers-find-privacy-leaks-in-fundamental-pre installed-android-apps


That all appears mainly theoretical at the moment. I cant say I've heard of a single case of anyone suffering from this vulnerability, but it's good that they've brought attention to these potential security risks. I image these will all be fixed promptly if they have a real-world risk.


----------



## mauvais (Dec 2, 2011)

The Carrier IQ statement tallies with my experience of Android development - it's very easy to obtain all this data on the client, which is a blessing and occasionally a potential curse, but it doesn't mean it's used. Just like Eckhart, the claim is worth nothing without packet capture evidence though, but innocent until proven guilty I suppose.

There are more general issues around responsible data capture; namely that it MAY leak privacy information (e.g. cell ID) to unencrypted destinations, and as we already know, to in-device logging that may let other apps bypass permissions requirements. Again I'd want to see not just what it submits but how - is it HTTPS?


----------



## grit (Dec 2, 2011)

mauvais said:


> The Carrier IQ statement tallies with my experience of Android development - it's very easy to obtain all this data on the client, which is a blessing and occasionally a potential curse, but it doesn't mean it's used. Just like Eckhart, the claim is worth nothing without packet capture evidence though, but innocent until proven guilty I suppose.
> 
> There are more general issues around responsible data capture; namely that it MAY leak privacy information (e.g. cell ID) to unencrypted destinations, and as we already know, to in-device logging that may let other apps bypass permissions requirements. Again I'd want to see not just what it submits but how - is it HTTPS?



I can already get a phone's cell id without having any sort of access to the device, just using the number, there are even commercial api's to do it in bulk!


----------



## Wolveryeti (Dec 2, 2011)

editor said:


> Carrier IQ have made a statement about what their software does, which suggests that the whole affair has been massively overblown. It looks it's not on any Brit networks either.


Ah so they promise that they're good people and they will be nice with private data. That's alright then.


----------



## editor (Dec 2, 2011)

Wolveryeti said:


> Ah so they promise that they're good people and they will be nice with private data. That's alright then.


Until anyone produces solid evidence that they're misusing the data in any way then yes, that's what you have to assume.

The good news is that now that consumers are aware of their activities, they can specify that it's not installed on any phone they buy.


----------



## editor (Dec 2, 2011)

Update:


> We've already been told by HP, Microsoft, Nokia, RIM, and Verizon that they do not use Carrier IQ software, and now a host of carriers are joining that list. Three and Vodafone in the UK, and Rogers in Canada, have all announced that the software is not present on any of the devices they sell. O2 shed a little more light on its position, saying that while it "doesn't collect any data via Carrier IQ", the software might still be present on some of its devices for manufacturer diagnostics.
> http://www.theverge.com/2011/12/2/2605207/o2-rogers-three-vodafone-deny-carrier-iq-use


----------



## grit (Dec 2, 2011)

editor said:


> they can specify that it's not installed on any phone they buy.



Judging by the average technical knowledge of people in phone shops, I'd imagine such a request would be met with a blank stare.


----------



## editor (Dec 2, 2011)

grit said:


> Judging by the average technical knowledge of people in phone shops, I'd imagine such a request would be met with a blank stare.


I'm pretty sure that any UK carriers considering installing this software may well be put off a little by now.


----------



## grit (Dec 2, 2011)

editor said:


> I'm pretty sure that any UK carriers considering installing this software may well be put off a little by now.



I hope so, however I dont share your optimism regarding carrie'rs concern for their users.

We live in hope.


----------



## mauvais (Dec 2, 2011)

grit said:


> I can already get a phone's cell id without having any sort of access to the device, just using the number, there are even commercial api's to do it in bulk!


How, without access to the operator network?


----------



## grit (Dec 2, 2011)

mauvais said:


> How, without access to the operator network?



The commercial api I was talking about is this http://www.esendex.co.uk/Services/Location-based-services


----------



## mauvais (Dec 2, 2011)

grit said:


> The commercial api I was talking about is this http://www.esendex.co.uk/Services/Location-based-services


Looks like the networks expose it - I wonder by what agreement. Didn't know about that one.

I said it earlier because I was thinking of that kind of data as being of value to eavesdroppers, but I suppose it's obtainable from the network comms anyway.


----------



## grit (Dec 2, 2011)

mauvais said:


> Looks like the networks expose it - I wonder by what agreement. Didn't know about that one.
> 
> I said it earlier because I was thinking of that kind of data as being of value to eavesdroppers, but I suppose it's obtainable from the network comms anyway.



Yeah and once you have your API key, off you go. I've worked in several companies where you have direct "binds" to all major networks, there is a lot of fun/mischief you can get up to with that access.


----------



## editor (Dec 3, 2011)

Interesting piece here:


> *Don’t Blame The IQ, Blame The Carrier*
> 
> You couldn’t swing a cat this week without hitting a story about Carrier IQ, which (if you have somehow avoided this information) is a bit of software installed on millions of phones that has access to a huge amount of user data. As developers hinted for months and eventually proved on camera, the software is aware of SMS content, secure web traffic, contacts, key presses, and more.
> 
> ...


----------



## bi0boy (Dec 3, 2011)

Every smartphone has "keylogging software", otherwise the keyboard wouldn't work.


----------



## siramone (Dec 3, 2011)

The keystroke logging video showed that it was integral part of the HTC ROM (hence hidden)

ROM Software can only be flashed before shipping. The carrier ticks off the spec sheet for each phone handset maker.

Samsung and HTC remain preservedly quiet (maybe under NDA?)

I reckon that only the US carriers that have the ability to brand high quota of mobile phones are then the ones which have this Carrier IQ software- In the US they also rename and differentiate the same handset that is sold worldwide.

Given that most handsets are boxfresh branded to a specific carrier then the carrier must have requested the software to be integrated along with the other apps/crapware.

What I want to know is- So say that I do find and want to delete this Carrier IQ software then the only way is to reflash a new ROM. Can this be done Over-The-Air? Good luck with that and if I should brick the phone? It would be a massive logistical and commercial undertaking. It would be easier to take back each phone and supply a new handset in both time and money.


----------



## mauvais (Dec 3, 2011)

Carrier IQ explain themselves: http://www.theregister.co.uk/2011/12/02/carrier_iq_interview/

Again, nothing in there conflicts with my Android development experience.


----------



## editor (Dec 3, 2011)

> “The content of the SMS is never stored and never transmitted,” Coward said.
> 
> His version of the software has been confirmed by Dan Rosenberg, an Android security researcher who has reverse engineered Carrier IQ and examined the underlying machine language. He said he took the undertaking after viewing a video demonstration posted on Monday that showed the software echoing the precise key taps developer Trevor Eckhart typed into his HTC EVO handset.
> 
> “What the video is depicting is the application printing out what are known as bugging logs,” he said. “It's a way that applications keep a temporary record of the things they were doing so if anything were to break, a developer could go and read that record and figure out what went wrong. That's very different from the application actually recording that information and sending it off to the carrier.”



So, no need to sue Google, RIM and Nokia "into oblivion" after all, then.


----------



## mauvais (Dec 3, 2011)

I wrote some Reg comments that explain that in more detail, but they're lost in the ether at the moment. I'll C&P them when they turn up.

Here:

It's not articulated brilliantly by the presumably non-technical chap, but here's what I understand their filtering to mean - as a professional Android developer.

1. You wish to know when things of particular interest to you have happened; let's say (a) receipt of an SMS that is intended for interpretation by your application, and (b) when a certain key sequence is pressed.

2. In order to do this, the application subscribes to the relevant system event (broadcast intents on Android). This is a general purpose subscription; in our scenario it is (a) receipt of any SMS, and (b) any key press.

3. Your application receives the events when they happen and has the responsibility of working out if they are relevant; in this instance, perhaps it is (a) does the SMS begin with some special sequence, and (b) do the recently recorded key presses still form any expected sequence? This is the 'filter' being described.

4. If it wasn't of interest, you drop the event and do no further processing. If it was, you respond appropriately; for instance hide the SMS from the user and perform its instruction as interpreted by the app logic.

Now, Carrier IQ have caused some degree of alarm by adding debug logging for all events at step 3, *rather than those of relevance.*

Unless you reverse engineer it or at least perform traffic analysis, you will never be sure that the app doesn't have some sleeper mechanism or make use of supposedly irrelevant data. One thing I can say is that if you persisted ALL of these events, you would significantly reduce the phone's responsiveness and eventually run out of storage.


----------



## editor (Dec 6, 2011)

And the inevitable US class action suit had appeared which sues, well, just about everyone: HTC, Carrier IQ, Apple, Samsing etc etc:
http://arstechnica.com/tech-policy/...atest-to-be-sued-over-carrier-iq-tracking.ars


----------



## Boris Sprinkler (Dec 8, 2011)

Here ya go. http://wikileaks.org/The-Spyfiles-The-Map.html


----------



## stuff_it (Dec 23, 2011)

EFF has analysed some of the profiles they have managed to get their hands on...

https://www.eff.org/deeplinks/2011/12/analyzing-carrier-iq-profiles

http://www.extremetech.com/computing/110061-eff-reverse-engineers-carrier-iq


----------

