Skip to content

Carrier IQ, the privacy of millions of users has been violated

by Pierluigi Paganini on December 14th, 2011

In recent weeks we have learned of a dialer able to track our movements, spy on our communications, read our SMS … the privacy of millions of users has been violated!  A disturbing application, multi-platform, which had not been reported previously.
The news is troubling because it puts into serious consideration the privacy rights of the citizen and the need to inform himself of any tracking operations.
The manufacturer that produced the application is the Carrier IQ and its software is capable of monitoring the use of the communication device without the user can notice it.

Trevor Eckhart has posted a video on YouTube to demonstrate how software from Carrier IQ recorded in real time, every action made on the handset which he had reset to factory settings prior to the test. With a packet sniffer while he has demonstrated that his device was in airplane mode each numeric tap and how every text message is logged received by the software.

It would seem that is the software used to operate able silently for which reason he wassingled out by the developer as a rootkit software that enables continued to privileged access to computers to whilea ctively hiding from ITS presence administrators by subverting standard operating system functionality or other applications.

Having found the application, Carrier IQ is running for cover the event citing unconvincing and stupid reasons, declaring that the distributed application is being used exclusively for remote maintenance. There is no real spy intent nor the company maintains and analyzes the information gathered.

Here you are the statement made ​​by Carrier IQ:

We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

Too late I would say! The credibility of the company is to a minimum.

But let’s do, from a neutral point of view, some simple reflection:

  • Is it possible that a firm is able to deploy an application so controversial in a silent mode?
  • News these days is the inability to remove the same from the users because they do not have the necessary rights, rights that in some way evidently those of Carrier IQ were able to obtain. How it got them?
  • How did the Carrier IQ to develop a multi-platform application circumventing the guest operating systems and hardware manufacturers ((AT&T, Sprint Nextel, T-Mobile USA, HTC, Apple, Samsung, and Motorola Mobility) ) of the devices on which you installed?

“Too many doubts and questions rightful us through your head. The shadow of big brother who once again tried to control, spying on citizens going well beyond their means.” This is the thought of those who support the conspiracy theory, the super partis power able to agree to hardware manufacturers and software and to distribute an application silently so dangerous.

Speaking at a Google-hosted conference on internet freedom in the Hague, Google CEO, Mr Eric Schmidt has condemned Carrier IQ saying: ” Google’s smartphone operating system, which runs on the majority of smartphones sold today, is an “open” platform, there was nothing his firm could do to restrict Carrier IQ’s software.” “We certainly don’t work with them,” said Mr Schmidt, describing the software as a “keylogger”.

Do you believe him?  As if that was not enough the Privacy issue continues today with a new regarding the FBI position on this case.  Apparently the FBI was aware of what the Carrier IQ technology is able to do, and the Bureau is not willing to reveal anything regarding Carrier IQ. The FBI denies the release of information about their use of Carrier IQ, consider also the position of Government watchdog site MuckRock believes Carrier IQ data is being used by the FBI in an investigation.

 

MuckRock sent an Freedom of Information Act request to the FBI, asking for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ.” That FOIA request was met with what MuckRock called a “telling denial.”

Let me conclude with a personal account:
What happened is very serious. I think it useless to discuss freedom of expression when I read about this news.
Compounding my perception of the incident are considerations of a technical nature, having worked in the field of telephony and having a particular experience in the mobile devices. I hope that there are no involvement of governments and of the manufacturers themselves.

Pierluigi Paganini

7 Comments
  1. pwet permalink

    “I hope that there are no involvement of governments and of the manufacturers themselves.”

    I hope so. But I would not even be surprised if that was the case. There already are some examples of government spying :

    http://www.gmanetwork.com/news/story/235150/scitech/german-police-trojan-can-snoop-on-other-programs

    Regards

    • paganinip permalink

      Hi,
      really thank you for the comment. I agree. Your observation is correct. The problem is real, and the privacy is utopia.
      Have a nice day
      Pierluigi

  2. Joe permalink

    These guys are on to it and have already started fighting the battle…

    http://blog.mylookout.com/blog/2011/12/06/carrieriq/

  3. pwet permalink

    You also might find this article interesting :

    http://www.bloomberg.com/news/2011-12-12/tunisia-after-revolt-can-alter-e-mails-with-big-brother-software.html

    It is not directly related to carrier iq (sorry I often post stuff not related to the posts), and maybe it should be more appropriate as a comment on the SpyFiles article on your blog.

    Anyway, it presents how the spying was done in Tunisia. In my mind there is clearly nothing, from a technical point of view, that cannot be done. And I think that people do not realize that what virtually happens on Internet has consequences IRL.

    • paganinip permalink

      That is incredible… I was just wrinting on this issue … please read the post that I will publish tomorrow … I got your point of view.
      Always thanks
      I really appreciate your comments!
      Have a nice day
      Pierluigi

Trackbacks & Pingbacks

  1. Hardware qualification, a must in a cyber strategy | Security Affairs
  2. Rim, Nokia and Apple. Monitoring, interferences and violated privacy | Security Affairs

Leave a Reply

You must be logged in to post a comment.