Two Digit Carrier IQ

A 25-year-old has discovered a piece of software installed on millions of phones by wireless telecom providers that can log every keystroke and send it to the carrier mothership. What they do with that information is their business, not yours. For his trouble, this guy was harassed by Carrier IQ, the company that sells the software, but with the EFF’s help, they were forced to back off and even apologized.

Here’s a summary of what we know so far:

* Some Android and Blackberry phones have Carrier IQ. It was originally discovered on a HTC Android phone, and it ran whether or not the user opted-out of data collection.
* Carrier IQ has been found on iPhones, but it appears to collect far less information than on Android, and if the user chooses a privacy opt-out, no information is gathered.
* Verizon has denied installing Carrier IQ on any of its phones. So the threat is probably limited only to certain carriers.
* Carrier IQ is not installed on Google-controlled devices (the Nexus line of phones and the original Xoom tablet) since Google manages the software on those phones, not the carriers.

If you need any more reason to prove that we need more regulation of wireless telco, here it is, in spades. The most comprehensive coverage of this story is at The Verge, which is a new tech publication run by Markos Moulistas’ Vox communications. And if you want to see a good fisking of some of Carrier IQ’s bullshit, Jon Gruber has one.

Share On Facebook
Share On Twitter
Share On Google Plus
Share On Pinterest
Share On Reddit

77 replies
  1. 1
    The Snarxist Formerly Known as Kryptik says:

    All this means is that Congress will get right on requiring that ALL mobiles MUST have this software under pain of death because SECURITY BITCHES! The Telecoms can never be wrong, and if you think that you’re a dirty fucking hippie that isn’t suited for this country so get the fuck out!!

    Yeah…sorry for that little bout of limitless optimism and idealism there. :/

  2. 2
    terraformer says:

    If you opt-out of such data collection, quite obviously, you hate America.

  3. 3
    Jennifer says:

    This is one of the reasons, besides cost, that I stick to using the old-fashioned flip phone, that just sends and receives calls. While it would be possible to text on this phone, I don’t use texting because that’s what email is for and I don’t like having to type on a stupid keypad, and I don’t want to pay for it, so I’ve blocked texting on the phone so I don’t get any incoming, either. I’ve not trusted the telecoms ever since their illegal data-mining on behalf of BushCo and figured that I’d just as soon they know as little about my communications as possible – and I’m pretty sure it wouldn’t be that difficult to save a copy of every text as opposed to recording every voice conversation.

  4. 4
    The Snarxist Formerly Known as Kryptik says:

    Oh yeah, I forgot. Obviously, the solution is more mergers and market concentration because that’s what the market demands and if you disagree you’re a flaming fucking commie.

  5. 5
    The Moar You Know says:

    No need for potentially illegal wiretaps when the carriers can just record all the activity at the source.

    Can’t wait to see how ugly and big this gets, the software’s in iPhones as well.

  6. 6
    willard says:

    I assume that everything is being logged since it has to pass through a somebody else’s network and unlike my PC I have little control over the base software install. There really isn’t any privacy because gigabytes are so cheap and there is a financial motive to mine that data.

  7. 7
    Villago Delenda Est says:

    @The Snarxist Formerly Known as Kryptik:

    I believe you’s summed up the gist of the entire thing right here.

    What do they want the keyboard data for? Well, to sell it to marketing asswipes who will then send you ads you never asked for.

  8. 8
    Michael D. says:

    I can tell you with absolute certainty that Verizon Wireless doesn’t add Carrier IQ to its phones.

  9. 9
    Gromit says:

    @willard:

    I assume that everything is being logged since it has to pass through a somebody else’s network and unlike my PC I have little control over the base software install. There really isn’t any privacy because gigabytes are so cheap and there is a financial motive to mine that data.

    Part of the scandal here is that, according to the guy who discovered this, some stuff that is supposed to be encrypted is logged as clear text. That’s a big deal.

  10. 10
    Winston Smith says:

    This needs to be an opt-in feature that can be disabled. The really infuriating thing about this is that you can’t disable or remove it.

    That said, I haven’t seen any evidence that Carrier IQ is actually sending anything “to the mothership.” That’s an assumption with no proof (that I’ve seen). Trevor Eckhart has shown that sensitive data is being logged (a serious screw up) but not that the logs are going anywhere other than your handset. Carrier IQ could do anything it wants with your private data, but so can a lot of applications you download. I just installed Swiftkey X (which I like). It can log my keystrokes, too, but I’m not calling the EFF about it.

    Eckhart’s analysis shows that he doesn’t understand some basic things about how the system works, either. I need to read some of the links supplied in this post, but so far, I don’t see this as anything more than a major PR mess.

  11. 11
    RossInDetroit says:

    @Gromit:

    Part of the scandal here is that, according to the guy who discovered this, some stuff that is supposed to be encrypted is logged as clear text. That’s a big deal.

    Yup. Next fat target for hackers: smartphones. And when they can get your bank data or passwords in clear text you’re wide open to ripoffs. Ironically, it may be the financial institutions that are on the side of privacy advocates here. Banks eat billions in hacker fraud. Any cell provider that’s leaving a back door open to hackers is going to come under heavy pressure from financial institutions who want to keep their customers’ mobile business without getting bled dry by fraud.

  12. 12
    Winston Smith says:

    @Gromit:

    Part of the scandal here is that, according to the guy who discovered this, some stuff that is supposed to be encrypted is logged as clear text. That’s a big deal.

    Yes and no.

    That data shouldn’t have been sent to the logs; logging data like that (which could include credit card numbers) is just a major screwup. The fact that Carrier IQ sees it unencrypted is not even remotely weird. It just means that Carrier IQ is receiving browser events which are way above encryption in the “stack.” Eckhart seems to believe that Carrier IQ is sniffing his WiFi and he’s just wrong.

  13. 13
    Gromit says:

    @The Moar You Know:

    Can’t wait to see how ugly and big this gets, the software’s in iPhones as well.

    So far it doesn’t appear to do the really egregious stuff in iPhones (on Android it was demoed logging keypresses and text messages), and users can opt out without jailbreaking or rooting the device, an option that is offered on initial setup. From what I understand the only way to kill this thing on Android phones where it is installed by the carrier is to install a modified version of the OS.

    Of course the iPhone revelations are still developing.

  14. 14
    gene108 says:

    How can we grow our way out of this “recession”, if we block new avenues for the free market to expand?

    I’m sure there were buggy-whip makers, who were screaming for protection a 100 years ago, when the automobile was clearly the way of the future. I’m sure we’d all be better off, if we still made sure buggy-whip makers had a market, even though there’s no demand for the services on any significant scale.

    It’s potential interference like this that is forcing businesses to sit on $2 trillion of cash and not invest.

    To borrow some internet jargon, you guys are a bunch of “morans”.

    /sarcasm

  15. 15
    RossInDetroit says:

    A quote from a Boing Boing summary (with video) that clarifies the ‘unencripted’ issue a bit:

    Furthermore, secure handshake information over wifi is passed through the software unencrypted, something that has little to do with carrier quality assurance. And if that information is cached even temporarily, that’s a security risk.

  16. 16
    Villago Delenda Est says:

    These guys COULD clear this all up by explaining what this particular piece of software is designed to do, and why it does it, and what benefit it is for the consumer.

    If they can’t do that, well, people are going to wonder why exactly this piece of software, unknown to them until now, is on their phones.

    And they’re going to suspect the worst.

    Because, very wisely, no one trusts the Ferengi greedheads who run the Telcos.

  17. 17
    kindness says:

    C’mon. The user of the device is the one who is supposed to be able to control their device. They should be the ones who have final say over whether something like Carrier IQ is active or even on a device or not.

    I’ve got an iPhone and you can be sure that tonight when I get home I’m hooking that baby up to my mac to run through the diagnostics review. Apparently within the sync diagnostics there’s a Carrier Allowed setting that supposubly by default is set to no. In that setting, Carrier IQ is inactive. But I don’t know that for sure. It isn’t a setting I’ve touched as of yet. Tonight I’ll know.

    The larger question is this is a Big Brother ramification issue and individual rights should easily trump it, but that isn’t what corporate America wants. Who wins then? I’d say legislation is needed apparently.

    @gene108: sarcasm? looks more like thread jacking spam.

  18. 18
    Culture of Truth says:

    Has Andy Sullivan weighed in on the Carrier IQ?

  19. 19
    William Hurley says:

    ah yes, another lesson from the “ether” that we, me and you too, are not individuals nor customers, we’re products.

    We’re products that device and software makers help service-providers, marketers and advertisers shape for better, more lucrative resale value up-stream.

    Your behavior, beliefs and desires are their intellectual property.

    Welcome to the era of e-baojia.

    Also, beware giving your trust to those whose marketing persona declares “do no evil”.

  20. 20
  21. 21
    Villago Delenda Est says:

    @Michael D.:

    I think that’s snark. Like “prezactly” is.

    I had a friend in college who was very well spoken, except that he could not pronounce “supposedly” in the standard manner. He said “susposedly”. In the dorm, everyone started using that pronunciation, it caught on, in part as a gentle gibe at my friend, but also in part because it was different, and distinctive.

  22. 22
    Soonergrunt says:

    Here is a link to an app to check to see if you have CarrierIQ, or other loggers installed on your Android phone. You’ll have to root your phone to use it, though:
    http://forum.xda-developers.co.....tcount=110

    Also, check the user oriented forums for your carrier. My carrier, US Cellular, does not put this software on Android phones, or at least it doesn’t show up on our phones, including my model, according to other forum users. If you are feeling adventurous, you could always root your phone and then replace the ROM with a custom job, but that can cause some issues.

  23. 23
    William Hurley says:

    As a complement to the materials on the matter linked in the opening post I offer this Wired article on the matter.

    Note cIQ’s brazen disregard for legal and social diplomacy.

    “You are not supposed to know that nicotine’s addictive – silly product! Give us back our secrets, now, or else! Comply and conform and all will be forgotten.”

    Ain’t transparency grand?!??!

  24. 24
    Three-nineteen says:

    Here’s an article on how to disable the software on the iPhone:

    http://preview.tinyurl.com/7n7qbzk

    I had already disabled it, even though I didn’t know what exactly it was. The phone says “Help Apple improve it’s products and services by automatically sending daily diagnostic and usage data”. I had shitcanned that option the second I got the phone.

    Re-checking that I’m opted out is always good, plus while I was noodling around in there I found an option that lets me know how much battery life I have expressed in a percentage rather than that stupid picture of a battery.

  25. 25
    El Tiburon says:

    A 25-year-old has discovered a piece of software installed on millions of phones

    Random thought: why the need to point out this person’s age? The implication being he is a youngster?

    So, I guess in your world, he is old enough to strap on an M-16 and die in a foreign land but not old enough to sass Sen. Brownback or find some embedded software?

    You, sir, are a fascist pig.

  26. 26
    Villago Delenda Est says:

    @El Tiburon:

    I don’t think that’s the point of the age at all.

    Just pointing out that them young’uns who grew up with the intertubes can be right clever about these things.

  27. 27
    Belafon (formerly anonevent) says:

    @Winston Smith: Having read through some of the stuff, Winston, you are correct, Carrier IQ is not itself sending the information back. But, it is making everything available for the phone itself to send to whoever the phone company tells the phone to send it to. Carrier IQ was partially stupid for trying to block the researcher. The phone companies, on the other hand, were trying to sneak something in without telling the user and giving them a way to opt out.

    ETA: And making it available before any encryption software has a chance to deal with it.

  28. 28
    Seebach says:

    @El Tiburon: Nah, it just means baby boomers no longer contribute anything of use to society.

  29. 29
    mistermix says:

    @El Tiburon: When did you become a troll?

  30. 30
    Origuy says:

    My aunt just posted the old myth about cell phones numbers being put in a directory. Except for dates, it was word for word the email in the Snopes page I replied with. But I can see how someone could believe it, when the telcos do something like this.

  31. 31
    gene108 says:

    @kindness:

    sarcasm? looks more like thread jacking spam.

    Hasn’t hijacked thread yet. Your fear is unwarranted.

  32. 32
    RalfW says:

    People quite literally laugh at me for having a 5 year old dumb as rocks Verizon flip phone (ohhhh, I can text to google and get a restaurant phone # by return text!).

    But I’m pretty sure it’s not telling Verizon anything other than:1) I’m cheap as hell and 2) where my phone is and the numbers I dial/calls I get.

  33. 33
    dmbeaster says:

    @Winston Smith:

    I need to read some of the links supplied in this post, but so far, I don’t see this as anything more than a major PR mess.

    This is insanely naive.

  34. 34
    Winston Smith says:

    @Villago Delenda Est:

    These guys COULD clear this all up by explaining what this particular piece of software is designed to do, and why it does it, and what benefit it is for the consumer.

    According to their press release, they are gathering aggregate profile data. For example (my example, not theirs), they might collect the average delay between a web request and the receipt of a response from the network. This metric might tell the carrier something about how their network is performing and whether it needs some tweaking to improve performance. The benefit to the consumer, theoretically, is that the carrier can monitor network quality and address problems that lower your user experience.

    I for one, believe Carrier IQ when they say that’s what they’re doing. They’re major screw-up is that while they may be aggregating the data they send to “the mothership,” they are writing sensitive data to the log. If they’re scrubbed their log entries of sensitive data, this wouldn’t be an issue.

  35. 35
    Winston Smith says:

    @dmbeaster:

    This is insanely naive.

    Because of course it is.

    9/11 was an inside job!

  36. 36
    RalfW says:

    @William Hurley:

    Your behavior, beliefs and desires are their intellectual property.

    Which is why I don’t use any loyalty cards at gas stations or grocery stores. In fact I do my best to not shop at stores that require cards to get “deals.” I suppose it is capitalism at work – I sell my valuable shopping habits for 50 cents off Toasted Frosty Nipples, but is it worth that?

    I do use my bank card, though, so my overall purchases are tracked. I learned that over a decade ago when – pre-recovery – I was mailed a “Beer lovers MasterCard” offer. Awkward!

  37. 37
    Winston Smith says:

    @Belafon (formerly anonevent):

    But, it is making everything available for the phone itself to send to whoever the phone company tells the phone to send it to.

    Yeah, but the phone companies don’t need Carrier IQ to do this if they want to do this. They install the version of Android, and unless you want to install your own build (some people do), then you really can’t stop them from doing any of this. Also, with things like calls and SMS, there’s no need for them to put anything on your phone because that stuff goes over their network unencrypted anyway.

    Carrier IQ was partially stupid for trying to block the researcher. The phone companies, on the other hand, were trying to sneak something in without telling the user and giving them a way to opt out.

    Yes on both. The really troubling issue for me is the lack of user control. If you want to opt-in to helping your carrier collect statistics, that should be your choice, but as it is, it’s very difficult to opt OUT.

    And making it available before any encryption software has a chance to deal with it.

    I don’t think that’s a huge problem — I think the huge problem is that the encrypted data is written to the log without any kind of scrubbing.

  38. 38
    El Tiburon says:

    @mistermix:
    Someone needs to tell Francis to lighten up and recalibrate their snarkometer.

  39. 39
    Villago Delenda Est says:

    @El Tiburon:

    Poe’s Law: it’s the ironclad rule of political blogs

  40. 40
    Catsy says:

    @Three-nineteen:

    The phone says “Help Apple improve it’s products and services by automatically sending daily diagnostic and usage data”. I had shitcanned that option the second I got the phone.

    Oh, good. Because my default response to any such question is “not only no, but FUCK NO”. Some of that information has legitimate value and purpose from a customer service and product improvement standpoint, but I fundamentally don’t trust any service or developer enough to open that door for them–because once you do, you have no say or control over exactly what they know. And I don’t have the bandwidth in my life to spend all my time figuring out who the good guys and bad guys are and exactly what they all want to collect.

  41. 41
    THE says:

    Yes I’ve avoided smartphones like the plague too, because of all the creepy, intrusive, software.

    I hate it when my phone knows more about me than I do. It’s like the recording angel or the Akashik records.

  42. 42
    Gin & Tonic says:

    I also think that “A 25-year-old” beginning is pointless and dumb. Yeah, I know it’s in TFA on Threat Level, but it’s pointless and dumb there, too, and you don’t have to repeat their dumbitude.

  43. 43
    El Cid says:

    @RalfW: I just fill out the loyalty card applications with false information. Like for grocery stores.

  44. 44
    mistermix says:

    @El Tiburon: OK, I guess being called an ageist all the time has broken my snarkometer on that subject.

  45. 45
    Donut says:

    @Culture of Truth:

    Andy sez the black model iPhones are not as intelligent as the white models, but since there are no yellow or brown phones, that is all he’s got to go on.

    @Origuy:

    GAH! You’re not supposed to point stuff like this out. The fact that people are sometimes overloaded and confused by stray pieces of crap floating around the toilet bowls of the Internet (see also: Wolf, Naomi), and end up believing stuff that turns out to be utter nonsense in the end, well, it is not at all relevant.

    It’s the same thing as defending the conspiracy theory, dontcha know.

    Well, let me self-correct – if you point this out in relation to Telecoms, it’s okay, but don’t try saying anything like it’s a perfectly normal reaction for people to mistrust the Department of Homeland Security, because, you know, the “good guys” are in charge of it, for now.

  46. 46
    Winston Smith says:

    @Donut:

    Andy sez the black model iPhones are not as intelligent as the white models, but since there are no yellow or brown phones, that is all he’s got to go on.

    FTW.

  47. 47
    dmbeaster says:

    @Winston Smith: OK, I will give you the long version.

    Justice Holmes is famous for his analysis of the law based on the concept of how it influences the bad man. The underlying assumption is that the rules we fashion should assume that the bad man will seek to exploit the loopholes that might exist, and that it is not sound to presume moral obedience in fashioning minimum legal rules of conduct.

    So here, you have to assume that someone given an extraordinary power to commit fraud or other harm using such critical data will at some time do so, or alternatively, will accidentally enable some other wrongdoer through carelessness or inadvertence.

    It does not matter if Carrier IQ is as pure as driven snow, or that the underlying motive for the app was purely to address network quality and other problems with user experience. You cannot judge the seriousness of this issue based on such, since it is the potential for misuse which should guide your thinking.

    Therefore, believing that something is not an issue because you think it unlikely that misuse will actually occur is naive. Misuse always occurs at some point, and if the potential for misuse can have such dramatic consequences as it would here, you simply must adopt means to police it. Relying on the good faith of the industry as your sole prophylactic is always going to end badly.

  48. 48
    RossinDetroit says:

    People quite literally laugh at me for having a 5 year old dumb as rocks Verizon flip phone

    My 4.5 YO Verizon Samsung Alias I is perfect for my needs. I’m a hardware and software tech guy, and when this breaks I’ll fix it or buy another.
    The bleeding edge is for other people.

    Nobody should be surprised that smartphones have unannounced functions. They’re highly sophisticated machines that are utterly opaque to 99.9% of users. The’re part of a multibillion dollar, highly profitable industry. In a day and age when info about you has a dollar value, damn right they’re going to collect it without your knowledge.

  49. 49
    carpeduum says:

    Should have known you were a Markos fanboy shill. That orange site of his has become one massive embarrassment to everyone else on the left. Makes all of us look as dumb as freepers.

  50. 50
    Winston Smith says:

    @dmbeaster:

    Therefore, believing that something is not an issue because you think it unlikely that misuse will actually occur is naive.

    OK, fine, but your argument also applies to your service provider as well. Regardless of which phone you use, your service provider DOES:

    – Log the time, duration and dialed number of every call you make.

    – Log the time and destination of every SMS you send.

    – Log your data usage.

    – Effectively log your actual web usage through the implementation of edge caches.

    – Hold your phone messages in their possession.

    – Hold some portion of the “cloud” data you utilize

    Further, your service provider CAN:

    – Record all your calls

    – Record all your text messages

    – Record all of your network traffic. Although traffic sent with HTTPS will be encrypted, the web server you contact will be known.

    – Log every single thing you do with your phone

    – Log the wealth of sensor data available on fancy phones including GPS, but also other telemetry.

    – Activate the microphone and camera on your phone without your permission

    Having a phone at all, much less a smart phone, is already an enormous exercise in trust.

  51. 51
    HyperIon says:

    @Jennifer:

    This is one of the reasons, besides cost, that I stick to using the old-fashioned flip phone, that just sends and receives calls.

    Yes.
    But of course I am old so that explains a lot.

  52. 52
    Nash says:

    @Winston Smith:

    Here’s the problem you’re missing:

    Yes, carriers can record all this data. But Carrier IQ represents a potential security hole: any of this data could be accessed by hackers simply because 1) Carrier IQ can log it, 2) Carrier IQ can be turned on remotely, and 3) Carrier IQ exists, acting as a great big wide open backdoor into your phone.

    Look up the Sony CD Rootkit debacle; it’s the same deal.

  53. 53
    Nash says:

    I think there are other concerns here being overlooked.

    I just mentioned that this thing acts as a rootkit and a gaping security hole, but this is also a concern for corporate phone users.

    Who wants a phone that can log all the activities you or your employees make using that phone? That’s a whole bag of bad juju and I’m pretty sure a lot of CEO’s (the ones who pay attention, at any rate) are already on the phone to their lawyers . . .

  54. 54
    William Hurley says:

    @RalfW:

    Well done. I’ve found that most “customer” convenience cards/clubs are still blunt, unsophisticated instruments. As such, I provide the minimum amount of “info” to secure a card – none of which is actually accurate.

    Unfortunately, there are times and circumstances when authorities decide that knowing where you are at all times supersedes your right to be a beneficiary of the 4th and 5th Amendments. The they use to forestall efforts to repair Constitutional primacy is to enforce deep secrecy about the decision-making apparatus and its processes – let alone the actual outputs from that extra-Constitutional arrangement.

  55. 55
    dmbeaster says:

    @Winston Smith:

    Having a phone at all, much less a smart phone, is already an enormous exercise in trust.

    I agree with your points in that comment, but all that it does is further emphasize mistermix’ point in the first place:

    If you need any more reason to prove that we need more regulation of wireless telco, here it is, in spades.

    and undermine your counterpoint in no. 10 above that:

    I need to read some of the links supplied in this post, but so far, I don’t see this as anything more than a major PR mess.

    And that is what I was calling naive.

  56. 56
    Gromit says:

    @Winston Smith:

    Further, your service provider CAN:

    – Log every single thing you do with your phone

    This is news to me. Are you including offline app usage and even keypresses?

  57. 57
    RareSanity says:

    @Winston Smith:

    There are a couple of points that I’m going to disagree with you on.

    The main one being that, if I choose, there are applications that will encrypt basically anything that goes out of my phone. I can use an SMS app that encrypts my texts before sending them out. I can use a VoIP app that encrypts voice calls.

    The major issues with CarrierIQ, is that it is logging data, using the facilities of the operating system. It is grabbing key presses at the same time that the applications is. It’s basically, someone standing over my shoulder, watching me login into my bank’s website. Nothing is secure, if it can be logged before any security can be applied to it.

    Also, the articles specifically pointed out that the software does “call home”. This was proved when he did the testing where he was on a WiFi connection, with a phone that had not been activated with a carrier.

    In addition, there is passive and active monitoring. There may or may not be data, that is automatically sent, constantly. The problem is, the carrier (or an agent of the carrier), can open an ACTIVE monitoring session on your phone, without you knowing, and will have access to any CarrierIQ data that has been (and is being) logged…which we can see is a lot.

    You won’t know if it’s happening, you can’t stop it (short of turning your phone off), and there doesn’t have to be any specific reason for a session to be initiated.

    And this…

    – Log every single thing you do with your phone
    – Log the wealth of sensor data available on fancy phones including GPS, but also other telemetry.
    – Activate the microphone and camera on your phone without your permission

    Is just wrong. Without something like CarrierIQ, carriers have absolutely no access to telemetry data, other than GPS. Congress gave them that access with the wonderful E911 law. They can’t log anything you do, unless it goes over the network. They also cannot activate your microphone or camera.

    Where did you get that idea from?

  58. 58
    Winston Smith says:

    @dmbeaster:

    And that is what I was calling naive.

    Yes, you’re right, I waaaaay understated the case in that post.

    @Nash:

    But Carrier IQ represents a potential security hole: any of this data could be accessed by hackers simply because 1) Carrier IQ can log it

    The problem is not that Carrier IQ can log it, but that Carrier IQ does log it. Carrier IQ can (and should) be changed to sanitize its log entries. Applications (and therefore “hackers”) can only read this log if they are granted permission. I don’t download obscure applications that request unexpected permissions. (“Fun Game App! Requires permission to read your low-level logs!” — uh, no.) People who aren’t careful about permissions and so forth have much bigger things to worry about than this. The current favorite trick of malicious apps is for them to send SMS messages (without your permission) to costly SMS services. The charges show up on your phone bill and you can’t do anything about them. Of course, people download apps without checking for spurious “write SMS” permissions all the time.

    2) Carrier IQ can be turned on remotely

    I agree that it is disgraceful that users are forced to have this service on.

    and 3) Carrier IQ exists, acting as a great big wide open backdoor into your phone.

    Sort of. You do actually have some control over access to this back door (at least on Android).

    Look up the Sony CD Rootkit debacle; it’s the same deal.

    Um. No it isn’t. The claim that this is ignores the fact that a user can refrain from downloading applications with “Read low-level log” permission. Really, this is a weird permission that only highly-technical application would want or need. It is an exploitable hole because people are stupid. In the case of the Sony rootkit, you could be the most expert Windows user in the world and there still wasn’t anything you could do to protect yourself from the exploits.

  59. 59
    Winston Smith says:

    @RareSanity:

    Is just wrong. Without something like CarrierIQ, carriers have absolutely no access to telemetry data, other than GPS. Congress gave them that access with the wonderful E911 law. They can’t log anything you do, unless it goes over the network. They also cannot activate your microphone or camera.

    I was saying that they could do these things if they were acting maliciously. What you’re saying is that this is illegal. If you’re also claiming that it’s impossible then you’re obviously wrong. The telcos provide the basic operating system for the phone and they could put all kinds of nefarious back-doors in it.

    Furthermore, if carriers can’t legally collect data like keystrokes and so on, then Carrier IQ can’t legally do it either.

  60. 60
    Gromit says:

    @Winston Smith:

    The telcos provide the basic operating system for the phone and they could put all kinds of nefarious back-doors in it.

    To be clear, this is the case for Android, but not for all OS’s.

  61. 61
    Winston Smith says:

    @Gromit:

    To be clear, this is the case for Android, but not for all OS’s.

    iOS and Windows Phone have OEM-tailored installs that could certainly include low-level modifications. I don’t know what restrictions Apple and Microsoft place on these modifications, however, so you might be right.

    But you might also be wrong.

  62. 62
    Winston Smith says:

    @Gromit:

    – Log every single thing you do with your phone

    This is news to me. Are you including offline app usage and even keypresses?

    Sure. That could be written to a log (and conveniently it is thanks to Carrier IQ) and uploaded later. Now, I’m saying this hypothetically. It’s been pointed out that this would be illegal, so they probably aren’t doing anything like this, even with Carrier IQ at work.

    I was responding to the suggestion that you have to assume that any system will be exploited by bad actors. In the case of this problem, those bad actors would have to be willing to operate outside the law. As it turns out, it’s pretty easy to avoid downloading apps that can exploit this illegally (at least on Android). This was not the case in Trevor Eckhart’s last big find:

    http://www.androidpolice.com/2.....much-more/

    I believe that has been patched at this point.

  63. 63
    RareSanity says:

    @Winston Smith:

    I was saying that they could do these things if they were acting maliciously. What you’re saying is that this is illegal. If you’re also claiming that it’s impossible then you’re obviously wrong. The telcos provide the basic operating system for the phone and they could put all kinds of nefarious back-doors in it.
    __
    Furthermore, if carriers can’t legally collect data like keystrokes and so on, then Carrier IQ can’t legally do it either.

    I made no statements about the legality.

    What I was saying, is that the E911 law gave carriers access to GPS and location information, but didn’t really put a lot of restriction on when and why that info could be accessed.

    The telcos do not provide the, “basic operating system”, the phone manufacturers do. Yes, there are carrier specific applications that are also added. There is a difference between those applications and “back-doors”. CarrierIQ, is a back-door.

    Do to the nature of Android, the phone manufacturers must release the source code for the linux kernel they used in their devices. Android community developers (hobbyists) have been compiling custom kernels, for as long as Android has been around.

    If you can compile your own kernel, you can account for EVERY resource that is being used on that device, be it an user level application, or a kernel level device driver. That is how all of this was discovered in the first place.

    The ability to have access to the kernel source and change the operating system as I see fit, are the reasons I use Android. It is the same reason that I will never own an iPhone or Windows phone.

  64. 64
    Winston Smith says:

    @RareSanity:

    The telcos do not provide the, “basic operating system”, the phone manufacturers do.

    The point is that whoever puts the OS on your phone has an awful lot of power to mess with you. That includes all the nefarious things I listed.

    Unless you compile your own kernel, you have no idea what’s in it, and most people certainly don’t do that. It could, but I don’t — too much trouble.

    Carrier IQ is not a “back door” as it does not provide you access to privileged features. It leaks sensitive information. That’s not a “back door.”

    Carrier IQ’s foolish logging will cause me — and anyone else careful about which apps they download — exactly zero exposure to exploits. I should be changed so that it can be removed and so that it sanitizing log entries, but the breathless conspiracy theories are just ridiculous.

  65. 65
    RareSanity says:

    @Winston Smith:

    Carrier IQ is not a “back door” as it does not provide you access to privileged features. It leaks sensitive information. That’s not a “back door.”

    CarrierIQ DOES provide a backdoor…for CarrierIQ’s remote applications. That is the point of the articles. If someone can figure out how to access CarrierIQ’s server running on the phone, they too can have complete remote access to your phone.

    CarrierIQ is a client/server solution. The server runs on the phone constantly collecting data. A client, run by either the carrier, or whomever they delegate (network maintenance techs, etc), can connect to the server on the phone. That client then controls the operation of the server on the phone.

    The CarrierIQ server, runs as “root” on your phone, that means it has access to anything. Being that it can be connected to, by a remote entity, that remote entity also has root access to your phone. It has parts of it’s implementation from the application layer, to the OS layer, it has access to everything.

    It would be trivial for a shell script to be copied and executed on your phone, from that remote client.

    I don’t know if what you’re saying is coming from a place of not understanding how operating systems, specifically linux, work. Or, it is coming from a general “they wouldn’t do anything like that”, naivete. But, the fact of the matter is if CarrierIQ is running on phone, every aspect of that phone can be accessed and controlled remotely, without the user’s knowledge.

    Any phone with that program running on it IS vulnerable to an exploit. CarrierIQ is exploiting it now. If someone figures out how to plug into that application, they will too.

  66. 66
    Gromit says:

    @Winston Smith:

    The point is that whoever puts the OS on your phone has an awful lot of power to mess with you. That includes all the nefarious things I listed.
    Unless you compile your own kernel, you have no idea what’s in it, and most people certainly don’t do that. It could, but I don’t—too much trouble.

    This is true, but a tremendous amount comes down to the “who” in “whoever”. Apple, for instance, does not let the carriers install software on its phones. Saying the OS is tailored to the carrier is vastly different from saying the carriers control the base OS.

    Google, on the other hand, hands it’s OS out for free, and the carriers and hardware manufacturers work out their own terms for what gets put on the devices, up to and including forking off their own flavors of the OS. The difference is night and day, and the opportunities for mischief on the part of carriers (who are at the center of this shitstorm — Google and the hardware folks are washing their hands) is dramatically enhanced by the Android model.

  67. 67
    Winston Smith says:

    @RareSanity:

    If someone can figure out how to access CarrierIQ’s server running on the phone, they too can have complete remote access to your phone.

    You’re going to have to provide an explicit reference for this claim because I’ve not seen it anywhere else.

  68. 68
    Winston Smith says:

    @Gromit:

    The difference is night and day, and the opportunities for mischief on the part of carriers (who are at the center of this shitstorm—Google and the hardware folks are washing their hands) is dramatically enhanced by the Android model.

    Yes, but I’m still sticking with Android.

    As you pointed out, I could install my own build if I wasn’t lazy (that’s me admitting to being lazy, not you calling me lazy). I think it works. I’m pissed that I have a phone with Carrier IQ, but at least it didn’t have that back door that was on the HTC phones. As these things happen, phone companies are going to wise up about security. This is a PR nightmare.

    When it was discovered that iOS was logging users’ locations… then what? You can’t choose another OS vendor, and you obviously can’t trust Apple not to do stupid things. Microsoft has a long history of bad security architecture and disregard for the rights of its uses, so I don’t even need to justify staying away from Windows phone.

  69. 69
    RareSanity says:

    Here is information from the original blog post that spurred all of this. The site was down at the moment I went, but Google had a cached copy, I’m sure it’ll be back up soon

    Original blog post

    Google cache copy

    From the CarrierIQ Document describing the client software that gathers the info “IQ Experience Manager”:

    IQ Insight Experience Manager uses data directly from the mobile device to give a precise view of how the services and the applications are being used, even if the phone is not communicating with the network.

    It has access to everything, even when not on the network.

    From the patent on CarrierIQ:

    Profile transmission can occur in a variety of ways, including “pushing” the data collection profile to the target device, sending a message, such as an SMS, to the target device prompting it to retrieve the data collection profile, and preparing the data collection profile for download the next time the target device contacts SQP 201 such as when it uploads a metrics package. Such profile transmission to the SQC 402 residing on the target device(s) may be achieved using any of a variety of transport mechanisms and standards including Short Message Service (“SMS”), Hypertext Transport Protocol (“HTTP”), Hypertext Transport Protocol Secure (“HTTPS”), Wireless Application Protocol (“WAP”) Push, IP-based Over-the-Air (IOTA) protocol, OMA/DM, or other protocols that are known in the art or that may be developed in the future.

    If data collection “profiles”, can be pushed to the devices through any one of those methods, couldn’t other data be pushed? Mind you, this information is being pushed, to a device side application, with root access.

    This is a rootkit. It’s bad enough that CarrierIQ has this unfettered access, what if someone with even more nefarious intentions, gains access to it?

  70. 70
    RareSanity says:

    @Gromit:

    Google, on the other hand, hands it’s OS out for free, and the carriers and hardware manufacturers work out their own terms for what gets put on the devices, up to and including forking off their own flavors of the OS. The difference is night and day, and the opportunities for mischief on the part of carriers (who are at the center of this shitstorm—Google and the hardware folks are washing their hands) is dramatically enhanced by the Android model.

    There is a difference, I agree.

    I am not going to bash Apple’s products, I don’t like getting into the OS battle.

    For me, the difference is openness. Yes, Google gives their operating system away, for free, to whomever wants it. But that includes everybody, even the user’s. Anyone can go and download a copy of Android and pour through the very bowels of the operating system.

    It is that very openness, that lead to the discovery of this application. It is also that openness, that allows someone to change from the carrier provided software, to a non-carrier developed version, in a matter of minutes.

    If something like this were running on a phone with iOS or Windows Phone, depending on how well it was hidden, no one would ever know because there no direct access to the underlying operating system.

    The “jailbroken” iPhones do allow some access. But, even if something like this were discovered, it would still be up to Apple to remove it…if it was as intertwined with the operating system as this is. There is no method for someone to generate their own version of the underlying operating system, from publicly available source code, free from any modifications made by the manufacturer.

    It is one of the philosophies of open source software. You cannot have true credibility, nor true security, unless your product can withstand in-depth, public scrutiny.

  71. 71
    Winston Smith says:

    @RareSanity:

    It has access to everything, even when not on the network.

    Why would it NEED the network? It runs ON THE PHONE. I can’t say this any more clearly: DUH.

    If data collection “profiles”, can be pushed to the devices through any one of those methods, couldn’t other data be pushed?

    Like what? This is a real application, not something in a Tom Cruise movie. It doesn’t suddenly gain new powers because Neo sneezes on it.

    Mind you, this information is being pushed, to a device side application, with root access.

    Yeah, that also describe every SSHd in the universe. So what?

    This is a rootkit.

    Considering the fact that even Trevor Echhart hasn’t been able to take control of a phone with a malicious remote application, it pretty solidly fails to demonstrate the key feature of a rootkit.

  72. 72
    RareSanity says:

    @Winston Smith:

    I’m not arguing about this anymore.

    You seem to be perfectly fine with this software collecting data since there is “no proof of it sending it to a mothership”. That’s your prerogative.

    But let me ask you this, do you think someone paid CarrierIQ, to put this application on phones to never use it?

  73. 73
    Winston Smith says:

    @RareSanity:

    But let me ask you this, do you think someone paid CarrierIQ, to put this application on phones to never use it?

    Sure they use it, nitwit. They use it to collect performance metrics concerning phone use and network response, which is what it is designed and marketed to do.

    For reasons that escape me, you seem to have decided that this software does all sorts of things that it could hypothetically do, but no one — not even Trevor Eckhart — has shown that it actually does. Well great, hypothetically, I’m a sentient marmoset. Just because there is no evidence of this doesn’t mean you shouldn’t consider it an established fact.

  74. 74
    Gromit says:

    @RareSanity:

    I am not going to bash Apple’s products, I don’t like getting into the OS battle.

    I’m not here to bash Android, either. I’m not making value judgments over whether “open” is better then closed, since I think each is better for some subset of users and worse for others. If you’re the type of person whose eyes don’t glaze over at the thought of compiling and installing your own phone OS, or who doesn’t break out in a cold sweat at the thought of trying to maintain it (including potentially dealing with stuff like this rootkit) I don’t feel any need to persuade you to use my preferred mobile platform.

    But it is important to make clear that the primary beneficiaries of Android’s “openness” are not the users, most of whom will not been able to sniff stuff like this out without help, but the carriers, who are able to carry on with a lot of the terrible practices on Android that Apple has been working to eradicate, like loading phones up with carrier-specific media apps and installing low-level crap like this keylogger.

  75. 75
    Jason says:

    Please don’t use the wingut term “Fisk.” Robert Fisk may not be perfect, but he knows the middle east better than wingnuts know their own cocks.

  76. 76
    stormhit says:

    @Winston Smith:

    “Microsoft has a long history of bad security architecture and disregard for the rights of its uses”

    Spurious claim, at best. The at best being if you’re talking about 1990s MS as if that actually means anything today.

  77. 77
    Winston Smith says:

    @stormhit:

    “Microsoft has a long history of bad security architecture and disregard for the rights of its uses”
    ..
    Spurious claim, at best. The at best being if you’re talking about 1990s MS as if that actually means anything today.

    We are talking about the same Microsoft that STILL makes Internet Explorer, the least secure browser ever created, right?

Comments are closed.