Carrier IQ

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • floridaorange
    I'm merely a humble butler
    • Dec 2005
    • 29116
    #1

    Carrier IQ





    The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone.
    Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control.
    But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.
    Eckhart labeled the software a “rootkit,” and the Mountain View, California-based software makerthreatened him with legal action and huge money damages. The Electronic Frontier Foundation came to his side last week, and the company backed off on its threats. The company told Wired.com last week that Carrier IQ’s wares are for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
    The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim.
    In a Thanksgiving post, we mentioned this software as one of nine reasons to wear a tinfoil hat.
    The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google.
    Cringe as the video shows the software logging each number as Eckhart fingers the dialer.
    “Every button you press in the dialer before you call,” he says on the video, “it already gets sent off to the IQ application.”
    From there, the data — including the content of text messages — is sent to Carrier IQ’s servers, in secret.
    By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.
    It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?
    And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?

    It was fun while it lasted...
    Tags: None
    • Kamal
      Administrator
      • May 2002
      • 28835
      #2
      Re: Carrier IQ

      For us Android folks running non-rooted devices, check for carrier iq

      Not Found
      https://market.android.com/details?id=org.projectvoodoo.simplecarrieriqdetector
      www.mjwebhosting.com

      Jib says:
      he isnt worth the water that splashes up into your asshole while you're shitting
      Originally posted by ace_dl
      Guys and Gals, I have to hurry/leaving for short-term vacations.
      I won't be back until next Tuesday, so if Get Carter is the correct answer, I would appreciate of someone else posts a new cap for me

        Comment

        • Funky Dredd
          Are you Kidding me??
          • May 2005
          • 3701
          #3
          Re: Carrier IQ

          So far it looks as though I am safe on WP7 (from what I have read). But you never know with AT&T.
          Mutations presents Change The Music

          Mutations (original show)
          Mutations presents Change The Music airs 4th Friday of the month on SaturoSounds


            Comment

            • Kamal
              Administrator
              • May 2002
              • 28835
              #4
              Re: Carrier IQ

              ANNNNNNND here come the lawsuits

              Page not found | Gizmodo
              http://gizmodo.com/5864488/carrier-iq-htc--and-samsung-sued-for-millions-over-tracking
              www.mjwebhosting.com

              Jib says:
              he isnt worth the water that splashes up into your asshole while you're shitting
              Originally posted by ace_dl
              Guys and Gals, I have to hurry/leaving for short-term vacations.
              I won't be back until next Tuesday, so if Get Carter is the correct answer, I would appreciate of someone else posts a new cap for me

                Comment

                • floridaorange
                  I'm merely a humble butler
                  • Dec 2005
                  • 29116
                  #5
                  Re: Carrier IQ

                  Not completely related at all but along a similar vein:

                  Naked Security – Sophos News
                  http://nakedsecurity.sophos.com/2011/12/01/android-permissions-glitch-allows-eavesdropping-data-theft/



                  Android permissions glitch allows eavesdropping, data theft





                  Researchers have found multiple holes in Android phones' permissions-based security that would allow a hacker to snatch data, monitor geolocation, send SMS messages, and even eavesdrop on conversations.
                  A group of security researchers from North Carolina State University found the glitches in eight handsets from HTC, Motorola, Samsung and Google.
                  The researchers found "explicit capability leaks" that would allow hackers to bypass key security defenses of Android that require users to grant permission to apps before those apps gain access to personal information and functions such as texting.
                  The glitchy code lies within interfaces and services added by the phone manufacturers to beef up stock firmware from Google.
                  The researchers were "surprised to find" the phones lying down on the permissions front in the war against intrusion, they said in a paper due to be presented next year at the Network and Distributed System Security Symposium.
                  In this paper, we systematically study eight popular Android smartphones from leading manufacturers, including HTC, Motorola, and Samsung and are surprised to find out these stock phone images do not properly enforce the permission-based security model. Specifically, several privileged (or dangerous) permissions that protect access to sensitive user data or phone features are unsafely exposed to other apps which do not need to request these permissions for the actual use.
                  These capability leaks constitute "a tangible security weakness for many Android smartphones in the market today," they said.
                  And, they added, the snazzier the phone, the buggier the picture, given that the more pre-loaded apps are present, the more likely the gadget is to have explicit capability leaks.
                  These are the eight Android smartphones they tested and found to be at risk:
                  HTC:
                  * Legend
                  * EVO 4G
                  * Wildfire S
                  Motorola:
                  * Droid
                  * Droid X
                  Samsung:
                  * Epic 4G
                  Google:
                  * Nexus One
                  * Nexus S
                  As if all this weren't grim enough, the researchers note that the tool they're using to validate the smartphones, which they've dubbed Woodpecker, has a number of limitations.
                  For one, Woodpecker doesn't handle native code; it only handles bytecode from Dalvik, the process virtual machine in the Android operating system that runs Android apps.
                  Woodpecker is also limited to handling 13 defined permissions, although many more exist, and apps are free to define new ones.
                  "Extending the system to handle more predefined permissions is expected to produce much the same results," the researchers say.
                  Not enough? There's more.
                  Adding support for app-defined permissions will lead to another class of capability leaks altogether: namely, chained capability leaks, where a permission might be safely passed from one app to a second app, which then unsafely passes it on along to a third app.

                  Another rugto lift to look for more bugs is among third-party apps, given that the security researches only examined pre-loaded apps in the smartphones' firmware.
                  The researchers note that capability leaks — particularly explicit ones — on phone images "are of great interest to malicious third parties." Implicit leaks are fairly rare, they say, and more likely tied to software engineering defects than constituting actual security risks.
                  But implicit leaks could be due for their day in the sun when it comes to third-party apps, since they could open the smartphones up to "collusion attacks," the researchers said.
                  A cohort of seemingly innocuous apps could conspire together to perform malicious activities and the user may not be informed of the true scope of their permissions within the system.
                  Wasn't it just last week that Google's Open Source Programs Manager, Chris DiBona, was railing against vendors of Android anti-virus software (and any minion scurrilous enough to work for one), summing up the ragged lot as being likely "charlatans and scammers?"
                  Yes, yes, I do believe it was last week that Mr. DiBona told such "scammers" that if they worked selling virus protection "for android, rim or IOS you should be ashamed of yourself [sic]."
                  Should the North Carolina State University researchers, Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang, bow their heads and slink home in shame for finding the current crop of Android bugs?
                  Well, if their cheeks do burn red, I hope they don't slink out of sight before they present their paper and roll out an even better version of Woodpecker.

                  It was fun while it lasted...

                    Comment

                    • poults
                      Platinum Poster
                      • Nov 2006
                      • 1987
                      #6
                      Re: Carrier IQ

                      Apparently this carrier IQ only affects phone that were bought in North America as the carriers forced the manufacturers to implement it.
                      Originally posted by Hoff

                      ejejejejejejejejeje!!!!! you always delivering some good dogs shits !!! thankyou

                        Comment

                        Previous template Next

                        Today's Birthdays

                        Collapse

                        [ms] Statistics

                        Collapse
                        Topics: 191,746   Posts: 1,236,948   Members: 53,129   Active Members: 67
                        Welcome to our newest member, newiron009.
                        Working...

                        We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                        By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                        I Agree