Security Researcher Shows That -- Despite Carrier IQ's Claims To The Contrary -- CarrierIQ Records Keystrokes

from the now-that's-kind-of-scary dept

Remember Carrier IQ? This was the company whose software was installed on a ton of phones out there (mainly from Verizon and Sprint), supposedly to record things like if there are dropped calls or problems or whatnot, but which actually appeared to be a rootkit that could track all sorts of info? Then, remember how, rather than respond professionally to this, Carrier IQ threatened researcher Trevor Eckhart with a copyright lawsuit over this? CarrierIQ eventually backed down... and again insisted that the claims of keystroke logging were simply not true.

Yeah. So. Don't piss off a security researcher. Eckhart is back with a video showing how CarrierIQ's software does track keystrokes and sends them to a central server. He demonstrates it recording and sending data, even though Eckhart is logging into something using HTTPS. Of course, when the software is local and tracking keystrokes, HTTPS is meaningless.
Dave Kravets at Wired highlights what's really scary about all of this:
By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.

It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?

And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?
I would imagine that lawyers are furiously drawing up a pretty massive class action lawsuit as we speak (if it hasn't already been filed).

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 1 Dec 2011 @ 4:51pm


    This is off-topic in the extreme, but is there some way that we can fit a word starting with "R" into that acronym so that it will be "SCROTUS?"

    I feel like this is in the best interest of our great nation.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.