Security Researcher Shows That -- Despite Carrier IQ's Claims To The Contrary -- CarrierIQ Records Keystrokes

from the now-that's-kind-of-scary dept

Remember Carrier IQ? This was the company whose software was installed on a ton of phones out there (mainly from Verizon and Sprint), supposedly to record things like if there are dropped calls or problems or whatnot, but which actually appeared to be a rootkit that could track all sorts of info? Then, remember how, rather than respond professionally to this, Carrier IQ threatened researcher Trevor Eckhart with a copyright lawsuit over this? CarrierIQ eventually backed down... and again insisted that the claims of keystroke logging were simply not true.

Yeah. So. Don't piss off a security researcher. Eckhart is back with a video showing how CarrierIQ's software does track keystrokes and sends them to a central server. He demonstrates it recording and sending data, even though Eckhart is logging into something using HTTPS. Of course, when the software is local and tracking keystrokes, HTTPS is meaningless.
Dave Kravets at Wired highlights what's really scary about all of this:
By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.

It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?

And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?
I would imagine that lawyers are furiously drawing up a pretty massive class action lawsuit as we speak (if it hasn't already been filed).

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 1 Dec 2011 @ 7:17pm

    Re: Re: Re: Re: Re: Disabling Carrier IQ's software

    I am currently running a rooted Samsung intercept which is why I was interested in the first place. It is running Carrier IQ. I will specifically try your solution tomorrow.

    I should qualify myself I am an embedded communications developer for a test equipment manufacturer. With that being said I have never developed on android. But I have developed for Open-embedded Angstrom and TimeSyS linux. What is described in all of the articles is not just some binaries and a couple of processes. Carrier IQ has its hooks in the kernal via kernel patches. this is how it logs keys on a hardware level these loggers "may" not be shut down by disabling the process.
    ----------------Warning Tinfoil Had Has been Donned---------
    Furthermore since practically all bootloaders are locked you have no idea what is going on there. If it were me I would have something in the bootloader that could check to see if the process is indeed running and if it is not then to re-install all related items and rename the process.

    Like I said I am not an android developer but If I was going to devise something like this for embedded linux I think this would be the way to go. ie. you could have your process write date and time to a location in memory if the bootloader then reads that place in memory and compares it to whats in boot logs. Like I said we do not know what carrier IQ does for sure. We have only scratched the surface. Does carrier Iq do what I said? No probably not but the potential is there. Which could be very scary because even a rom would not necessarily get rid of it. My last android phone was a samsung moment you installed recovery over the regular rom and then you booted into its secondary bootloader to load a rom. So even though samsungs low level bootloader remained untouched it would jump to another bootloader at least that is how I understood it to work. This method would be similar to
    ----------------------Tin Foil Hat Removed------------------
    If i am wrong in any way I apologize I just don't think this is something that should be trivialized. This is why i dont just want it frozen I want to nuke it from orbit its the only way to be sure.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.