Security Researcher Shows That -- Despite Carrier IQ's Claims To The Contrary -- CarrierIQ Records Keystrokes
from the now-that's-kind-of-scary dept
Yeah. So. Don't piss off a security researcher. Eckhart is back with a video showing how CarrierIQ's software does track keystrokes and sends them to a central server. He demonstrates it recording and sending data, even though Eckhart is logging into something using HTTPS. Of course, when the software is local and tracking keystrokes, HTTPS is meaningless.
By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.I would imagine that lawyers are furiously drawing up a pretty massive class action lawsuit as we speak (if it hasn't already been filed).
And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?