Do Tons Of Sprint And Verizon Phones Contain A Rootkit, Potentially Tracking All Sorts Of Info?

from the privacy,-what's-that? dept

Security researcher Trevor Eckhart has put out a report suggesting that a ton of Sprint and Verizon Wireless mobile phones have what is effectively a rootkit installed on them. Specifically, he's talking about CarrierIQ, a bit of software intended to monitor device usage, supposedly for the purpose of understanding problems that a user might be having and helping to troubleshoot remotely. The description of the software seems mostly innocuous:
Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality.

It collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool
However, in digging into the details of the software, Eckhart realized that it can easily track all sorts of info, including what websites people are visiting and what keypresses they make. The software can also surreptitiously report where the phone is located. He further notes that the software is purposely hidden on a bunch of devices, and on many it appears that you simply can't turn it off.

Now, I don't think anyone is suggesting anything nefarious here. There are reasons why operators like to collect this kind of data and, in the aggregate, it seems useful. But, as Eckhart looked in more detail at training materials for the software, he realized it could easily be used to track at a much more granular level, down to individuals. The potential for abuse seems pretty high. Again, it's obvious why this software is installed, but it raises questions about what carriers are doing to make sure the software isn't being abused. It's also somewhat troubling that the carriers aren't all that straightforward about how this software is monitoring their users...


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    That Anonymous Coward (profile), Nov 15th, 2011 @ 3:14pm

    Trust us to not abuse the tool.
    It worked for the Government.

    One wonders if this data, as it isn't "customer data" per se, is the same as a closet in an AT&T switching center.

    And I am sure there is no use of this data to build demographic profiles of consumers to help target advertising from 3rd parties they have deals with.

    If it looks hinky, always assume the worst. There is no money it making sure the customer gets quality service, there is money in finding new ways to have the customers generate revenue.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Steven (profile), Nov 15th, 2011 @ 3:16pm

    Seems a bit of hyperbole

    "The software can also surreptitiously report where the phone is located"

    Or they could just use the cell connection data for that.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    paperbag (profile), Nov 15th, 2011 @ 3:19pm

    HTC EVO 4G has this

    This was back on the now dated HTC EVO 4G. It's baked into the ROM in various locations. Some APKs in /system/apk. Some .so libraries in /system/lib and a conf file in /system/etc.

    It also is called to start at bootup from the RAMDISK "boot.img" which contains the kernel as well.

    Removing it is a pain in the butt and almost always requires root access as well as full system read/write access.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Nov 15th, 2011 @ 3:32pm

    3rd parties will gain control over these systems and take control over your devices, silently. The question isn't if, but when, or has it already occurred?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Scote, Nov 15th, 2011 @ 3:35pm

    They already know

    The carriers already know every website you visit and your location from the cell phone tower data and e911.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Bjorn, Nov 15th, 2011 @ 3:55pm

    Android Creative Syndicate

    One of the benefits of the rom I use on the epic 4g from ACS is that it has carrier iq removed. Many roms do this.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    PlagueSD (profile), Nov 15th, 2011 @ 4:03pm

    Ahh...more FUD.

    The carriers already know what sites your visiting and where your phone is based on what cell tower you're connected to.

    If I want to go somewhere and I don't want Big Brother to know, I leave my phone at home and walk/take public transit.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Nov 15th, 2011 @ 4:22pm

    Re:

    Well, some entity that is not one of the carriers could gain access to a large userbase's information if an exploit is developed. It seems like built in functionality rather than something they would have to develop. Maybe this wouldn't be too hard to extend an exploit to do this if the exploit requires root access anyways, but a good awareness point to raise nonetheless.

    Bring on a carrier independent ubuntuPhone is what I hope for.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Nov 15th, 2011 @ 4:31pm

    I wonder if carriers use that information to track politicians to gain leverage over them.

    Can people imagine a US senator being tracked to a brothel?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Nov 15th, 2011 @ 4:39pm

    Re:

    >Can people imagine a US senator being tracked to a brothel?

    Can people imagine a US senator not being tracked to a brothel?

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Jeff (profile), Nov 15th, 2011 @ 5:10pm

    Re: Re:

    I would actually worry if they weren't being tracked to brothels, because then they'd be making shitty laws...

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    That Anonymous Coward (profile), Nov 15th, 2011 @ 7:19pm

    Re:

    Where this handy little tool makes it easier to have those reports generated.
    Considering in the past, IIRC, we've had cell companies threaten to sue rather than give a detailed bill to the customer I am guessing this data is not easily accessed.

    Then there is the issue about what kind of safety protections are in place to make sure that not just anyone can access the information or a specific phone. Given how much Corporations have shown they "care" about customer data a login of Admin and PW of Admin sounds about right.

    Other than, because we could, can you name 1 reason that the cell company needs to install a secret backdoor into consumers phones? Can you explain why they never explained publicly what the rootkit was capable of? Does CarrierIQ get any of the data to work with? The rootkit communicates with the carrier in realtime, does this affect consumer data usage? They can "task" phones to provide information, how does that effect the consumer? While there are some "upsides" to this concept, the possibilities of downsides is just as large and seem ignored.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Nov 15th, 2011 @ 8:21pm

    data is data

    I wonder if the data it transmits counts against your data cap?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    John Nemesh, Nov 16th, 2011 @ 8:53am

    Users at XDA-Developers have known about carrierIQ for a while now. I was so mad, I wrote my Congressman about the practice (Jay Inslee D-WA)! Fortunately, a lot of custom ROMs are available for the affected phones, so if it really bothers you, you CAN remove it from your phone...but, depending on your phone, this can be a tricky process. I HIGHLY recommend that you check out the forums at XDA to learn about carrierIQ and how to remove it!

    Here is a link detailing what exactly CarrierIQ is and how it works:

    http://forum.xda-developers.com/showpost.php?p=11763089

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Nov 16th, 2011 @ 10:33am

    What is it that you think they don't already know about you? Social security number? You gave that to them. Credit card number? You gave them that too. Address? Name? Phone number? Who you call, when, and for how long? Your exact location 24 hours a day? What webpages you visit? What part of your life is left? All of these things are already in their databases WITHOUT needing CarrierIQ.

    If you are so worried about trusting them, why the hell did you sign a 2 year agreement without reading it?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Carlson Peters, Nov 16th, 2011 @ 12:06pm

    CIQ has been around for many years before Android. It is an invaluable performance tool for the carriers. A device oriented performance perspective isn't possible via the tower. It would be nice to have an on/off switch but smart phones are a walking time bomb of abuse waiting to happen anyway. The Android app store itself is the weakest link in the entire security chain and nobody gives a 2nd thought to why there are so many "free" apps on it. Do you really think that the apps you download get a complete checkout? Nevertheless, you really should be way more worried about all the crap that you load onto your PC accidentally or on purposes.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Timothy Trespas, Nov 16th, 2011 @ 1:30pm

    Verizon abuse

    I have had it used against me. As a targeted individual I was followed, survailed, drugged, gangstalked and was denied access to the internet for almost a year. A Verizon customer I went through 5 different phones and countless tech support visits with no results. Of course the problem never surfaced when I brought my phone in for support only when I left the store. I had calls rerouted to other parties, had calls disconnected as I was about to give critical info, had Internet access not work or be so slow it was useless (10 min to load a webpage) I was tracked by gps and learned that if you texted my phone a certain code it would return my gps position. I was unable to upload videos to the internet, and on 2 occasions watched my videos, photos, as well as ALl OF MY CONTACTS DELEATED from my phone remotely. I am sure that the network operators have the ability to track anything and everything you do with your phone as well as track your position and deny you services you paid for, remotely wipe data from your device, as well as see images live from the video camera and hear your conversations through the phones microphone. Weather or not it is "leagal" to do something has little to no influence on if it is done and I am wines, it is done. To think that you have privacy in this day and age is simply childish thinking. Wake of people, the system is bigger and more safisticated than we are and it is controlled by people who DO NOT have our interests at heart. They are working to control us and make us pay them money for the privalidge.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Travis, Nov 16th, 2011 @ 1:35pm

    This is BS. You don't need special software to do traffic management - it's already there in the network stack - it's called QoS/CoS, and it's a pretty basic part of network engineering. That should be all they need. Anything else is purely for marketable data collection.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    harbingerofdoom (profile), Nov 18th, 2011 @ 7:49am

    Re:

    you actually make a valid point in that the carriers already know. okay, they have this rootkit... and a ton of other ways to get the very same information.

    but you're still being obtuse in thinking that its not a problem that they have all these methods to track people

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    x, Nov 22nd, 2011 @ 6:33am

    Re: Verizon abuse

    I have seen some strange things, as you report (including the drugging incidentally). However, not as extreme but for much longer. I am still not really sure what they want, but I can say that there are two things they seem to be afraid of: (1) publicity - much is done to make you feel ashamed or afraid of collaborating with anyone else to whom this is happening (divide and conquer) (2) threat of legal action seems effective. If they step over the line, try to take it to the logical conclusion and take them to court. So far, I have found the police to be receptive, when the evidence is strong. Another possible strategy is to report all blatantly awful incidents to the police and then you will have a record with a neutral third party. Eventually a pattern will emerge. The bottom line is that most of what they do is of little real consequence and they have no right to do it.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    x, Nov 22nd, 2011 @ 6:36am

    Re: Verizon abuse

    I have seen some strange things, as you report (including the drugging incidentally). However, not as extreme but for much longer. I am still not really sure what they want, but I can say that there are two things they seem to be afraid of: (1) publicity - much is done to make you feel ashamed or afraid of collaborating with anyone else to whom this is happening (divide and conquer) (2) threat of legal action seems effective. If they step over the line, try to take it to the logical conclusion and take them to court. So far, I have found the police to be receptive, when the evidence is strong. Another possible strategy is to report all blatantly awful incidents to the police and then you will have a record with a neutral third party. Eventually a pattern will emerge. The bottom line is that most of what they do is of little real consequence and they have no right to do it.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    x, Nov 22nd, 2011 @ 6:39am

    Re: Verizon abuse

    I have seen some strange things, as you report (including the drugging incidentally). However, not as extreme but for much longer. I am still not really sure what they want, but I can say that there are two things they seem to be afraid of: (1) publicity - much is done to make you feel ashamed or afraid of collaborating with anyone else to whom this is happening (divide and conquer) (2) threat of legal action seems effective. If they step over the line, try to take it to the logical conclusion and take them to court. So far, I have found the police to be receptive, when the evidence is strong. Another possible strategy is to report all blatantly awful incidents to the police and then you will have a record with a neutral third party. Eventually a pattern will emerge. The bottom line is that most of what they do is of little real consequence and they have no right to do it.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    hmm (profile), Nov 23rd, 2011 @ 12:19pm

    Re: Re:

    I imagined it, (with great effort I might add).

    I just pictured him in his office buried in lobbyist bribes so deeply he couldn't move.....

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Changing all passwords NOW!, Nov 30th, 2011 @ 2:24pm

    Hackers treasure trove

    Don't you know that the malware industry that makes hundreds of millions of dollars stealing information has just list Carrier IQ's data center as their number 1 target. Anybody have any confidence that Carrier IQ can keep them out???

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This