Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher

Discussion in 'other security issues & news' started by Searching_ _ _, Nov 24, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    For those not familiar with the situation involving Carrier IQ:

    Carrier IQ is a Rootkit - Android Security Test

    In an attempt to stop any damage, Carrier IQ sued the security researcher, but with EFF's help the baseless lawsuit was beaten back and the company apologized.

    Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher - EFF

    Bugger off! :D
    I hope they don't move to har:blink:

     
  2. tlu

    tlu Guest

  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Re: Rootkit on millions of smartphones?

    Links 2/3 don't work.

    And it's pretty easy to not get infected. I only install apps that I know are legit.

    Using a custom ROM is a nice way to avoid built in "malware."
     
  4. tlu

    tlu Guest

    Re: Rootkit on millions of smartphones?

    They work for me. I had to click the reload button, though.

    But it seems that this rootkit is installed by default on many smartphones.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Re: Rootkit on millions of smartphones?

    Yes, that's why using a custom ROM is my recommendation. I don't know of any ROMs that leave it in.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    The vendors allow installation of this plague?
    I thought you can't install junk without google's blessing on those things.
     
  8. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    I hope those guys get sued...
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    http://franken.senate.gov/?p=press_release&id=1868
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Senator Seeks Answers About Phone Logging Software (Carrier IQ called "rootkit")

    http://www.npr.org/blogs/thetwo-way...wers-about-phone-logging-software?sc=fb&cc=fp

    http://www.npr.org/blogs/thetwo-way...ret-software-on-phones-logs-nearly-everything

     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Carrier IQ Speaks: Our Software Monitors Service Messages, Ignores Other Data
     
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Critics Line Up to Bash Maker of Secret Phone-Monitoring Software

    More
     
  16. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Well I suppose one question is why didn't any of the security software I've used on my Android detect this? Either it slipped right passed or was white listed. Any other explanation? I've used BitDefender, Dr. Web, Kaspersky, Zoner, Webroot...maybe some others. But none alerted to this "rootkit" type behavior.
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
  18. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Interestingly, Carrier IQ does not mention anything about not recording internet activity such as searches (even https sites as on the Eckhart video) or web browsing...or collecting key strokes from that activity.
     
  19. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    Carrier IQ 'Vigorously Disagrees' with Critics
    December 1, 2011


    Carrier IQ, the analytics firm which has been under fire for cell phone data its software is able to collect unbeknownst to users, has offered a new explanation for what its technology can and can't do, and how its operator customers use it.

    "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video," the company said in a statement released Thursday.

    Carrier IQ also said that it "vigorously disagrees" with allegations that the company has violated wiretap laws.

    Among Carrier IQ's customers are Sprint, AT&T, and T-Mobile—three of the nation's four largest wireless carriers. The fourth, Verizon, has said it doesn't use Carrier IQ. Sprint and AT&T said Thursday that they use the software for network performance purposes and not user tracking.

    Carrier IQ itself says that its technology "makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the operators provide optimal service efficiency." Carrier IQ software is deployed on 141 million handsets and growing, according to the company.

    Security researcher Trevor Eckhart published a report last month that described how Carrier IQ's software is able to track cell phone activity such as texts, call history, apps used, and location history. That led Carrier IQ to send a cease-and-desist letter to Eckhart, but the company later recanted and apologized for doing so.

    Carrier IQ said Thursday's statement was an "update" to its Nov. 23 statement, presumably the apology and clarification it released on that date concerning the Eckhart matter.

    The company may have felt obliged to further defend itself given that Congress on Thursday inserted itself into the fray, with Sen. Al Franken (D-Minn.) penning a letter to Carrier IQ CEO Larry Lenhart asking for specific information about the type of data collected by the company's software.

    "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," Franken said in a statement. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling."

    Eckhart also has not been mollified by Carrier IQ's explanations. As PCMag.com's sister site Geek.com reported this week, the researcher has released a video (below) that demonstrates how Carrier IQ technology runs in the background on an Android-based HTC smartphone, though it does not show up on the list of active applications and Eckhart said he could not force stop Carrier IQ from running.

    In its statement, Carrier IQ said consumer privacy is protected through its "trusted relationship" with its operator customers.

    "As a condition of its contracts with operators, CIQ operates exclusively within that framework and under the laws of the applicable jurisdiction," the statement said. "The data we gather is transmitted over an encrypted channel and secured within our customers' networks or in our audited and customer-approved facilities."

    Carrier IQ also quoted Infidel Inc. security analyst Rebecca Bace as saying that "allegations of keystroke collection or other surveillance of mobile device user's content [by Carrier IQ] are erroneous."

    http://www.pcmag.com/article2/0,2817,2397141,00.asp
     
  20. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Rebecca/Becky Bace has an impressive resume and career.

    "Her career includes roles in research, development, operational management, and strategy, in settings ranging from the U.S. Intelligence Community (NSA) to a national laboratory (Los Alamos National Laboratory) to her current role as a strategic consultant in Silicon Valley. Ms. Bace is currently President and CEO of Infidel, Inc., a strategic consulting firm focusing on information security and risk management, and a venture consultant for Trident Capital, where she oversees Trident’s security-related investment portfolio.
    Although Ms. Bace is acknowledged most often for her work in intrusion detection (she is credited with successfully funding and transferring the first generation of intrusion detection technology to the commercial market,) she is also considered an key influencer in other security technology areas.
    Her publication credits include the books Intrusion Detection (Macmillan, 2000) and (with Fred Chris Smith) A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony as An Expert Technical Witness, (Addison-Wesley, October, 2002)"
    link

    Some witness for the defendant.
    I wonder if she's asked to defend Carrier IQ's 'network diagnostic tool' because of her 'network expertise' or because of her role as a venture capital consultant.

    And how do you get this program on your phone?
    Is it installed by the phone manufacturer or carrier?
    Only on 'carrier package phones'; installed on a phone by the manufacturer on behalf of the carrier or can you also 'get' it when buying a phone and sim separately?
     
  21. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    "Consumer Watchdog wants probe of Carrier IQ, carriers" : https://www.computerworld.com/s/art...ts_probe_of_Carrier_IQ_carriers?taxonomyId=17

     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Researchers Identify Serious Capability Leaks in Many Android Phones

    From http://threatpost.com/en_us/blogs/r...s-capability-leaks-many-android-phones-120211:
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  24. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  25. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Re: Researchers Identify Serious Capability Leaks in Many Android Phones

    On the Android market is an application called "Permissions" and, by the same author, "Fix Permissions" for use if needed when an application won't run because of the change. "Permissions" requires root access.
    The purpose of this app is to be able to disable all those unneeded rights by the vendor installed stuff or downloaded from the market. Many of those apps need so much permission that Windows suddenly looks so safe :)
     
Loading...
Thread Status:
Not open for further replies.