Researcher proves hidden software logs everything on mobile phones
Posted on 30 November 2011.
By now, you have already heard about the claims made by 25-year-old Trevor Eckhart that the Carrier IQ software - designed by an eponymous Mountain View company - can be considered a rootkit that logs practically all actions made by the mobile phone users on which the software has been secretly installed.

You also might have heard about the company trying to make Eckhart retract his claim, threatening him with legal action and denying that its software does anything except collecting information needed by carriers to improve the quality of their services.

As the Electronic Frontier Foundation piped up to take Eckhart's side, the company stepped on the brakes and apologized to him, likely in the hope that the matter will end there - as well as public scrutiny.

Unfortunately for them, Eckhart decided to make a video that proves that the Carrier IQ software does, indeed, log things like keystrokes, the text in received and sent SMS messages and that it has insight into browser searches even when HTTPS is used.

He points out that the software acts like a rootkit - it enables continued privileged access to the mobile devices, hides its presence from the users and subverts standard operating system functionality.

"Itís almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone," he writes. "Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself."

It apparently cannot be switched off, and it's programmed to run every time the device is booted.

Here is the list of permissions it requires - although the user is never asked to give them:

And, setting aside they collecting of data, another problem is that the software can be terminated and deinstalled only if you root the phone and replace the OS, but its code, which is present in almost every other application, will still continue to make trouble for the users by showing unexpected errors.

Eckhart demonstrated his claims by using his HTC device, but says that the software is present on most Android, BlackBerry and Nokia phones.

And Wired makes a good point: is sending your communications to Carrier IQ a violation of the federal governmentís ban on wiretapping?


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th