Researcher proves hidden software logs everything on mobile phones
Posted on 30 November 2011.
By now, you have already heard about the claims made by 25-year-old Trevor Eckhart that the Carrier IQ software - designed by an eponymous Mountain View company - can be considered a rootkit that logs practically all actions made by the mobile phone users on which the software has been secretly installed.

You also might have heard about the company trying to make Eckhart retract his claim, threatening him with legal action and denying that its software does anything except collecting information needed by carriers to improve the quality of their services.

As the Electronic Frontier Foundation piped up to take Eckhart's side, the company stepped on the brakes and apologized to him, likely in the hope that the matter will end there - as well as public scrutiny.

Unfortunately for them, Eckhart decided to make a video that proves that the Carrier IQ software does, indeed, log things like keystrokes, the text in received and sent SMS messages and that it has insight into browser searches even when HTTPS is used.

He points out that the software acts like a rootkit - it enables continued privileged access to the mobile devices, hides its presence from the users and subverts standard operating system functionality.

"Itís almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone," he writes. "Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself."

It apparently cannot be switched off, and it's programmed to run every time the device is booted.

Here is the list of permissions it requires - although the user is never asked to give them:

And, setting aside they collecting of data, another problem is that the software can be terminated and deinstalled only if you root the phone and replace the OS, but its code, which is present in almost every other application, will still continue to make trouble for the users by showing unexpected errors.

Eckhart demonstrated his claims by using his HTC device, but says that the software is present on most Android, BlackBerry and Nokia phones.

And Wired makes a good point: is sending your communications to Carrier IQ a violation of the federal governmentís ban on wiretapping?


Researchers track Android users by collecting accelerator readings

A group of researchers have demonstrated that Android users' movements can be tracked by simply analyzing the data provided by the devices' accelerometers and orientation sensors.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, May 27th