How much of a security risk is there due to Carrier IQ being installed on your mobile phone?

rtrembley

There is a lot of personal data on peoples' smartphone, at least if they use them like I do.  Sprint and AT&T have said they don't look at at messages, videos, photos, etc. , which is good assuming it is true, but does Carrier IQ open your mobile up to being a target for hackers and the like?  How much concern is reasonable over having software that logs everything you do from the websites you visit to the content of your text messages?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (15)

Well if it's an iPhone you can easily turn it off. It's more complicated though if you are using an Android phone.

Here's a good article that includes a video that covers what Carrier IQ can do.

Carrier IQ Video Shows Alarming Capabilities Of Mobile Tracking Software
http://techcrunch.com/2011/11/29/carrier-iq-video-shows-alarming-capabil...

"You may be aware of the growing controversy surrounding Carrier IQ, a piece of software found pre-installed on Sprint phones that, according to developers who have investigated, is capable of detecting, recording, and transmitting various user actions and inputs. Among the data CIQ potentially has access to are location, SMS, apps, and key presses.

News of the software has been percolating for months on development forums, but when Trevor Eckhart recently summarized his findings, he found himself facing a cease and desist while Sprint vigorously denied the charges, saying “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool.”

The C&D was quickly retracted, but Eckhart has now released a video that seems to give the lie to both Sprint and Carrier IQ’s assurances."

mstrauss
Vote Up (14)

 

I think it is reasonable that people are concerned about Carrier IQ basically opening up your smartphone to your provider.  Think of it this way; Would you be concerned if a 3rd party installed a keylogger on your device and had access to it anytime they wished?  Well, Carrier IQ is worse than a simple keylogger:  

 

"...available memory and battery life, the type of applications resident on the device, the geographical location of the device, the end user’s pressing of keys on the device, usage history of the device, including those that characterize a user’s interaction with a device." http://androidsecuritytest.com/features/logs-and-services/loggers/carrie...

 

So your browsing history and log-in information including passwords is there for the taking?  Ever do any online banking?  Like the idea that your account number and login is within reach of the good people at AT&T, whenever they want it?  Me neither.  Oh sure, AT&T (I'm picking on them because I just wasted 30 mins with their "customer service" last week), good upstanding company that they are, assures us that they aren't using all the data they are able to access.  Sure, for now.  Maybe.  Hmmm, wonder if there could be any dishonest employees at AT&T that may be less pure of intention....  

 

I didn't sign up to have Big Blue Brother looking over my shoulder.  I think it is imminently reasonable to expect companies to tell us exactly what data they are collecting and that they provide a robust opt-out option for data tracking.  Their customers are people, not lab rats, but if you are going to treat customers as lab rats anyway, at least have the decency to be honest to them about what you are doing.

 

Ask a question

Join Now or Sign In to ask a question.
Start-up SentinelOne is offering security software for behavior-based malware detection intended to augment, not replace, the type of full anti-virus endpoint protection suites that typically also have signature-based defense, a firewall and other features.
A type of malware called Reveton, which falsely warns users they've broken the law and demands payment of a fine, has been upgraded with powerful password stealing functions, according to Avast.
An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.
University and vendor researchers are congregating in San Diego this week at USENIX Security '14 to share the latest findings in security and privacy, and here are 5 that jumped out to me as being particularly interesting.
Nearly all of Facebook's outbound notification emails are now encrypted while traveling the Internet, a collaborative feat that comes from the technology industry's push to thwart the NSA's spying programs.
Many former employees retain alarming levels of access to critical business applications after they've stopped working for a company, a survey for cloud services firm Intermedia has claimed.
Symantec will consolidate its cluttered Norton line of security software, folding nine products into one online service that can be used across desktop computers and mobile devices.
The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft.
A senior U.S. senator is asking airlines about their data privacy practices, saying he's concerned about what information the companies are collecting and sharing with third parties.
GuardiCore developing "honeypot" approach to detecting and blocking stealthy attacks.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness