Will Carrier IQ's software make your phone vulnerable to hackers?

Got a smartphone? Then Carrier IQ's software may be logging everything you do on it. Better start praying it won't get hacked.

By  

If you own a smartphone, odds are good it contains a secret piece of software that can log every single thing you do on it and send that data back to a company you’ve never heard of. Sound like a paranoid fantasy? Then you clearly haven’t heard of Carrier IQ.

Carrier IQ makes analytic software that tracks battery use, connection attempts, and other data on some 142 million smart phones.  You probably have it on yours, though you wouldn’t know it, because Carrier IQ (and your handset provider) take great pains to hide it from you and keep you from disabling it. And yes, even the mighty iPhone is not immune.

Android security researcher Trevor Eckhart discovered Carrier IQ on his HTC phone earlier this fall and blogged about it. He called it a “rootkit,” a type of software typically used by malware authors to hide nasty code where anti-virus software can’t find it.

Eckhart discovered that in addition to battery life, connections, etc, the Carrier IQ software was also capturing text messages, emails, Web histories, and every other action on his phone. He even made a 17-minute video showing how the software hides, how it’s impossible to shut off, and everything it appears to record.

Instead of addressing Eckhart’s concerns, proving he was mistaken, or modifying how its software works, CIQ sent its lawyers after him. Big mistake. And though CEO Larry Lenhart subsequently apologized and withdrew CIQ’s legal threats, it’s in the middle of a privacy s**tstorm of epic proportions, and it has only itself to blame.

InfoWorld’s Robert X. Cringely likens the CIQ mess to the Sony Rootkit CD debacle of 2005, and with good reason. Back then, Sony BMG came up with the brilliant idea of putting XCP copy protection software on some of its music CDs. If you played one of these discs in your computer, it would secretly install copy protection software on your PC in a way that was invisible to you, as well as any anti-malware software (ie, a rootkit). The software was designed to keep you from making copies of the songs and sharing them on Kazaa or Limewire.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

IT ManagementWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness