December 07, 2011, 2:28 PM — More details are emerging that reveal the Carrier IQ smartphone application does exactly what the vendor says it does. These new findings directly contradict the nearly universal allegations of keylogging, spying, and tracking, all based on the uncritical acceptance of the original analysis by Trevor Eckhart.
Eckhart published his work several weeks ago in his blog and a 17-minute YouTube video, which to date has had more than 1.7 million views. His conclusions, which purport to show that the Carrier IQ code is a rootkit and keylogger, triggered a firestorm of invective, outrage, class actions suits and calls by U.S. senators and congressmen for investigations.
The new technical details about Carrier IQ emerge from one of the few attempts, if not the only one, to dissect the vendor's code and see how it works: reverse engineering by security consultant Dan Rosenberg, who this week published the details of his analysis. Another source is Rebecca Bace, a long-time security researcher, and CEO of Infidel, a security consulting firm, who met with Carrier IQ designers and developers for several days last week to review the system and, specifically, to drill into the areas of the code related to Eckhart's accusations. Bace's background includes information security and systems monitoring, especially in monitoring functions tied to intrusion- and anomaly-detection systems.
LOOK BACK: Top 25 networking & IT stories of 2011
Both say they do not have and have not had any kind of financial relationship with the Mountain View, Calif., software vendor.
The Carrier IQ software "cannot" record SMS text messages, Web page contents or email contents; and it "cannot" record text keystrokes (though it does record which buttons are pressed in the dialer app when making a phone call), according to Rosenberg, in his blog.
"I am using the word 'cannot' literally, as in 'is not capable of, in the present tense, without being altered by modifying its code and installing a new version on the phone,'" Rosenberg writes. "It seems obvious to me that CarrierIQ could be modified in the future to perform nefarious actions: so could any application on your phone."