Carrier IQ snoops on US cell users - Spyware or service monitoring tool?

Filed Under: Data loss, Featured, Law & order, Malware, Mobile, Privacy

Android under a spyglassLast week a very scary piece of research was published by Trevor Eckhart about spyware that is being included on cellular phones in the United States. The commercial software application is called Carrier IQ and is reportedly being used by Verizon, Sprint and potentially other carriers.

Carrier IQ was unhappy with Eckhart publishing public copies of their training materials and proceeded to send a cease and desist letter to Mr. Eckhart.

Fortunately Eckhart worked with the EFF to explain things to Carrier IQ and their CEO responded with an apology promising to work with the EFF and Eckhart.

Eckhart analyzed the software that was running on his Android-based HTC phone (Carrier IQ also supports Blackberry, Nokia and others) and discovered it was doing some rather sneaky things.

It was installed in such a manner as to be largely invisible, it was logging his location even when he had location services disabled and keeping track of every key press and URL he visited (including HTTPS urls).

The software ignored the "Force stop" button and was nearly impossible to remove from the device for non-Android hackers.

There does not appear to have been any notification or privacy policy presented to alert phone owners to its presence either.

What is unknown is what data is being sent back to the carriers and to Carrier IQ. Eckhart's research only shows the data that is being collected, not what data is being reported back.

The company claims the software is designed to help mobile phone carriers to improve their service quality by measuring where calls drop, what applications are causing performance issues and which handsets may have problems on their networks.

This may be true, but the inability to opt-out or remove the software without informing the user is extremely concerning. Combine that with all of the sensitive information the software is designed to intercept and it raises far more questions about how this software is being used.

While Eckhart calls Carrier IQ a rootkit, I am not sure I entirely agree. It does not completely hide from the system as he demonstrates in his YouTube video demonstrating his research.

-
(Enjoy this video? Why not check out the SophosLabs YouTube channel?)

Our use of personal computing devices to communicate and interact with extremely sensitive information is enabling organizations to surreptitiously monitor and potentially monetize our private lives.

Monitoring your location is scary enough if you have disabled the feature, but collecting every keystroke and website you visit is an even more chilling thought.

If Carrier IQ is loaded on your phone you may wish to contact your carrier to find out how you can opt-out of participating. Verizon Wireless has made statement available to their customers allowing them to opt-out, although it doesn't appear to disable/remove the software.

Update: Reports have surfaced that Carrier IQ references have been found in Apple's iOS going back as early as version 3. We will post more as details surface.

Update 2: Verizon denies utilizing the Carrier IQ software, but Sprint and AT&T have confirmed they utilize the software.

, , , , , ,

You might like

8 Responses to Carrier IQ snoops on US cell users - Spyware or service monitoring tool?

  1. Carrier IQ is running on my brand new AT&T HTC Vivid in the manner Eckhart describes: shows as running app but can't be stopped and appears to be hidden in all other application references.

    I called AT&T Customer Service, which claimed this was an issue I should raise with HTC and forwarded my call HTC's call center, where I was read a statement that it is a "carrier requirement" and that HTC has no control over it, and sent me back to AT&T.

  2. nick k · 1064 days ago

    Sir
    I DO NOT LIKE THE IDEA OF MY INFO BEEN GIVED OUT WITH OUT MY CONCENT.NOT GOOD AT ALL.

  3. Carolyn · 1064 days ago

    That's just not right. Regardless of what its for I believe it to be a total invasion of my privacy! I'd want it stopped immediately! What can be done to assure us this has stooped? What can we do as consumers to force this to end? Why have a cellphone? We can just use bullhorns! I'm really angry. Keep us posted! Thank you! @@@

  4. If you are running android, there are notes here on how to tell if carrier iq is on your phone: http://forum.xda-developers.com/showpost.php?p=11...

  5. TooAware · 1064 days ago

    As a target for hacking, the database of all the data collected would be extraordinarily lucrative for the perpetrator. Imagine all the account passwords that could be stolen!
    And the existence of and ability to opt out was kept secret from the very people who could be must hurt by this type of data theft. Corrupt one person involved in the creation of CarrierIQ and what happens? Well, we would never know. That would be secret, too.

  6. Bobbi · 1063 days ago

    This is absolutely appalling. No privacy whatsoever!

  7. More details regarding iOS and CarrierIQ can be found here: http://blog.chpwn.com/post/13572216737
    Synopsis: If you're running iOS5, it requires you to have "Automatically Send" enabled for Diagnostics & Usage (found in Settings->General->About->Diagnostics & Usage). Also, it does not appear to have access to the keyboard or anything else to do with smartphone functionality other than CoreTelephony data, and CoreLocation data (you can disable this via Settings->General->Restrictions->Location -- my guess is that the System Services->Setting Time Zone option is used, but that's just a guess).

  8. Guest · 1063 days ago

    OMG !! I will be checking my phone shortly and I will share this article on FB too. Unreal ... but the company I contract with may be doing even worse snooping. :(

    Thank you very much for posting this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.