Thursday, December 1, 2011


Carrier IQ provides telemetry to cellular carriers and manufacturers, and according to the company itself, its software is preinstalled on over 141 million phones. Now, a security researcher, Trevor Eckhart, claims that the same software is monitoring every single key you press on your smartphone, reading your SMS, and logging much of the personal data you transmit, too — all with an app that you can't remove.

Eckhart accused the company's software of monitoring vast swathes of user personal data and phoning home to the likes of Verizon, Sprint, Samsung, HTC, Nokia, and more, has posted alleged video evidence of his claims on YouTube. Originally, Carrier IQ sent Eckhart a cease-and-desist letter, then withdrew and apologized for the threat, all the while representing that the service it provides cell phone manufacturers and carriers did not "record your keystrokes" or "inspect or report on the content of your communications, such as the content of emails and SMSs."

Contrary to what Carrier IQ states, Eckhart has posted a video of the software doing just that on a HTC EVO 3D phone. Eckhart's video allegedly shows Carrier IQ's software reading incoming SMS messages even before the phone displays them to you, querying supposedly encrypted HTTPS strings, and logging keypresses, all using an application that the user cannot opt-out of, stop, or remove. The video does not show if the data is transmitted or not however.

So far Verizon and Nokia have denied the software exists on their phones and while the software can be found in Apple's iOS, it appears it is only active in debugging mode. [Verge]

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.