Few days back, Trevor Eckhart of
Connecticut revealed that many Android, BlackBerry and Nokia phones come
bundled with software called IQRD developed by a company called Carrier
IQ that secretly logs everything a user does on the mobile phone.
The creepy thing is that Eckhart found
the software logging even personal information such as text messages and
web searches, which has raised serious privacy concerns.
Carrier IQ on it's part denies its software logs keystrokes and claims that their software is “gathering
information off the handset to understand the mobile-user experience,
where phone calls are dropped, where signal quality is poor, why
applications crash and battery life.” However, a video published by Eckhart clearly undercuts that claim.
PC World reports:
After connecting
his HTC device to his computer, Trevor found that IQRD is secretly
logging every single button that he taps on the phone--even on the
touchscreen number pad. IQRD is also shown to be logging text messages.
In the video,
Eckhart shows that Carrier IQ is also logging Web searches. While this
doesn't sound all that bad by itself, it suggests that Carrier IQ is
logging what happens during an HTTPS connection which is supposed to be
encrypted information. Additionally, it can do this over a Wi-Fi
connection with no 3G, so even if your phone service is disconnected,
IQRD still logs the information.
Wired
reports that Carrier IQ apparently threatened to sue Eckhart but backed
down when Electronic Frontier Foundation backed his findings. Forbes
believes that the company may have violated wiretapping laws.
According to Eckhart, it is not possible for a user to turn off the logging on the Android based HTC smartphone.
Interestingly, iPhone developer and
hacker - chpwn reports that he has also found references of Carrier IQ's
software in Apple's iOS, but it seems to be logging information related
to device's performance and does not seem to have access to capture
information such as text messages and Web searches like seen on the HTC
smartphone.
Carrier IQ is run from a number of
different daemons, depending on the firmware version of the device: (You
can view this on a jailbroken iPhone with iFile or extract it from a software update bundle if you want to check the files out yourself.)
- iOS 3:
/usr/bin/IQAgent - iOS 4 and 5:
/usr/bin/awd_ice2or/usr/bin/awd_ice3
chpwn concludes:
Importantly, it
does not appear the daemon has any access or communication with the UI
layer, where text entry is done. I am reasonably sure it has no access
to typed text, web history, passwords, browsing history, or text
messages, and as such is not sending any of this data remotely.
The good news is that iPhone users can
choose to disable the logging by simply going to Settings -> General
-> About -> Diagnostics & Usage -> Don't Send.
While we are fine with carriers
collecting information related device's performance, Carrier IQ seems to
have crossed the line by even recording key strokes on the mobile
phone.
Let us know what you think in the comments below.
0 Comment
Post a Comment