Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

The New Smartphone Threat to Your Privacy

by Robert E. Calem on December 02, 2011

Privacy Risk signThe Web is abuzz about a newly revealed privacy threat to smartphone users––a "keystroke logger" program from a company named Carrier IQ that constantly runs in the background, without the user's knowledge. The software records personal information and events ranging from phone numbers dialed to the content of text messages and information typed in to presumably secure websites.

Researcher Trevor Eckhart discovered the Carrier IQ software running on an HTC Evo smartphone from Sprint and posted a YouTube video detailing his finding. But Eckhart does not limit his finger pointing to this Android-powered smartphone. At the beginning of the video he states that the Carrier IQ software can also be found on BlackBerry and Nokia phones.

Yet beyond an esoteric fix suggested by Engadget––a solution that is beyond the capabilities of most consumers––it appears that there is little that average smartphone users can do to disable the Carrier IQ software on their devices right now.

Meanwhile, responses to the video have been numerous, and have been both supportive of Eckhart's finding and contrarian.

It has been reported by The Houston Chronicle and others, for example, that Carrier IQ denies the validity of Eckhart's video and wants additional third-party corroboration of his findings, that HTC says the software is installed because carriers want it to be, and that Sprint asserts no personal information is sent to the carrier because the software is used strictly to analyze cellular network performance.

In his Twitter feed earlier today, Verizon Wireless spokesman Jeffrey Nelson stated that the Carrier IQ software is not on any of that carrier's handsets. And Apple said in a statement sent today to the All Things D blog that it "stopped supporting Carrier IQ" in its latest iOS 5 mobile operating system "in most of our products" and plans to remove any remaining traces of the Carrier IQ software in a future iOS update. In its story, the Chronicle reported finding Carrier IQ in an iPhone running iOS 5, but said that it was disabled unless the user selected in the Settings menu to have the device send diagnostic data to Apple. In that case, Apple says, the data sent to the company is anonymized.

But Stephen B. Wicker, a professor of electrical and computer engineering at Cornell University in Ithaca, NY, and an expert in cellphone security technology, strenuously challenges the assertion that any such data is anonymous. "Carrier IQ claims that the collected data is 'anonymized.' Let's give this a moment's thought," he says. "How hard would it be to de-anonymize a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords? Since Carrier ID tracks keystrokes, it has the potential to capture passwords and banking data that are normally encrypted prior to transmission through the cellular network. This is my worst nightmare," he says.

Wicker's book "Cellular Convergence and the Death of Privacy" is scheduled to be published late next year by Oxford University Press. "When combined with the concept of cellular convergence––ever increasing numbers of information processing tasks performed on the cellular platform––Carrier IQ stands out as an immense threat to individual privacy," he adds. "As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention."

In fact, Sen. Al Franken (D-MN) today called on Carrier IQ to clearly explain the software and its privacy implications to consumers. In a statement on his website, Franken said, "Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information. The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer.”

See the video below for a full demonstration of how Carrier IQ is capturing information.


Topics

Phones and Mobile, News, Cell Phones, Blog, Privacy


Discussion loading

gravatar

From Kevin D. Murray on December 02, 2011 :: 12:24 pm


“Is my cell phone bugged?” is a question I hear all the time. Business clients to family members are concerned about spyware.

It prompted me to write a book called “Is My Cell Phone Bugged?” (published in June). It gives the average person simple diagnostic checklists and tests to perform so they can answer the question themselves. Other chapters demystify other spy tricks, and provide tips on bullet-proofing a smartphone against future attacks.

The top three tips:
• Start with a clean operating system.
• Password protect your phone.
• Never loan or let the phone out of your control.
Doing these three things alone will reduce the risk by about 75%.

Carrier IQ is now a known issue. At least, now you know who has your data, and why. The spies with less benign motives are the ones to worry about, and their software isn’t as easily exposed.

Kevin D. Murray - CPP, CISM
Murray Associates
Eavesdropping Detection and Counterespionage Consulting Services to Business & Government.

Reply

gravatar

From Rich Moser on December 02, 2011 :: 2:31 pm


I think a word to the wise is appropriate here. As long as there is greed, there will be people who will go outside the general social rules of accepted behavior in order to get an advantage. The rest of us—undermotivated cooperators that we are—need to always remember this, and examine each new situation that presents itself with this in mind. It may be in our human nature to trust blindly to an extent, but we need to “override that program” with an understanding that a few others are trying to get an advantage—and since they don’t know us, they probably don’t care about what happens to us enough to stop their greed from pushing them over social boundaries. Therefore do not trust blindly, especially where big industries and large governments are involved.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.