Do Tons Of Sprint And Verizon Phones Contain A Rootkit, Potentially Tracking All Sorts Of Info?

from the privacy,-what's-that? dept

Tue, Nov 15th 2011 3:02pm — Mike Masnick

Security researcher Trevor Eckhart has put out a report suggesting that a ton of Sprint and Verizon Wireless mobile phones have what is effectively a rootkit installed on them. Specifically, he's talking about CarrierIQ, a bit of software intended to monitor device usage, supposedly for the purpose of understanding problems that a user might be having and helping to troubleshoot remotely. The description of the software seems mostly innocuous:

Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality.

It collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool

However, in digging into the details of the software, Eckhart realized that it can easily track all sorts of info, including what websites people are visiting and what keypresses they make. The software can also surreptitiously report where the phone is located. He further notes that the software is purposely hidden on a bunch of devices, and on many it appears that you simply can't turn it off.

Now, I don't think anyone is suggesting anything nefarious here. There are reasons why operators like to collect this kind of data and, in the aggregate, it seems useful. But, as Eckhart looked in more detail at training materials for the software, he realized it could easily be used to track at a much more granular level, down to individuals. The potential for abuse seems pretty high. Again, it's obvious why this software is installed, but it raises questions about what carriers are doing to make sure the software isn't being abused. It's also somewhat troubling that the carriers aren't all that straightforward about how this software is monitoring their users...

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: mobile, rootkit, wireless
Companies: carrieriq, sprint, verizon

24 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That Anonymous Coward (profile), 15 Nov 2011 @ 3:14pm

Trust us to not abuse the tool.
It worked for the Government.

One wonders if this data, as it isn't "customer data" per se, is the same as a closet in an AT&T switching center.

And I am sure there is no use of this data to build demographic profiles of consumers to help target advertising from 3rd parties they have deals with.

If it looks hinky, always assume the worst. There is no money it making sure the customer gets quality service, there is money in finding new ways to have the customers generate revenue.
[ link to this | view in chronology ]
Steven (profile), 15 Nov 2011 @ 3:16pm

Seems a bit of hyperbole
"The software can also surreptitiously report where the phone is located"

Or they could just use the cell connection data for that.
[ link to this | view in chronology ]
paperbag (profile), 15 Nov 2011 @ 3:19pm

HTC EVO 4G has this
This was back on the now dated HTC EVO 4G. It's baked into the ROM in various locations. Some APKs in /system/apk. Some .so libraries in /system/lib and a conf file in /system/etc.

It also is called to start at bootup from the RAMDISK "boot.img" which contains the kernel as well.

Removing it is a pain in the butt and almost always requires root access as well as full system read/write access.
[ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2011 @ 3:32pm

3rd parties will gain control over these systems and take control over your devices, silently. The question isn't if, but when, or has it already occurred?
[ link to this | view in chronology ]
Scote, 15 Nov 2011 @ 3:35pm

They already know
The carriers already know every website you visit and your location from the cell phone tower data and e911.
[ link to this | view in chronology ]
Bjorn, 15 Nov 2011 @ 3:55pm

Android Creative Syndicate
One of the benefits of the rom I use on the epic 4g from ACS is that it has carrier iq removed. Many roms do this.
[ link to this | view in chronology ]
PlagueSD (profile), 15 Nov 2011 @ 4:03pm

Ahh...more FUD.

The carriers already know what sites your visiting and where your phone is based on what cell tower you're connected to.

If I want to go somewhere and I don't want Big Brother to know, I leave my phone at home and walk/take public transit.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2011 @ 4:22pm
  
  Re:
  Well, some entity that is not one of the carriers could gain access to a large userbase's information if an exploit is developed. It seems like built in functionality rather than something they would have to develop. Maybe this wouldn't be too hard to extend an exploit to do this if the exploit requires root access anyways, but a good awareness point to raise nonetheless.
  
  Bring on a carrier independent ubuntuPhone is what I hope for.
  [ link to this | view in chronology ]
- That Anonymous Coward (profile), 15 Nov 2011 @ 7:19pm
  
  Re:
  Where this handy little tool makes it easier to have those reports generated.
  Considering in the past, IIRC, we've had cell companies threaten to sue rather than give a detailed bill to the customer I am guessing this data is not easily accessed.
  
  Then there is the issue about what kind of safety protections are in place to make sure that not just anyone can access the information or a specific phone. Given how much Corporations have shown they "care" about customer data a login of Admin and PW of Admin sounds about right.
  
  Other than, because we could, can you name 1 reason that the cell company needs to install a secret backdoor into consumers phones? Can you explain why they never explained publicly what the rootkit was capable of? Does CarrierIQ get any of the data to work with? The rootkit communicates with the carrier in realtime, does this affect consumer data usage? They can "task" phones to provide information, how does that effect the consumer? While there are some "upsides" to this concept, the possibilities of downsides is just as large and seem ignored.
  [ link to this | view in chronology ]
- harbingerofdoom (profile), 18 Nov 2011 @ 7:49am
  
  Re:
  you actually make a valid point in that the carriers already know. okay, they have this rootkit... and a ton of other ways to get the very same information.
  
  but you're still being obtuse in thinking that its not a problem that they have all these methods to track people
  [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2011 @ 4:31pm

I wonder if carriers use that information to track politicians to gain leverage over them.

Can people imagine a US senator being tracked to a brothel?
[ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2011 @ 4:39pm
  
  Re:
  >Can people imagine a US senator being tracked to a brothel?
  
  Can people imagine a US senator not being tracked to a brothel?
  [ link to this | view in chronology ]
  - Jeff (profile), 15 Nov 2011 @ 5:10pm
    
    Re: Re:
    I would actually worry if they weren't being tracked to brothels, because then they'd be making shitty laws...
    [ link to this | view in chronology ]
  - hmm (profile), 23 Nov 2011 @ 12:19pm
    
    Re: Re:
    I imagined it, (with great effort I might add).
    
    I just pictured him in his office buried in lobbyist bribes so deeply he couldn't move.....
    [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2011 @ 8:21pm

data is data
I wonder if the data it transmits counts against your data cap?
[ link to this | view in chronology ]
John Nemesh, 16 Nov 2011 @ 8:53am

Users at XDA-Developers have known about carrierIQ for a while now. I was so mad, I wrote my Congressman about the practice (Jay Inslee D-WA)! Fortunately, a lot of custom ROMs are available for the affected phones, so if it really bothers you, you CAN remove it from your phone...but, depending on your phone, this can be a tricky process. I HIGHLY recommend that you check out the forums at XDA to learn about carrierIQ and how to remove it!

Here is a link detailing what exactly CarrierIQ is and how it works:

http://forum.xda-developers.com/showpost.php?p=11763089
[ link to this | view in chronology ]
Anonymous Coward, 16 Nov 2011 @ 10:33am

What is it that you think they don't already know about you? Social security number? You gave that to them. Credit card number? You gave them that too. Address? Name? Phone number? Who you call, when, and for how long? Your exact location 24 hours a day? What webpages you visit? What part of your life is left? All of these things are already in their databases WITHOUT needing CarrierIQ.

If you are so worried about trusting them, why the hell did you sign a 2 year agreement without reading it?
[ link to this | view in chronology ]
Carlson Peters, 16 Nov 2011 @ 12:06pm

CIQ has been around for many years before Android. It is an invaluable performance tool for the carriers. A device oriented performance perspective isn't possible via the tower. It would be nice to have an on/off switch but smart phones are a walking time bomb of abuse waiting to happen anyway. The Android app store itself is the weakest link in the entire security chain and nobody gives a 2nd thought to why there are so many "free" apps on it. Do you really think that the apps you download get a complete checkout? Nevertheless, you really should be way more worried about all the crap that you load onto your PC accidentally or on purposes.
[ link to this | view in chronology ]
Timothy Trespas, 16 Nov 2011 @ 1:30pm

Verizon abuse
I have had it used against me. As a targeted individual I was followed, survailed, drugged, gangstalked and was denied access to the internet for almost a year. A Verizon customer I went through 5 different phones and countless tech support visits with no results. Of course the problem never surfaced when I brought my phone in for support only when I left the store. I had calls rerouted to other parties, had calls disconnected as I was about to give critical info, had Internet access not work or be so slow it was useless (10 min to load a webpage) I was tracked by gps and learned that if you texted my phone a certain code it would return my gps position. I was unable to upload videos to the internet, and on 2 occasions watched my videos, photos, as well as ALl OF MY CONTACTS DELEATED from my phone remotely. I am sure that the network operators have the ability to track anything and everything you do with your phone as well as track your position and deny you services you paid for, remotely wipe data from your device, as well as see images live from the video camera and hear your conversations through the phones microphone. Weather or not it is "leagal" to do something has little to no influence on if it is done and I am wines, it is done. To think that you have privacy in this day and age is simply childish thinking. Wake of people, the system is bigger and more safisticated than we are and it is controlled by people who DO NOT have our interests at heart. They are working to control us and make us pay them money for the privalidge.
[ link to this | view in chronology ]
- x, 22 Nov 2011 @ 6:33am
  
  Re: Verizon abuse
  I have seen some strange things, as you report (including the drugging incidentally). However, not as extreme but for much longer. I am still not really sure what they want, but I can say that there are two things they seem to be afraid of: (1) publicity - much is done to make you feel ashamed or afraid of collaborating with anyone else to whom this is happening (divide and conquer) (2) threat of legal action seems effective. If they step over the line, try to take it to the logical conclusion and take them to court. So far, I have found the police to be receptive, when the evidence is strong. Another possible strategy is to report all blatantly awful incidents to the police and then you will have a record with a neutral third party. Eventually a pattern will emerge. The bottom line is that most of what they do is of little real consequence and they have no right to do it.
  [ link to this | view in chronology ]
- x, 22 Nov 2011 @ 6:36am
  
  Re: Verizon abuse
  I have seen some strange things, as you report (including the drugging incidentally). However, not as extreme but for much longer. I am still not really sure what they want, but I can say that there are two things they seem to be afraid of: (1) publicity - much is done to make you feel ashamed or afraid of collaborating with anyone else to whom this is happening (divide and conquer) (2) threat of legal action seems effective. If they step over the line, try to take it to the logical conclusion and take them to court. So far, I have found the police to be receptive, when the evidence is strong. Another possible strategy is to report all blatantly awful incidents to the police and then you will have a record with a neutral third party. Eventually a pattern will emerge. The bottom line is that most of what they do is of little real consequence and they have no right to do it.
  [ link to this | view in chronology ]
- x, 22 Nov 2011 @ 6:39am
  
  Re: Verizon abuse
  I have seen some strange things, as you report (including the drugging incidentally). However, not as extreme but for much longer. I am still not really sure what they want, but I can say that there are two things they seem to be afraid of: (1) publicity - much is done to make you feel ashamed or afraid of collaborating with anyone else to whom this is happening (divide and conquer) (2) threat of legal action seems effective. If they step over the line, try to take it to the logical conclusion and take them to court. So far, I have found the police to be receptive, when the evidence is strong. Another possible strategy is to report all blatantly awful incidents to the police and then you will have a record with a neutral third party. Eventually a pattern will emerge. The bottom line is that most of what they do is of little real consequence and they have no right to do it.
  [ link to this | view in chronology ]
Travis, 16 Nov 2011 @ 1:35pm

This is BS. You don't need special software to do traffic management - it's already there in the network stack - it's called QoS/CoS, and it's a pretty basic part of network engineering. That should be all they need. Anything else is purely for marketable data collection.
[ link to this | view in chronology ]
Changing all passwords NOW!, 30 Nov 2011 @ 2:24pm

Hackers treasure trove
Don't you know that the malware industry that makes hundreds of millions of dollars stealing information has just list Carrier IQ's data center as their number 1 target. Anybody have any confidence that Carrier IQ can keep them out???
[ link to this | view in chronology ]