Do Tons Of Sprint And Verizon Phones Contain A Rootkit, Potentially Tracking All Sorts Of Info?
from the privacy,-what's-that? dept
Security researcher Trevor Eckhart has put out a report suggesting that a ton of Sprint and Verizon Wireless mobile phones have what is effectively a rootkit installed on them. Specifically, he's talking about CarrierIQ, a bit of software intended to monitor device usage, supposedly for the purpose of understanding problems that a user might be having and helping to troubleshoot remotely. The description of the software seems mostly innocuous:Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality.However, in digging into the details of the software, Eckhart realized that it can easily track all sorts of info, including what websites people are visiting and what keypresses they make. The software can also surreptitiously report where the phone is located. He further notes that the software is purposely hidden on a bunch of devices, and on many it appears that you simply can't turn it off.
It collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool
Now, I don't think anyone is suggesting anything nefarious here. There are reasons why operators like to collect this kind of data and, in the aggregate, it seems useful. But, as Eckhart looked in more detail at training materials for the software, he realized it could easily be used to track at a much more granular level, down to individuals. The potential for abuse seems pretty high. Again, it's obvious why this software is installed, but it raises questions about what carriers are doing to make sure the software isn't being abused. It's also somewhat troubling that the carriers aren't all that straightforward about how this software is monitoring their users...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: mobile, rootkit, wireless
Companies: carrieriq, sprint, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
It worked for the Government.
One wonders if this data, as it isn't "customer data" per se, is the same as a closet in an AT&T switching center.
And I am sure there is no use of this data to build demographic profiles of consumers to help target advertising from 3rd parties they have deals with.
If it looks hinky, always assume the worst. There is no money it making sure the customer gets quality service, there is money in finding new ways to have the customers generate revenue.
[ link to this | view in thread ]
Seems a bit of hyperbole
Or they could just use the cell connection data for that.
[ link to this | view in thread ]
HTC EVO 4G has this
It also is called to start at bootup from the RAMDISK "boot.img" which contains the kernel as well.
Removing it is a pain in the butt and almost always requires root access as well as full system read/write access.
[ link to this | view in thread ]
[ link to this | view in thread ]
They already know
[ link to this | view in thread ]
Android Creative Syndicate
[ link to this | view in thread ]
The carriers already know what sites your visiting and where your phone is based on what cell tower you're connected to.
If I want to go somewhere and I don't want Big Brother to know, I leave my phone at home and walk/take public transit.
[ link to this | view in thread ]
Re:
Bring on a carrier independent ubuntuPhone is what I hope for.
[ link to this | view in thread ]
Can people imagine a US senator being tracked to a brothel?
[ link to this | view in thread ]
Re:
Can people imagine a US senator not being tracked to a brothel?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
Considering in the past, IIRC, we've had cell companies threaten to sue rather than give a detailed bill to the customer I am guessing this data is not easily accessed.
Then there is the issue about what kind of safety protections are in place to make sure that not just anyone can access the information or a specific phone. Given how much Corporations have shown they "care" about customer data a login of Admin and PW of Admin sounds about right.
Other than, because we could, can you name 1 reason that the cell company needs to install a secret backdoor into consumers phones? Can you explain why they never explained publicly what the rootkit was capable of? Does CarrierIQ get any of the data to work with? The rootkit communicates with the carrier in realtime, does this affect consumer data usage? They can "task" phones to provide information, how does that effect the consumer? While there are some "upsides" to this concept, the possibilities of downsides is just as large and seem ignored.
[ link to this | view in thread ]
data is data
[ link to this | view in thread ]
Here is a link detailing what exactly CarrierIQ is and how it works:
http://forum.xda-developers.com/showpost.php?p=11763089
[ link to this | view in thread ]
If you are so worried about trusting them, why the hell did you sign a 2 year agreement without reading it?
[ link to this | view in thread ]
[ link to this | view in thread ]
Verizon abuse
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
but you're still being obtuse in thinking that its not a problem that they have all these methods to track people
[ link to this | view in thread ]
Re: Verizon abuse
[ link to this | view in thread ]
Re: Verizon abuse
[ link to this | view in thread ]
Re: Verizon abuse
[ link to this | view in thread ]
Re: Re:
I just pictured him in his office buried in lobbyist bribes so deeply he couldn't move.....
[ link to this | view in thread ]
Hackers treasure trove
[ link to this | view in thread ]