Sunday, 16 October 2011

Carrier IQ Poses a threat to your iPhone - Tracking Scandal

Carrier IQ, a diagnostic tool installed in millions of smartphones all over the world, is gathering a lot of info about your activity – possibly even recording keystrokes, content of SMS messages and more – and sending it to a third party.
It’s present on nearly all Android devices, but not Galaxy Nexus, Google Nexus One, Nexus S, or the Motorola Xoom. It’s also present on iOS devices, but it seems to be active only when the device is in diagnostic mode.
This is the short version of what is quickly becoming a very complicated story with huge implications for user privacy.
Carrier IQ is a tool whose primary purpose is recording various info which helps carriers improve the quality of service for their customers.
In October, researcher Trevor Eckhart discovered that Carrier IQ is recording, among other things, your every keystroke and possibly sending it back to Carrier IQ’s servers. Carrier IQ responded by sending Ekchart acease & desist letter and publishing a media alert, in which it claims the company is “not recording keystrokes or providing tracking tools.”
Fast forward to this week, when Eckhart posted video evidence (below) suggesting that Carrier IQ is recording keystrokes and reading incoming SMS messages on Android, more precisely on an HTC EVO 3D. Worse, the app cannot be stopped or removed by the user.

While this doesn’t prove that Carrier IQ is actually sending the data back to Carrier IQ’s servers, it’s definitely disconcerting to see all this done by an app which is completely out of users’ control.
From currently available info, Carrier IQ is present on most Android, BlackBerry and Symbian devices, but not on Google Nexus devices mentioned above, which is logical since it’s a tool meant to be used by carriers. References of Carrier IQ have also been found in iOS devices, but according to security researcher chpwn, it is disabled by default, and only works when the phone is in diagnostic mode.
All of this is reminiscent to the iPhone tracking scandal from April 2011, when it was discovered that Apple’siPhone tracks your location history. Steve Jobs then famously said – in an e-mail reply to a question from a customer – that Apple is not tracking its users’ location, but Android is tracking everyone. The authenticity of such e-mails has often been disputed, but whoever sent that message might have been right.
Many questions are still left unanswered. We don’t know what Carrier IQ does with the data it collects, or whether it sends keystrokes, SMS messages or other info back to Carrier IQ’s servers. We don’t know the nature of the deal between Carrier IQ and – seemingly – most of the world’s carriers, since almost every device which is sold together with a carrier contract has the app installed. We’ll keep you updated as the story unfolds.

