DCSportbikes.net  
» Help Support .NET!
DCSportbikes Premier Membership for 25$ per year. Discounts! Click here for full information.

Now available in the .NET Shop:



Get your DCSBN Gear!
» Shoutbox
Sorry, only registered users have the ability to use our real-time shoutbox to chat with other members.

Register now, it's free!
» Online Users: 527
0 members and 527 guests
No Members online
Most users ever online was 4,519, September 2, 2015 at 03:26 AM.
Go Back   DCSportbikes.net > Non-Sportbike Forums > Non-Sportbike Chat

Reply
LinkBack Thread Tools
Secret 3rd Party Logging Software Discovered on Android, Blackberry, and Nokia Phones
Unread
  (#1)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,590
Join Date: August 25, 2008
Location: Washington, D.C.
Secret 3rd Party Logging Software Discovered on Android, Blackberry, and Nokia Phones - December 1, 2011, 08:22 AM

This one is pretty nefarious and I'm sure will end up getting Carrier IQ, manufacturers, and the carriers in a class action lawsuit.

It's not just logging and delivering network traffic from your phone, it was logging EVERYTHING you did on your phone and then delivering the data indiscriminately to Carrier IQ, the manufacturer, and the network provider (who would have say, access to a text message) but not encrypted searches or what you did on your phone while it was off the network.




Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything


The juicy stuff:
@ 13:00 - Logging your text messaging in plain text
@ 15:00 - Logging your encrypted browser sessions, user ID and password in plain text

@ 9:00 - Key logging techno jargon display




The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone.


Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control.
But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.


Eckhart labeled the software a “rootkit,” and the Mountain View, California-based software maker threatened him with legal action and huge money damages. The Electronic Frontier Foundation came to his side last week, and the company backed off on its threats. The company told Wired.com last week that Carrier IQ’s wares are for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim.
In a Thanksgiving post, we mentioned this software as one of nine reasons to wear a tinfoil hat.
The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google.
Cringe as the video shows the software logging each number as Eckhart fingers the dialer.


“Every button you press in the dialer before you call,” he says on the video, “it already gets sent off to the IQ application.”
From there, the data — including the content of text messages — is sent to Carrier IQ’s servers, in secret.


By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.
It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?
And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?






================================================== ====================




Carrier IQ's response:




MEDIA ALERT



Measuring Mobile User Experience Does Matter!



Mountain View, CA – November 16, 2011 – Carrier IQ would like to clarify some recent press on how
our product is used and the information that is gathered from smartphones and mobile devices.

Carrier IQ delivers Mobile Intelligence on the performance of mobile devices and networks to assist
operators and device manufacturers in delivering high quality products and services to their
customers. We do this by counting and measuring operational information in mobile devices – feature
phones, smartphones and tablets. This information is used by our customers as a mission critical
tool to improve the quality of the network, understand device issues and ultimately improve the
user experience. Our software is embedded by device manufacturers along with other diagnostic tools
and software prior to shipment.

While we look at many aspects of a device’s performance, we are counting and summarizing
performance, not recording keystrokes or providing tracking
tools. The metrics and tools we derive are not designed to deliver such information, nor do we have
any intention of developing such tools. The information gathered by Carrier IQ is done so for the
exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rd
parties. The information derived from devices is encrypted and secured within our customer’s
network or in our audited and customer-approved facilities.

Our customers have stringent policies and obligations on data collection and retention. Each
customer is different and our technology is customized to their exacting needs and legal
requirements. Carrier IQ enables a measurable impact on improving the quality and experience of our
customers’ mobile networks and devices. Our business model and technology aligns exclusively with
this goal.




For media Commentary, contact:
Mira Woods
Phone: 617-513-7020
Email: mwoods@carrieriq.com


Carrier IQ :: Welcome



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527


Last edited by Heist; December 1, 2011 at 08:47 AM..
  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#2)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
December 1, 2011, 08:23 AM

Oh my god, you mean carriers are tracking what we do? Get out of town.


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#3)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
December 1, 2011, 08:30 AM

naw this claims they're actually storing out passwords and shit. I normally don't care about apple tracking me and shit, but this is a little too far. I done feel violated


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#4)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
December 1, 2011, 08:32 AM

Quote:
Originally Posted by Tecknojoe View Post
naw this claims they're actually storing out passwords and shit. I normally don't care about apple tracking me and shit, but this is a little too far. I done feel violated
Apple apparently isn't in the list of phones with this stuff on it....

Another reason for me to switch back


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#5)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
December 1, 2011, 08:37 AM

iphone tracks some other data, I think everything short of passwords, and it's off by default.

lesser of 2 evils

I never saw anything listed about tracking passwords and user data when I looked up the specs for my phone. I should go to the att store and let them know


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#6)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
December 1, 2011, 08:38 AM

Quote:
Originally Posted by Tecknojoe View Post
iphone tracks some other data, I think everything short of passwords, and it's off by default.

lesser of 2 evils

I never saw anything listed about tracking passwords and user data when I looked up the specs for my phone. I should go to the att store and let them know
It's not in the EULA either. I wonder if this will bring about contract terminations and maybe even a class-action suit.


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#7)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,590
Join Date: August 25, 2008
Location: Washington, D.C.
December 1, 2011, 08:40 AM

Quote:
Originally Posted by thefitzvh View Post
Oh my god, you mean carriers are tracking what we do? Get out of town.
Fitz, this is magnitudes worse than tracking. Tracking I can sort of tolerate. This is a clear violation of privacy.

They're capturing, logging, and transmitting what's on your phone! Your account codes (if you bank online), encrypted data, the body of text messages, the body of any email, every button push or keystroke inside or outside an application, etc. etc. and the software is doing this whether the phone is connected to the official network or not.


Worse once the phone does connect, it indiscriminately data dumps everything you did to Carrier IQ who then passes this information to manufacturers and the carriers.


Why does Blackberry or Tmobile need to know the body of the PM I sent to David636 this morning? Or what my banking passcode is? Or that I began to dial my cousin's number and then decided not to.

In essence, it's no different than trojan key logger except there's no way to turn this crap off or to opt out. This was a very poor decision on the part of manufacturers and carriers.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#8)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
December 1, 2011, 08:41 AM

Am agree with heist. They crossed the line on this one.

I'm also posting this because I want to use the word Cyber.

Cyber infringement


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#9)
The last urrbendah
 
Stillie's Avatar
 
Posts: 18,909
Join Date: February 5, 2003
Location: Kickin' it with Stevie Janowski
December 1, 2011, 08:54 AM

Quote:
Originally Posted by thefitzvh View Post
Apple apparently isn't in the list of phones with this stuff on it....

Another reason for me to switch back
It was well documented that iPhones were doing it a few months ago. Will probably turn up in the first few google hits. Not to the extent of text messages or passwords though.


13 KTM 200 XC-W
15 KTM 350 XC-F

I might have a dirt bike problem.
  Send a message via AIM to  
Reply With Quote
Unread
  (#10)
TPG og
 
b00st's Avatar
 
Posts: 8,576
Join Date: October 9, 2008
Location: Hanover, PA
December 1, 2011, 08:54 AM

download logging test app here http://www.androidsecuritytest.com

do CIQ check.

my Casio Commando is Carrier IQ free... so at least I know Casio doesn't sell it's customers out
  Send a message via AIM to Send a message via AIM to b00st  
Reply With Quote
Unread
  (#11)
The last urrbendah
 
Stillie's Avatar
 
Posts: 18,909
Join Date: February 5, 2003
Location: Kickin' it with Stevie Janowski
December 1, 2011, 09:01 AM

Quote:
Originally Posted by b00st View Post
download logging test app here http://www.androidsecuritytest.com

do CIQ check.

my Casio Commando is Carrier IQ free... so at least I know Casio doesn't sell it's customers out
And you can get a sweet calculator watch from them.


13 KTM 200 XC-W
15 KTM 350 XC-F

I might have a dirt bike problem.
  Send a message via AIM to  
Reply With Quote
Unread
  (#12)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
December 1, 2011, 09:01 AM

I wonder if I could prove that shit is on my phone and take it into the att store telling them to waive the $3,279 fee for cancelling the contract


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#13)
SUPERBITCHIN'
 
{SALVA}'s Avatar
 
Posts: 6,638
Join Date: September 2, 2008
Location: Ombelico del Mondo
December 1, 2011, 09:03 AM

all our cyber sex is on record.


E che cazzo!
  Send a message via AIM to Send a message via AIM to {SALVA}  
Reply With Quote
Unread
  (#14)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
December 1, 2011, 09:08 AM

Quote:
Originally Posted by {SALVA} View Post
all our cyber sex is on record.
Let them watch, don't u think that'll make it more exciting for us?


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#15)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,590
Join Date: August 25, 2008
Location: Washington, D.C.
December 1, 2011, 09:09 AM

Quote:
Originally Posted by Tecknojoe View Post
I wonder if I could prove that shit is on my phone and take it into the att store telling them to waive the $3,279 fee for cancelling the contract
I think you could very easily justify this.
They sold you an insecure device and the network was violating your privacy.

Waive the ETF or face an easily winnable lawsuit. Your choice guys.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Powered by vBadvanced CMPS v3.2.3


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
vBulletin Skin developed by: vBStyles.com
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2002-2010 by DCSportbikes.net. DCSportbikes.net is owned by End of Time Studios, LLC.