BUSTED! Secret app on millions of phones logs key taps • The Register (http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/)

Coles notes


TrevE Finds hidden apps in his HTC called IQ Agent and IQRD
Then connects to debugging USB mode
Realizes every keystroke and button you press is sent to a program called CarrierIQ<
He also does this in Airplane Mode, with WIFI on. Without Cell service, or 3G data
And also notices web browsing even with SSL HTTPS searches still show and get sent to CarrierIQ, and makes a video about his findings and how you cannot remove the software, its embedded in your phone from factory
He publishes video, and next day gets a cease and desist letter by CarrierIQ
Electronic Frontier Foundation back him up with their attorney and wrote a letter back
a few days later, CarrierIQ apologizes for the initial letter and realized they were wrong



https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redacted.pdf

https://www.eff.org/sites/default/files/eckhart_c%26d_response.pdf

http://informationweek.com/news/security/mobile/232200381

holy shit, makes you wonder what samsung and htc were searching for in the first place? they couldnt possibly care about which mom I fucked last night

The government...? :suspicious:

Also on blackberrys, nokias.

Not on iPhones supposedly, nor is it on Canadian phones (only US phones affected for now)

In the video posted, he never showed CIQ actually sending that information anywhere, or storing it persistently. All he showed was logcat output of what the device is doing.
At a low level, it makes sense that something has to see your key presses to send them to the browser, or whatever.

The real issue, which I don't think he adequately covered was a) is the data being sent to anyone? and b) how long is the data persisted for?

The only issue here, and I guess it's a big one, is if the logcat is persisted indefinitely, then someone can steal your phone and retrieve all the data. However, his video makes it seem like big brother is watching and stealing your data to their servers.

can confirm that keystrokes and events can be logged on blackberrys (friends that work at RIM). their prototype phones are logged/recorded.

iphones have geotagging. SUPPOSEDLY the camera can be activated remotely in the event that your phone or yourself is lost, and the camera can be used to help identify where you are, without your permission. So what's stopping Apple from accessing this whenever they deem "necessary"?

i really doubt that most of us will even actually have to worry about these types of programs in our phones.. unless your hiding something worthwhile to them lol.

Yes i realize "invasion of privacy" if you really want that then don't communicate to the outside world then cause theres always going to something..

Just remove your battery if you are making a illicit drugs and arms deal. Iphone :fuckthatshit:
Posted via RS Mobile (http://www.revscene.net/forums/announcement.php?a=228)

I don't think the argument of whether or not a cellphone user has anything to hide from he outside world is valid for their invasion of privacy, could the user choose to reject logging? Where is it stated that information are being recorded, and what do they do with them. This, in my opinion, is a very serious issue.
Posted via RS Mobile (http://www.revscene.net/forums/announcement.php?a=228)

Guess who is paying for all this hidden information? No one else but the gov.
Problem is people feel theres no need to hide because they arn't doing anything illegal, that only makes the gov take away more of your rights/freedoms.
So no bending over and saying oh well I ain't got nothing to hide will only make things worse.

only on US phones? :crazy2: guess its part of homeland security




SUPPOSEDLY the camera can be activated remotely in the event that your phone or yourself is lost, and the camera can be used to help identify where you are, without your permission. So what's stopping Apple from accessing this whenever they deem "necessary"?

cameras can be turned on as well as the mic; police can get a warrant and do that when they're listening to criminals even here

just ask dukes :troll:

or any criminal law lawyer

So here's a question; is this a native android thing, or is this carrier/provider specific? What would happen if you loaded, say...Cyanogen or another custom ROM? Would you still be stuck getting monitored?

^ some roms now actually state that they are "CIQ FREE!"
ask the dev if anything I guess

They don't do anything with the information that'll compromise your security. They just take the information for statistics such as which feature is used most often, most browsed sites for feedback/market research.

Also on blackberrys, nokias.


really? :considered: sauce? couldnt a Custom Firmware remove these hidden apps



They don't do anything with the information that'll compromise your security. They just take the information for statistics such as which feature is used most often, most browsed sites for feedback/market research.

:fuckthatshit:

So here's a question; is this a native android thing, or is this carrier/provider specific? What would happen if you loaded, say...Cyanogen or another custom ROM? Would you still be stuck getting monitored?

Custom ROMs will get around CarrierIQ. Here's a LifeHacker article on it:
Carrier IQ: How the Widespread Rootkit Can Track Everything on Your Phone, and How to Remove It (http://lifehacker.com/5863895/carrier-iq-how-the-widespread-rootkit-can-track-everything-on-your-phone-and-how-to-remove-it)

newsflash: RS cookies are also tracking you down

newsflash: RS cookies are also tracking you down

http://cdn2.knowyourmeme.com/i/000/075/873/original/Raisins_Face.jpg

I dont care if they print out the data fold paper airplanes with it and fly it up each others asses, it's still ILLEGAL.
They don't do anything with the information that'll compromise your security. They just take the information for statistics such as which feature is used most often, most browsed sites for feedback/market research.

newsflash: RS cookies are also tracking you down

Shit, you mean they can see that I'm on the Porn thread all day?

:pokerface::pokerface::pokerface::heckno:

Also on blackberrys, nokias.


nope not on Nokias; confirmed by nokia and some reputable bloggers

microsoft also says its not on their WP7 phones either

Rogers, Telus, Bell, Virgin, Fido and Videotron confirm that Carrier IQ is not present on their devices | MobileSyrup.com (http://mobilesyrup.com/2011/12/01/rogers-and-telus-confirm-that-carrier-iq-is-not-present-on-their-devices/)

If you're worried then our cellphone providers (minus WIND/Mobilicity) have stated that they are CarrierIQ free. It is most likely a States problem.

Primarily HTC phones are being attacked since TrevE does own a EVO3D which caused HTC to release a statement that they aren't responsible for CarrierIQ software being uploaded onto their phone - hence they state that the carriers are the ones who are doing it.

Anyway TrevE has uploaded an app on xda to check if you're a victim of CarrierIQ if you're really paranoid.

But there's always this option - download Cyanogenmod/MIUI and unleash the awesomeness on your phone. Both ROMs won't have CarrierIQ at all :smug:

iphone (all pre IOS5) and Rogers LG phoenix have it too, despite Rogers' claims

^ Yep
Carrier IQ found on the Rogers LG Phoenix - YouTube

mine has it, but because i'm not on the T-mobile network all network access has been cut (ie: they have the information, but it isn't going anywhere)

checked via TrevE's app

mine has it, but because i'm not on the T-mobile network all network access has been cut (ie: they have the information, but it isn't going anywhere)

checked via TrevE's app
I'm on CM7.1, did the check and nada.

HTC Panache from Mobilicity, no CIQ installed

you brah's jelly of the blackberry security?

brb major security vulnerabilities.