You may or may not have heard about this in the past few days but Carrier IQ has been causing a storm on both sides of the pond. Carrier IQ is a company that provides analytical and diagnostic software for smartphones devices. Recently it’s been discovered it has a more “covert” function.
In November 2011, security researcher Trevor Eckhart discovered that Carrier IQ was logging information such as location without notifying users or allowing them to opt out, and that the information tracked included detailed keystroke logs, potentially violating both US Federal law and EU laws. Wiki
The program has been found on both iOS and Android devices and is hidden from the user. A video published by Trevor on youtube shows that on Android at least it’s not possible to end the program by force. It remains active in the background. The video (below) shows the transmissions the software is returning to the network and these include search terms, sms contents and keystrokes. This appears on the face of it a serious breach of privacy by either the phone manufacturers or the networks (currently they are blaming each other for the software installation). The US Senate chairman of the subcommittee on privacy, Senator Al Franken, has given Carrier IQ until December 14th to address the current privacy concerns in relation to their software. Expect the EU to follow a similar line soon enough. The current devices affected include both Android and iOS smartphones but as of yet it’s unclear if BlackBerry are definitely affected. We’ve reached out to the networks here in Ireland to see if they utilise the rootkit or not. If we hear anything we’ll let you know. If you discover the software on your device let us know too in the comments section and what network you’re with.
Update: Vodafone have stated “We do not use this technology on our customer networks in Ireland or elsewhere. The protection of our customers’ privacy is paramount and we have strict guidelines governing the technologies we deploy.We require all of our suppliers to comply in full with the strict guidelines we have in place governing the protection of privacy on all of our customer networks.” http://www.boards.ie/vbulletin/showpost.php?p=75771512&postcount=4