Secret App Resides on Smartphones

Monday, December 5, 2011 @ 05:12 PM gHale


AT&T, Sprint, T-Mobile, HTC and Samsung said their mobile phones integrate a controversial piece of tracking software from a company called Carrier IQ.

AT&T and Sprint insisted the software solely sees use to improve wireless network performance while phone makers HTC and Samsung said they were integrating the software into their handsets only because their carrier customers were asking for it.

RELATED STORIES
Find Vulnerable Smartphones
Smartphone App Secretly Logs Usage
New Premium Trojan Ups Ante
U.S. Satellites Hacked
Rootkit, Trojan Unite

T-Mobile said it uses Carrier IQ’s software, which it described as a diagnostic tool to troubleshoot device and network performance.

“T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers’ Internet activity, nor is the tool used for marketing purposes,” the company said.

Meanwhile, several large carriers and handset makers, including Verizon, Research In Motion and Nokia, insisted that reports about their devices integrating the tool are false.

The controversy began last week when independent security researcher Trevor Eckhart published a report disclosing how Carrier IQ’s software could conduct surreptitious and highly intrusive tracking of Android and other smartphone users.

One privacy expert has a problem with the software.

“This is my worst nightmare,” said Stephen B. Wicker, Cornell University professor of Electrical and Computer Engineering at Cornell University and a researcher in wireless information networks that focuses on networking technology, law, sociology, and how regulation can affect privacy and speech rights.

“As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.

“Carrier IQ is a software program that runs on certain Android, Blackberry, and Nokia cell phones, logging certain keystrokes made by the user and reporting them to the cellular service provider. Example data includes sent and received text messages and Google searches.

“Since Carrier IQ tracks keystrokes, it has the potential to capture passwords and banking data that are normally encrypted prior to transmission through the cellular network.

“From a privacy perspective, what’s appalling is Carrier IQ runs in the background – most users will not know it’s there – and if those users do manage to detect the program, they cannot opt out.’



Leave a Reply

You must be logged in to post a comment.