“It is vitally important to recognize that cellular telephony is a surveillance technology, and that unless we openly discuss this surveillance capability and craft appropriate legal and technological limits to that capability, we may lose some or all of the social benefits of this technology, as well as a significant piece of ourselves. Most people don’t understand that we’re selling our privacy to have these devices.” — Stephen Wicker, Cornell
What is startling about that statement is not what it implies, but that it gets stated so rarely, never in mainstream media, and in this instance, referring to an preinstalled Android app that runs in stealth mode without users knowledge, that it took so long to be made.
Wicker is writing about a particularly vile piece of what I call slimeware1 that has been shipped on various cell phones primarily in North America. To the best of my knowledge, it first came to light in August of this year and caused an absolute lack of concern amongst shiny junk users, who if they offered any kind of response at all, was generally along the lines of “stop being paranoid”. Wicker disagrees. From the same article –
“This is my worst nightmare,” says Stephen Wicker, a professor of electrical and computer engineering at Cornell. “As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.”
“Carrier IQ claims that the collected data is ‘anonymized.’ Let’s give this a moment’s thought — about all that it deserves. How hard would it be to ‘de-anonymize’ a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords?”
Indeed. What does a Russian kid living the good life working for the Bratva care about your identity anyway if he has your banking credentials? The company responsible for this slimeware is Carrier IQ –
Carrier IQ is the leading provider of Mobile Service Intelligence Solutions to the Wireless Industry. As the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers mobile experience.
Click to enlarge. Via http://www.cagle.com/
No shit. While logging every keystroke and movement is not unprecedented in general, it is unprecedented as a stealth default installed product, toeing the line of legality, on products purchased in good faith by consumers. Consumers are not informed of its presence, nor presented with an opt out option. The product is effectively hidden and can only be detected by folks with a fair degree of tech nous and who know what it is they are looking for in the first place. Despite protestations to the contrary from Carrier IQ, labeling this product as a trojan and a rootkit is entirely appropriate. A good overview of what Carrier IQ actually does, by Trevor Eckhart who has done most of the hardwork picking this slimeware to bits, can be read here.
What makes Carrier IQ so insidious is that it renders all of your secured communications irrelevent – it effectively hooks directly into your user processes. What this means in practice is that though your communications may be over secure and encrypted tunnels, it is listening to your data before it is encrypted, and after it arrives and is decrypted. It is capturing everything as raw, human readable text. Including all your user IDs and passwords. In plain text. Precisely what this capability has to do with improving cell network performance for consumers remains a mystery. Call me stoopid, but I can’t even begin to imagine how it could possibly be relevant.
The fallout from Eckhart’s disclosures was routine and predictable. Carrier IQ immediately initiated legal threats against him (.pdf of cease and desist letter) And just as quickly backed down when the EFF came to his aid (.pdf of response to cease and desist). This has been followed by the equally routine denials, excuses and pleas of pure innocence –
In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses.
“Our technology is not real time,” he said at the time. “It’s not constantly reporting back. It’s gathering information up and is usually transmitted in small doses.”
Coward went on to say that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers detailed information about the causes of dropped calls and other performance issues.
And the current press release (.pdf) has deceptive wording similarly pleading innocence –
“Having examined the Carrier IQ implementation, it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous,” asserts Rebecca Bace of Infidel, Inc., a respected security expert.
Note the wording – that they don’t “collect” doesn’t mean it’s not captured in real time, which is what Eckhart has demonstrated. At this point and in this version the data is briefly cached and expires.
Evidently these excuses are good enough for The Register –
More than 48 hours after a software developer posted evidence Carrier IQ monitored the key taps on more than 141 million smartphones, a company official has come forward to rebut the disturbing allegations. And he’s provided enough technical detail to convince The Register the diagnostics software doesn’t represent a privacy threat to handset owners.
Yes, Carrier IQ is a vast digital fishing net that sees geographic locations and the contents of text messages and search queries swimming inside the phones the software monitors, the company’s VP of marketing, Andrew Coward, said in an extensive interview. But except in rare circumstances, that data is dumped out of a phone’s internal memory almost as quickly as it goes in.
– but they’re simply not good enough for me. This functionality built into Carrier IQ does not simply happen by “accident”. Programmers don’t work for free. They also work from predefined project scopes. This key logging and snooping functionality exists because the project architects at Carrier IQ specified it should. Telling me that the captured data only exists briefly in a volatile cache only tells me that nothing is done with the data – YET. And the question of why this functionality has been built in has not been addressed in any way. There is no assurance a future update won’t start pumping it all back to Homeland Security or the FBI or whatever other panty sniffer that wants to pay for it. To quote Bruce Schneier –
It is poor civic hygiene to install technologies that could someday facilitate a police state.
Pleas of innocence are hollow from an industry that is absolutely amoral and more than happy to prostitute itself to anyone that has the cash. The precedents are endless. The Wall Street Journal recently wrote an article on the security industry – and how it is equally as interested in providing products that compromise private citizens’ security, and the revamped Wikileaks is publishing a far more exhaustive study. Amongst abuses of this technology by despotic regimes, there are also the additional crises of this technology facilitating the loss of confidence in certificate authorities and SSL itself. And then there is the strange saga of HBGary Federal (and much more). In fact, privacy abuse is shaping up to be the boom industry of the 21st century.
These technologies cannot be trivialised. Carrier IQ is very much a part of the diseased culture of all digital technology. These technologies facilitate the detention, torture and murder of countless individuals in places such as China, Iran and Syria, to name a few, and all uniformly, as Carrier IQ, plead innocence – and are fully aware they are not. Western investors grow fat on torture and abuse of private citizens – this industry needs far more than just the regulation that Wicker is calling for. It needs full accountability – for complicity in crimes against humanity. Real punishment for real crime. This needs to happen and it needs to happen yesterday.
1 – Surreptitious software that technically is not illegal, but functionally does nothing of benefit to the user, usually by tracking your usage patterns and movements, stealing private data, or hijacking your search and browsing results. I also refer to people who make and use this kind of software as “panty sniffers” – they know what they are doing is wrong and they go to inordinate lenghths to conceal what they are doing out of shame.
grey lining 
December 5, 2011 at 7:06 pm
Eric Blair had it sussed a long time ago.
Otherwise sane folk have been brainwashed into thinking that they simply cannot live without these geegaws, and refuse the only guaranteed privacy against the very real Big Brothers of international piracy, politley referred to by the euphemism “commercialism” (which clearly runs so-called democratic government puppets, whom we assume that we elect, in any case).
That privacy is to switch off the damn thing, and remove the batteries.
Oh, that’s right: with flashy white crApple gadgets, one (the überfashionable podgy white slacktivist is NOT PERMITTED to remove the battery!)
The Brainwashing has succeeded, Herr Shtarker!
Maxvell Shmart vill not suspect zat he iss being tracked by ze 40 ton magnet zat I have convinced him to around lug!
I am almost of the opinion that any technologically educated person who falls for this scam deserves what’s coming to them.
Their consequentially harmed friends, & relatives do not, however.
December 6, 2011 at 1:09 am
Richard Stallman has been saying the same thing for years now, long before “smart phones” even existed. His predictions regarding the dangerous road that we’re traveling have been frighteningly prophetic, also cf. DRM and his 1997 essay, “The Right to Read.”
Apple has allegedly removed Carrier IQ support from the iOS 5, but if that’s true, it was clearly only because they were caught with their hands in the cookie jar.
There may be a class action lawsuit (ibid.) as a result of this, and I think there ought to be, and since my wife uses an iPhone 4, you can be DAMN certain that I will be involved. Hopefully legal action will not only reprimand the companies involved, but also set a legal precedent. That’s not enough though: we need regulation and oversight of these companies who have shown that they cannot conduct themselves ethically without it.
December 6, 2011 at 1:22 am
There are in fact already two –
http://arstechnica.com/tech-policy/news/2011/12/carrier-iq-hit-with-privacy-lawsuits-as-more-security-researchers-weigh-in.ars
Class action is not enough. They need to be held seriously accountable. Especially the larger vendors that deal direct with despotic governments, like Cisco, Bluecoat and others. They have blood on their hands.
December 6, 2011 at 1:44 am
Oh, I very much agree. Will that happen? Of course not.
Have any links on Cisco and Bluecoat involvement with despotic governments? I’ve actually heard nothing about either, or if I have, I don’t remember…
December 6, 2011 at 1:48 am
Cisco’s been whoring to China, Bluecoat to Syria. Slashdot is the place for info.
December 6, 2011 at 2:04 am
Found it on Wikipedia too (the obvious place to look, right? heh). Thanks.
December 6, 2011 at 1:18 am
You know the worst part about all of this? I suspect that when people hear about it — like it was when I’ve mentioned that the iPhone keeps a database of latitudes and longitudes of your location periodically and sends it to Apple — the reaction will most likely be, “Who cares? I have nothing to hide. Sure, let the government spy on me, I’m not doing anything wrong!”
I HATE THAT because when others so willingly give up their own rights, they put mine at risk.
December 6, 2011 at 1:20 am
Correction: I don’t actually remember if it sent the database to Apple so I shouldn’t have said that. Regardless, it’s unnecessary data collection and an unacceptable invasion on privacy.
December 6, 2011 at 1:28 am
It all comes back to Schneier’s quote –
It is poor civic hygiene to install technologies that could someday facilitate a police state.
Just because you *can* is not justification enough to do it.
December 6, 2011 at 3:01 am
“the reaction will most likely be, “Who cares? I have nothing to hide. Sure, let the government spy on me, I’m not doing anything wrong!”
(Just like so many people I know accepted the new airport molestation techniques.)
And the problem is, “wrongdoing” is in the eye of the beholder. There are lots of legal things a person can do that can still get a person ridiculed, compromised in safety, shunned, fired, or divorced.
December 6, 2011 at 5:03 am
Wrongdoing doesn’t have to be involved at all. It’s the principle that private information on individuals should be owned and controlled only by those individuals, not by corporations and marketers, and not freely accessible to law enforcement without having to get warrant first.
Any kind of intrusion that compromises a person’s control over their own information is unacceptable period.
December 6, 2011 at 8:52 am
And the worst thing about the “not doing anything wrong? Don’t worry!” trope is that it completely ignores a rampant and pervasive problem:
Data can be faked or be in error, making it appear that you have been doing something terribly wrong!
One then has no redress whatsoever, and people will fully believe the false accusations.
No, the “if you haven’t done anything wrong” excuse is patent dangerous bullshit, ripe for exploitation.
December 6, 2011 at 10:57 am
Wait, the entire world wanted “Star Trek” and never thought about what that meant, and NOW it’s a bad thing. “Where’s Commander Data” as a useful phrase implies that you ARE TRACKING HIM.
Here’s the thing folks, none of this, none of it is magic, and most of you have let your ignorance run your lives. So now that it’s shoved in your face, NOW you’re upset.
Did you really think that Cell phones, or *any* RF transmission was not trackable? Seriously? Or that you needed some kind of special software running in the background? Um. Signal strength and azimuth precisely measured, along with multiple antennas give you that. It doesn’t matter what cell phone you have, or ham radio. If I can receive your signal in more than one place, and I have decent equipment, I can find you. Really. This shit is CENTURIES old. Just because y’all never thought about it doesn’t change that. That whole thing about it taking “time” to trace a phone call? Fantasy. DNIS and ANI take, effectively zero time.
Actually, if you’ve really good equipment, you only need one antenna. Multiples just speed that up.
People who don’t know how shit works suddenly in a panic because it’s not magic, it’s engineering amuse me. Surprise.
Some specifics:
SSL has always been a joke. Any security that relies on puffery like a “Web of trust” is not security, it is hoping for the best. What SSL has done is allowed a very small number of people to make a lot of money off of people’s ignorance. You really think your email conversation is SSL encrypted the entire path just because you have that option in your client? No. The majority of email servers only encrypt MUA to MTA. MTA to MTA is rarely encrypted for a variety of reasons, including that SSL is a fucking pain in the ass on every level, and incredibly easy to implement wrong. It’s fragile as hell, but because it has such a mythos behind it, work on potentially better solutions remains un(der)funded because hey, just use SSL.
Sigh Those places have never had any problems rounding up the inconvenient, because they monitor everything anyway, or did you think there was some, again, magical form of communication that isn’t monitorable? Letters? Analog phone calls? Telegraph?
Did it ever occur to anyone flipping out about this that the reason for so many laws about such things is precisely BECAUSE it is so easy to monitor communications. All I need is a window, a laser, and the right equipment, and I can monitor you from a block away, and you’ll never know it. I used to have to take classes in a room designed to keep what was said inside, inside, and suffice it to say none of you have the slightest clue as to how much work is involved in such things.
Then again, if you did know, it wouldn’t matter, you couldn’t afford the modifications.
-2 points for lame, and ignorant. Or did you think the only power storage in a cell phone is that battery. Or that if you only turn it on to make calls, you’re “off the grid” somehow. Spare me. If you use it, at all, you’re no better off than someone who leaves it on. If you’re getting signal and a connection, you’re trackable.
Stallman is a hypocritical mooch. He bitches about cell phones, but he sure as shit doesn’t mind using yours, mine, or anyone else’s. He just doesn’t want to own/pay for one himself. Read his speaking rider some time, he says it right there. I say, you hate the fucking things so much, don’t use them at all. But that would be inconvenient. So he just mooches off everyone around him. Classy.
Yeah, it’s not like iOS 5 was released months before this happened. Oh wait, it was. And actually, of the hardware manufacturer’s Apple’s been pretty clear on what they used Carrier IQ for, and that you had the chance to never have it turned on. Or did anyone think that “send diags back to apple/htc/verizon” message was something else. I know, you didn’t think about what that meant. Thinking’s hard. (also, keep in mind that unlike Android, the carrier has fuck all chance to mod iOS. Sometimes, open fucks you in the ass)
But here, because, supposedly, proof matters:
From http://en.wikipedia.org/wiki/IOS_5:
October 12th. Almost two months before Trevor’s posting. I didn’t know cookies were neutrino-flavored.
Apple’s statement about it:
There. The ACTUAL statement from Apple. The conspiracy fans will immediately dismiss it, but I care not for the overly paranoid. Of course that’s not a blanket denial, because that would be incorrect, there are some of their devices still using it, and “stopped supporting it” is not “it’s gone”. If you care about the details on CiQ on iOS: http://blog.chpwn.com/post/13572216737?46141d58 has some decent data
Also, there’s been a lot of discussion about Trevor Eckhart’s video amongst security experts. Synopsis at http://news.cnet.com/8301-31921_3-57336064-281/carrier-iq-verbatim-answers-from-company-exec-researchers/
I find it amusing that because he agrees with your bias, Trevor Eckhart’s statements are UNIMPEACHABLE. A single source, and bang, he’s dead on because he helps you prove your case that smartphones, (well, let’s be honest, anything from Apple) are evil.
Have *any* of you bothered to look for independent corroboration of what Trevor found? Or tried to do it yourself? WHo else besides Trevor has done a deep dive…okay, so who’s done a deep dive, (trevor really didn’t), and verified what Trevor has said?
(also did someone really say “get your info from Slashdot”????)
No, because what’s the only source of proof to date that CarrierIQ is keylogging? Trevor. Hmm. Good thing he wasn’t in an elevator. Trevor showed “keylogging” in a single application, the dialer. That’s not the same as the implication I’ve seen that CiQ is keylogging EVERYTHING. In any event, it’s a single source. A single source, by the way, who is *25*, and most of whom’s career has not been in anything even vaguely close to actual “security research”. He’s a programmer, he’s a fairly newish sysadmin, but I see nothing in his background or resume that makes him a security researcher unless anyone who knows what root is becomes a security researcher.
Looking at his background, I’m sure Trevor’s a smart guy, but would I, based on his background, and with no independent verification, automatically take his word over those of the of security experts disagreeing with him? No. Especially when some of them have been in the security field longer than Trevor’s been in computers professionally at all. In Rebecca Bace’s case, she’s been in this field damned near as long as Trevor’s been alive: http://infidel.net/page1/page2/
Experience doesn’t automatically mean correct, but again franc, you’ve based this entire post on youtube videos and articles from a single person. Really? So what makes him right and everyone else wrong?
Is Dan Rosenberg wrong? http://vulnfactory.org/blog/2011/12/05/carrieriq-the-real-story/
Some of Dan’s work: http://vulnfactory.org/research/
Now, watching the video, he’s running a USB debugger, and it looks like he’s attributing damned near everything that shows up to carrier IQ. (comments on this from the video at http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/ and Trevor’s two articles.)
Let’s be clear, I don’t think that Trevor is trying to be misleading. But I also think he’s making some mistakes, and he’s misunderstanding some of the possible whys. First, let’s look at the initial bits of the logging about 9:20 in. he’s hitting the home button, and it’s logging a few things. Trevor talks about the ui01 event, which is a keypress, but he misses the ui19 parts, which are a part of this, namely the logging of an application gaining or losing focus. Why would a carrier want to know this?
Well, let’s say you notice that every time you open an application, (pick one, it does’t really matter), while you’re on a call, the call drops. It may not be an internet application, so the CDMA v GSM features there don’t matter. Maybe you put the phone on speaker so that you could open up your contacts application and tell the caller what gramma’s new cell number is.
For that kind of problem to be fixable, you need to be able to log what is happening and when. You need to be able to see that a call is in progress, and that when the home button was pressed followed by the contacts button, the call dropped. You’d need some basic information about the calls, so that you can deal with those variables. if it’s only to an area with crappy cell reception, it might not be an application issue. But if it’s not, or it’s happening with every call regardless of location, number, or signal strength, then you have a pretty good indication that it’s the contacts application doing something screwy. When you’re talking about an uncurated platform like android, where, literally, anything is possible, you can’t make as many assumptions. So you have to log more. Unless you like sitting in your carrier’s store, having them log, there, the stuff that’s happening when you see this and hoping it happens for them, well, you have to log this crap somehow.
Do you like long tech support calls? No? Well, you gotta get that info somehow. In any event, Trevor is missing/skipping a significant chunk of the debug info that provides rather a lot of context for that ui01 logging, namely the focus switch logging. ui19 doesn’t show up when you pop that menu, because there’s been no change of focus. As to why the menu key isn’t logged, I’d hazard that because it doesn’t CHANGE anything by itself, but only makes available certain other options that would then change things, the need to specifically log menu button pushes is small, other than knowing A button was pushed. So we don’t even get a keycode.
Starting at 11:00 or so, with the power button, we hit another issue with how trevor is narrating this. He’s talking about the logging of the power button, but he doesn’t point out that the only thing iqagent gets is the ui02 event, which appears to be the power button. The other log entries, although related, can’t be assumed to be going to iqagent. Again, he’s running a low-level hardware logger. There’s going to be a ton of information logged at that level.
Getting into the “keylogging”, well, at around 11:59, he demonstrates the phone dialer. CarrierIQ logs stuff for the carrier. Aka, the phone company. The fact that the phone number or potential phone number is being logged in this context is completely unsurprising. Given that the same data is logged by the carrier in half a dozen other places, (and indeed has to be by law in rather a few jurisdictions, not just evil facist governments) none of this is surprising, or even particularly bad. If you want to log how good/bad the phone is at being a phone, you do need that kind of data.
I’ve also yet to see at this point in the video, any proof that this data has left the phone, or is even trying to. If the data never leaves the phone, except under specific situations, do I care? no, but again, I know why you’d need this shit, and yes, I would expect that given his accusations, Trevor would have better proof than I’m seeing in the video or his two articles.
Now we get into receiving an SMS message, we see some other things that seem like a problem in Trevor’s process. He talks about how you see the SMS message in plain text. OMG! Well, not really, because what’s actually logging that? It appears to be dalvikvm. What’s dalvikvm? Well, on android, it’s the java virtual machine that pretty much every java application uses. So it *has* to be able to know what the text contents of the SMS are. Note that in the video, the only things going to CIQ are part of the SMSDispatcher function. Since SMS is again, a carrier function, the fact that CIQ is watching the SMS dispatching process is completely unsurprising. As is the fact that SMS messages are not encrypted as they are passed around by various functions. Encryption has a real world cost in terms of processing and battery power. encrypting and decrypting SMS messages between every process that uses them would mean you need a boat battery for your phone. (or did you think that when you tapped on a link in a contact, that link was encrypted, sent to the browser, unencrypted and then used to provide the URL info to the browser?)
Furthermore, his “all the Carrier IQ stuff is happening before the end user even sees the SMS” is implying something nefarious that isn’t supported. The SMS dispatcher gets the SMS before the user’s inbox. Well, yes, that makes sense, just like the email server gets your email before your inbox. In fact, if you watch the screen, you can see the log of all the processes that are used to get that SMS from the dispatcher to your inbox. Is CIQ watching ALL of those? not that I’ve seen. Trevor doesn’t show that, but he seems to be implying it heavily here. Unless he shows a lot more proof, I’m inclined to say he’s mistaking chronological event order for process data ownership, an incorrect assumption on any platform.
Of course that section of the video ends there, so there’s no supporting information from him. you’re left with “Carrier IQ’s involvement with the SMS happens EVEN BEFORE THE USER SEES IT”. Well. yes. What’s your point.
On to the web browsing over wifi part. First, notice that when he says he’s googling “hello world”, nothing’s happening as he types in “hello world”. now, if CiQ is a keylogger, even a crappy one, I’d expect a flurry of log entries every time he presses a key. But it’s not happening, and again, this is supposedly live video of the debug log. He’s trying to make a case for this as a keylogger, yet he ignores the activity, or lack thereof. What, it’s only logging some keypresses “publicly”? I want proof if that’s what he’s saying. I mean, you have the URL for google, and you see a lot of al34/35 events, which are related to page renders.
So here’s one: why does trevor ignore this? he’s bitching about logging SMS activity, something CLEARLY within the carrier domain, yet he sees CiQ logging page render events on WiFi, and that doesn’t even get a raised eyebrow? That one bothers me more than the SMS crap, because the need for CiQ to log ANY of that on WiFi is pretty damned weak. I don’t know about the phone he’s using, it might use a more integrated chipset than the iPhone, but on the iPhone 4S, WiFi/Bluetooth goes through a BroadCom BCM4330, whereas the Cellular chipset is a Qualcomm MDM6610, (source: http://www.anandtech.com/show/4971/apple-iphone-4s-review-att-verizon/). If the phone he’s using has a similar architecture, (and I see no reason why it wouldn’t), then WiFi has a different radio, and different antenna. So why does CiQ log anything about wifi data, especially when the cell components are in airplane mode?
THAT is something that strikes me as wrong, and trevor completely blows it off!
He hits submit, and you see a gob of ui01, aka keypress events zip by, (i had to screencap parts of the movie, youtube’s controls blow). Those don’t even get a comment from trevor, but there’s nothing to them. You know *a* key was pressed but not which one. Again, that’s pretty useless keylogging if you ask me. Telling me bob pressed 34567 keys but not which ones they were is of little value.
Could it be logging more information elsewhere? Sure, but all we have to go on is the data in this video, and so far, it’s not proved any “logging” outside of the phone dialer application.
Same thing with his google search statement. The problem is, where is it capturing the data? How does the browser on the phone actually use SSL? Is it internally, or does it pass data to an SSL function that then handles the (de)encryption for it? Either is possible, I don’t know how Android handles this. But he doesn’t say EITHER. He shows you a plain text string with NO context and uses that as proof that CiQ is “breaking” SSL. He’s shown you nothing of the sort, because we don’t know where CiQ is getting that data, or that the log data in question is even GOING to CiQ. It is entirely possible to get that data from the application without “breaking” SSL, because SSL is only supposed to be involved with, in this usage, encrypting things between my computer and google. I don’t necessarily want the data I’m seeing on the device encrypted as it’s sent to the screen from the browser. Once it’s on the device, why would I encrypt inter-process communication? In an EXTREMELY high-security situation, sure, but for general use? Not worth the resource cost.
So the video has some issues. Let’s look at his articles. First, his definition of “application” is pure bullshit. No, every application/process does not need to have:
Nonsense. By that designation, an ssh daemon, or really, ANY daemon corrupts “operating system functionality”. It doesn’t have any of those things, yet Android would be rather useless without them. I also have issue with this:
Well, no. You may have quit that instance, and then it was restarted. For example, on all my servers, I have snmpd running. I can force-quit/kill snmpd all the day long, and it won’t appear to have quit, because the OS has a setting that says “ALWAYS keep snmpd running. So if it quits, it’s instantly restarted. The only way you can tell it’s restarting is the pid increments every time.
In none of his video does trevor show any proof this isn’t the case. He doesn’t show the pid changing, none of it. He just shows that it never goes away as proof of some sort of nefariousness. It’s nothing of the sort. Keeping daemons running is a well-known trick on every platform. (The fact it’s called “IQRD” suggests that it is a daemon, since Android is a Unix/Linux-based OS, and it is traditional in that environment to have the last letter of a daemon’s executable be “d” or “D”.
Trevor states that Carrier IQ is therefore, because of IQRD, violating their own privacy policy. Well, maybe. Does the carrier/manufacturer of the device give you the option to opt out of that kind of data collection, as Apple does on a new iOS 5 install? There you go. The end user is involved. What Trevor wants is for Carrier to have a more specific option that references them as a company. Trevor doesn’t work with the technically non-astute if he thinks that would mean anything.
Trevor is freaking out about CiQ in a way he wouldn’t even blink about any other daemon in Unix, even though the behavior he describes is common to quite a few. (really. Do most people know what kextd does? no. Yet it’s in the Mac OS EVERYWHERE. If you remove it, you don’t have a functional computer. OMG, EVIL. Well, if you don’t know how things work, yes.)
It doesn’t help that he’s kind of full of shit in quite a few places:
Unless you have a worldphone, like the iPhone 4S and a few others, in which case, yes, you have a SIM card. Or you have a newer Verizon USB card, which is CDMA, but also includes GSM functionality for when you take it overseas. If you have an LTE phone, aka 4G on Verizon, you have a SIM card. a “pure” CDMA smartphone is not always the case. But he doesn’t even allow for that. Or this bit of technodweeb:
Tech freaks yes. The average non-technical person? No, they aren’t. They’re buying a phone to be a PHONE.
It’s also pretty obvious that while trevor means well, he’s neither an expert about Linux, Security, Android OS, or anything else. Seriously:
Security experts know what that is. It’s part of being a security EXPERT, yet he shows he really doesn’t know what the hell it is. May be sensitive, may not be, Trevor doesn’t know. He states that carrierIQ is ‘integrated’ into the Android browser, sans any proof but the statement “from:com.android.browser”, yet shows us NOTHING else that actually PROVES that. It looks to me he’s making some serious assumptions about how the android browser, and interapplication communications work, yet not proving any of his statements.
It also looks like he has some real issues with the OSI networking model and where different things work. For example, SSL normally works at layers 6-4 of the OSI model, yet the application itself, the browser, sits OUTSIDE of all of that. Now, it is possible to use SSL within the application, i.e. digital signing and encryption in email applications, PDF signing and encryption in Acrobat, but where’s the proof of where SSL lives within the android browser? No where. Trevor never shows that, and it’s really quite important for his assertions that CIQ is broaching SSL.
He makes a lot of claims about CiQ with little to no proof. He’s conflating debugging data with keylogging, and I’m not sure he knows how TCP/IP networks really work except at a rather superficial level.
He claims Carrier IQ is remotely controlled, but he never specifies what he means by that, or how that happens. (“remotely controlled” is frighteningly vague the way trevor uses it)
He claims it is a keylogger, yet even in his own video, we see that not happening. You can’t have it both ways, unless it is, by its own admission, only logging the value of certain keys pressed in a specific context, which he DOES show, and in that case, it’s a shitty keylogger in the OMG BANK DATA sense.
Note that again, just showing a key was pressed is not keylogging, that’s UI action logging, which CiQ does all over the place. You really have to have a way to track what key was pressed for what value, (in a software keyboard, where a “key” can have multiple values, it’s important.) Otherwise, you’re not a keylogger, you’re just noting something happened in the UI. That’s about as dangerous as me noting you’re breathing.
He makes a scary sounding vague claim about CiQ and SSL, yet provides essentially no useful data to support that claim, and to me at least, comes across as somewhat ignorant of low-level networking functionality. (This is sadly common in the sysadmin world. I’ve taught far too many classes on OSI et al to think otherwise.)
His desire for more info on how manufacturers and carriers use CiQ is good and correct, but SO much of what he says has real issues, and again, He’s the ONLY source referenced here. That’s not proper. I don’t think the kid is being misleading here, not on any level. I think he’s completely sincere. I also think there’s a lot he doesn’t really know, and it’s leading him down strange paths.
In addition, much of the reporting on this is complete crap. Like this bit from wired:
David Kravets doesn’t seem to actually know what SSL does or how it works. But hey, people who know how things work don’t come cheap.
Also this:
Is not quite right. Apple, among others, does give you the option to shut off Carrier IQ functionality in their devices where it exists. That may not be ENOUGH opt out for you, but it is in fact, an opt out. The question is, is it enough and can you explain this in a correct fashion to the technologically ignorant? neither are easily answered. Which is why I’m happy about actual public inquiry here. It moves things out into the open.
Other tidbits:
Even a moment’s pondering would give one the insight that location conveniences have certain requirements.
Those may be too much for you, they aren’t for me, and I understand this shit at a lower level than most.
See here’s the thing: I want this shit publicized and regulated. I don’t mind things like databases of cell towers and the like, but I want the creation and uses of those databases publicized and (hopefully) reasonably regulated. I understand that for me to be able to find my phone remotely, (and hopefully me too, esp. if I’ve had an accident on a remote road and am unconscious), that certain functions *have* to happen. Unless you want your phone constantly updating location information when you fire up a map application, and having to always download all information because caching is “evil”, and your battery life suffering, shit taking forever if you have crappy signal, well, you need some local caching. That’s unavoidable. Caching is a good thing in general, but like every tool it can be abused.
Logging and diag tools are, when you think about it, frightening. I use stuff daily that would flip rather a lot of you out, and if used for evil, would be really quite scary, (and regularly are. You don’t know how active some of those bastards are, and you’re happier for it. Read Brian Krebs sometime.)
Nothing in any of that video or trevor’s two articles are scary *in and of themselve*, but I would like to see the carriers et al be FAR more clear about how they use this data, what they are specifically collecting, etc. I also really wish Trevor wasn’t being so categorical in his conclusions, I don’t think he’s correct in some of his base assumptions. I’m glad people care about this now, but Trevor isn’t doing anyone a lot of favors here by inadvertently being wrong.
as far as the rest, well, guess what folks: again, engineering, not magic. You want certain features, certain things kind of have to happen. You like being able to know how far you are from a gas station when the needle’s bouncing on ‘E’ and you don’t want to wait for the real time it would take to download all that new every time, you have to live with a certain amount of caching. None of this is magic, and it’s only people thinking it is that is freaking them out now.
December 6, 2011 at 1:34 pm
Wow. What a dissertation. I think I made myself clear in my opening line –
My surprise is that there is such a lack of surprise at what is a constant problem as old as digital communication. Why are these issues never raised? It is absolutely nothing new – CIQ just happened to have been outed in this instance, and yes, they are only the tip of the iceberg.
Second issue is that not one person has ever addressed the reasoning for harvesting this data when it is, as they claim, never used and utterly irrelevant for cell network troubleshooting. There is absolutely no justification for building this functionality into the product. The ONLY reasoning is that it is ready built for a future update to relay the data to whoever pays for it. This is in every respect the same type of malware as the German police trojan from a while ago.
CIQ is just a recent item that highlights how THE ENTIRE industry operates – completely amorally. They are abusing technology because social and legal controls simply do not exist, or where they do, are lagging decades behind. CIQ is just a very neat example to highlight the issues for an apathetic general public that is allowing this to happen. I am not claiming I am breaking new ground here – but I am hoping to educate at least someone who has ignored this type of shit as “trivial”.
December 6, 2011 at 1:43 pm
There is also the tertiary issue of actual malware writers. It is relatively trivial to make something that scans the flash cache for interesting data, such as bank logins, and forward them. The hard part of capturing the data has already been done by CIQ.
December 6, 2011 at 3:42 pm
Also, a point I shamefully failed to address…
CIQ is just a recent item that highlights how THE ENTIRE industry operates – completely amorally.
This. The technology industry, and especially software, has never had any concern for the social consequences of its actions and it ought to.
December 6, 2011 at 2:13 pm
Mmm… You feel passionate about it, I see!
I had problems only with one minor point:
There are some types that are not trackable, not in any practical real-time sense at least.
Spread-spectrum pseudo-random frequency-hopping, as used by sophisticated military forces.
Ask for it by name.
Invented by a female no less. And an actress as well!
Hedy Lamarr.
December 10, 2011 at 1:00 pm
spread-spectrum is overrated, and not designed to prevent tracking anyway, but rather reading information. Frequency hopping can help, but not at the really tiny freq ranges we’re talking about here. The entire cell spectrum is not that wide, and everyone knows what it is. Freq hopping when I know your entire range does you zero good.
One of the best rules of ECM is “if you transmit, someone can find you”. that’s why passive stealth is a much better option. If you transmit at all, you’ve given someone all they need to find you.
December 7, 2011 at 9:23 am
whee
you go JCW!
It is an endless point of contention for Franc that I am quite happy with my mac laptop, and my iPhone. I just answer “yes, dear, I’m an itard” now. It just makes life easier.
December 7, 2011 at 12:46 pm
Give me convenience or give me death!
— The Dead Kennedy’s
Pumpkin, it is your kind of unquestioning and servile contentment that enables this kind of tech abuse. Shiny junk is like a morphine drip.
December 7, 2011 at 1:35 pm
I’ll take the morphine drip as well.
December 7, 2011 at 8:09 pm
It is no such thing!
I absolutely required a morphine drip after my CVA.
Morphine is literally life-saving.
Gadgets are not.
Got addicted? Inevitably and certainly.
But gave it up when it no longer served its very functional life-saving purpose.
December 10, 2011 at 1:02 pm
It’s not life-saving until it is. When you’re on a lonely road with a dead car in shit weather, and your only contact to help and safety is a cell phone, well, all of a sudden, it’s not such wasteful crap.
ELT’s on boats and airplanes are absolutely wasteful until you need them. Then not so much.
However, none of this is the problem of the technology. People being overly into their toys is nothing new, but every generation thinks it is.
December 6, 2011 at 3:40 pm
JCW, there is no way on earth I’m going to get even close to responding to such a massive comment (U DDOSER!). The short version is that in the end, I want to be assured that I own my data, and only I control who gets to see it. In our current environment, that is simply not the case.
Long version…
Yeah, it’s not like iOS 5 was released months before this happened. Oh wait, it was. And actually, of the hardware manufacturer’s Apple’s been pretty clear on what they used Carrier IQ for, and that you had the chance to never have it turned on.
And certainly it’s not like iOS 3 and iOS 4 had Carrier IQ hooks in it. Oh, but they did…
You say that Apple was pretty clear on how they used Carrier IQ. Why the hell should I trust Apple at its word? Nobody outside of Apple can analyze their source code to see how it works, so their claims are unverifiable. Only a fool would be so trusting.
Stallman is a hypocritical mooch. He bitches about cell phones, but he sure as shit doesn’t mind using yours, mine, or anyone else’s. He just doesn’t want to own/pay for one himself.
I don’t think it’s “mooching” to use someone else’s cell phone if they let you do so even if it’s because you choose not to own one, but that’s not interesting to me. What I want to know is how does that make him wrong?
Apple, among others, does give you the option to shut off Carrier IQ functionality in their devices where it exists. That may not be ENOUGH opt out for you, but it is in fact, an opt out.
Unacceptable. The opt-out should instead be an opt-in.
Even a moment’s pondering would give one the insight that location conveniences have certain requirements. […] You want certain features, certain things kind of have to happen. […] you have to live with a certain amount of caching.
This would be acceptable if one could be confident that his data is not being sent off to third parties just because it can be. That isn’t the case. I’ve no reason to trust Apple or any other mobile service provider. Given their track record, I do not trust them and I think those that do are either naïve or foolish.
I’m satisfied to sacrifice conveniences for control. Until I no longer have to choose between the two, I’m more than happy simply asking for directions if I need to find the nearest gas station.
December 6, 2011 at 4:05 pm
The obvious solution, and therefore one that will never be considered, is to treat personal information as personal property. Equate the theft of such data, including geolocation data, to theft of property. I certainly consider my personal data to be something I, and I alone, should own and decide who I divulge it to. Which is no one.
All of this is a perverse inversion. Corporations and governments in theory are supposed to work for us. As such, we are the ones that should have absolute privacy and they absolute transparency. This is flipped on its head – they feel entitled to rummage through our panty drawers on a whim, whilst concealing everything from us in return. This is what is pretty much at the root of all problems in what we label the first world.
December 6, 2011 at 4:37 pm
I mostly agree, (for that is worth), but may I add some nuance to the “personal information as personal property” semi-trope?
I think that it is a “largish” exaggeration.
In many circumstances, the personal nature of information is, both intrinsically and often extrinsically, diminished to the point where it becomes public, or at least available for reasonable restricted public release, without explicit consent. (As that consent is implicit).
Examples: One’s electoral roll info. Which includes one’s residential address.
Or village gossip about one having been seen at the pub on Thursday night frantically avoiding a Ms. Watson.
Or one’s phone number in the old telephone directory.
Even the “invite to treat” fully-legal invitation of one having a visible door-bell, or a postal slot or knocker on one’s front door is an implicit and well-recognised revocation of specific rights to privacy, especially that of trespass.
Such it has been since time-immemorial, and has little to do with technology, save that gadgets have multiplied such implicit consent and revocation of rights far more ubiquitously than previously, and rendered manifest a long-standing problem as becoming intolerable to such perspicacious, robustly vocal and intelligent individuals such as yourself.
December 10, 2011 at 1:12 pm
how many years of experience with low-level iOS internals, ObjC, and ARM assembly do you have? I can hand you all the source to everything i’ve written. If you don’t know how to program, or know the language, it is precisely useless to you. At that point, you have to rely on someone ELSE to tell you what’s really going on, and now, you’re blindly trusting them. That’s assuming you got the ACTUAL source used in the device, which you can’t prove anyway. So even if you have the source, it proves nothing, because you can’t prove that’s used in the build process. Isn’t conspiracy theory fun!
Um, dude? Asking someone to use their cellphone because you won’t own one yourself? That’s mooching. They may have no problem with you doing that, but it’s still mooching. Really. Assenting to said mooching does not make it not mooching. by that token, begging for money isn’t begging if the person you ask agrees to give you some.
Also, when you rail against cell phones, and say how owning one is stupid, and wrong, but then you go ahead and mooch off someone else’s bill, it most certainly is mooching, and hypocritical as fuck. “Hey, lemme use your phone” “Fuck you, get your own” “Cell phones are evil” “Yet, mine, which you aren’t paying for and I am, is oddly not so evil. Again, fuck you, get your own.”
Care to bet how long it would take the dipshit to get one if people stopped enabling the mooching?
It IS opt-in. That shit isn’t turned on by default in iOS. You have to tap the screen to turn it on. Congratulations, they’ve done as you asked.
That’s certainly your option, but I’m not wrong for using a different method, even if you dislike it.
December 11, 2011 at 12:34 pm
If you don’t know how to program, or know the language, it [the source code] is precisely useless to you.
Weak. Just because we don’t understand certain code or literature ourselves doesn’t mean we should be forbidden from reading it.
That’s assuming you got the ACTUAL source used in the device, which you can’t prove anyway.
Nonsense. If it compiles, runs on the device, and works the same way, then it is most likely the same code. If the source code lacks the malicious features allegedly compiled into the binary version, then that’s even better. If you run into one unethical person who distributes binaries containing malicious features, then you have the choice of finding another person or compiling from source. All of these checks and balances are very much missing from Apple, who is the only distributor of their software and hardware.
It seems that no matter how you spin it, open source / free software is better than proprietary. The only thing you can argue is the quality of proprietary software exceeds that of open source, but there are reasons for that.
Also, when you rail against cell phones, and say how owning one is stupid, and wrong, but then you go ahead and mooch off someone else’s bill, it most certainly is mooching, and hypocritical as fuck.
I pretty much get that you don’t like Stallman, once again I find that completely uninteresting. You’ve failed to illustrate how being a hypocritical mooch — a point which you’ve unconvincingly repeated — makes him wrong about DRM and the unethical treatment of users by large companies like Apple and Microsoft.
It IS opt-in. That shit isn’t turned on by default in iOS.
Good, then don’t say opt-out when you mean opt-in.
That’s certainly your option, but I’m not wrong for using a different method, even if you dislike it.
Let’s not forget that I have said nothing along those lines. I will say, though, that just because you’re defensive of your shiny toys doesn’t mean I can’t think it’s retarded to own one, and it doesn’t mean I can’t think it’s unethical for companies like Apple to collect its users’ data.
December 11, 2011 at 12:49 pm
Since you keep railing on about technical requirements, if it’s technically required to collect my data behind the scenes and without my knowledge, then the feature shouldn’t be included (and if it is, then it should be possible to completely remove it). If neither is the case, then I won’t use it, and I will recommend that others not use it either. It should be perfectly obvious that if they foolishly decide to anyway, then they do so at their own peril.
I do go to further extremes than lots of people, I recognize that, but I am right.
December 6, 2011 at 6:19 pm
Dan Rosenberg has done some more dissection and his conclusions are for the most part the same as what I have written here. Major difference is that he shifts blame more to HTC than CIQ.
http://vulnfactory.org/blog/2011/12/05/carrieriq-the-real-story/
December 7, 2011 at 7:45 am
I’m going to go ahead and assert my self into this little group you seem to have going. I find your posts intriguing, which is a rarity for me, and a feeling I have learned to trust. Not that I have anything of import to add to this particular post that hasn’t already been stated, I just felt you may appreciate the knowledge that your efforts are not in vain. It’s refreshing to be reminded that insanity is subjective, and I am not the only one who abstains from the ideology that simply because I have nothing to hide means that there is no reason to hide it. Our civil liberties are slowly succumbing to political assassination, and information must be spread quickly before the ndaa enforcement bureau starts feeding us our nut sacks with cheers and patriotism.
December 8, 2011 at 12:43 pm
Mr. Hoggle,
I’m actually a computer security engineer/researcher by trade. Prior to the Apple GPS tracking thing I caught google doing something similar with google maps. Specifically, they get their local traffic data by crowd sourcing Android phones. And there is no opt-out short of turning off location services.
I was pretty proud of myself until I found a google blog post from a few months prior detailing exactly what they were doing. Either nobody noticed or nobody cared. Such is life.
Anyway, the CarrierIQ thing has been tremendously overblown. It’s not a rootkit, trojan or malware. Its just a piece of QA software for logging system calls on the phone. As mentioned by John C. Welsh, it looks like its logging keyboard events vs. actual keystrokes.
I would be (am actually) more worried about real malware from malicious third parties, which we are already seeing.
The general feeling in the security community is that if you don’t want to carry around a GPS tracker in your pocket, don’t do it. Sounds like you made that choice, which is of course fine.
I personally walk a bit of a fine line here; as while I do have a Droid phone and use google services, I keep my sensitive stuff separate. And I’ve come to the conclusion I don’t really care that much if google knows where I am (for the time being at least).
December 8, 2011 at 1:55 pm
Not a single thing you said justifies collecting the data. We’re talking about ethics. The practice is unethical — it infringes on the user’s human rights for no good reason — and neither apathy nor the general feeling of security professionals changes that.
December 10, 2011 at 1:22 pm
if you want location services in any usable format on a phone, that data has to be collected in some fashion. It’s a requirement.
if you want to be able to use a GPS, the system has to know where you are. That’s not optional. If you want to be able to cache maps, and use them, well, then that’s more data that HAS to be known.
The problem isn’t the collection, that’s a technical requirement, and if you actually look at what’s going on rather than getting all screamy, you see the kid is making some unsupported conclusions. The problem is that because people get all screamy about things, the companies involved see an advantage to telling their customers as little as possible. Have you ever tried to explain technical issues to a non-technical person who’s angry and upset over a non-issue that they read about in an unverified email chain?
I have to do that regularly. After a while, you stop explaining anything, and get them calmed down and out of your face in whatever way will work the fastest, because they DON’T CARE. They want to hear you’re DOING SOMETHING, and that the PROBLEM WILL BE FIXED. Lying becomes a great tool here. You hate it, because lying sucks, but so does getting yelled at about fantasy bullshit.
So what needs to happen:
1) Hire writers and people who can communicate to explain this shit properly in a way that doesn’t freak people out. (this will not work entirely, but it’s always worth the effort)
2) Start allowing user agreements to be written plainly and simply. Legalese is confusing, but it is highly precise. Plain and simple is both less confusing and less precise. But, in a litigious society, covering your ass is not exactly stupid. This step will take some actual laws. Which creates a high chance of fucking it all up, but it’s worth a shot. Encourage companies to make it easy to see what kind of data is being sent back with “error reporting”, rather than encouraging them to write it all in legalese.
3) Calm the fuck down and learn something. People know more about their fucking cars than their cell phones, but they use their cars a hell of a lot less. A bit of effort spent learning about this shit avoids a lot of problems.
December 10, 2011 at 1:33 pm
Oh, even something as seemingly innocuous as a magnetic compass also enables tracking. Yes, the kid overreacted – he’s trying to make a name for himself. But I return to the issue I raised, it’s not that it happens, it’s that it never gets the level of public discussion it should. All of this tech should be clear and transparent to the user – and most importantly, disabling this function should not be concealed. It is a runaway train and it does need more awareness.
December 8, 2011 at 1:57 pm
Look I agree with both you and John. It is overblown, but it has made some noise. I repeat what I opened the post with – “What is startling about that statement is not what it implies, but that it gets stated so rarely, never in mainstream media”. The Apple overview is here, and it’s just as slimy.
The greatest cause of concern is not the technology itself, but public ignorance, apathy and disinterest. The danger lies in this stuff being “normalised” and therefore “acceptable”.
it looks like its logging keyboard events vs. actual keystrokes.
And repeating again, why is this functionality there in the first place? There is *no* justification and the coders would have to have been specifically *told* to build that in by CIQ management. Am I paranoid or you naive? Once the function is there, it would be routine to provide an update to pump data – guaranteed kickback from DHS no doubt, and the real intent.
Do I worry too much, or you too little? I have no faith in the good intentions of any industry, let alone the telecoms.
December 8, 2011 at 3:01 pm
Franc said:
“The greatest cause of concern is not the technology itself, but public ignorance, apathy and disinterest. The danger lies in this stuff being ‘normalised’ and therefore ‘acceptable'”.
This is, I think, the most important point. And there are many examples of this kind of slippery slope thing actually happening all the way from the shiny world of high tech to the middens of low fashion.
As for the fashion thing, how many folks here remember back in the 60s and 70s when the Whole Earth catalogue was alive, and the general meme, so to speak, amongst critical thinkers, intellectuals, and the grand domain of the hip and cool was to frown down on most forms of advertising, especially vanity lifestyle bullshit advertsiing?
Well now, and for the last couple of decades, a vast swath of the Western world wouldn’t be caught dead without carrying around all sorts of free advertising pimping for the companies that make their clothes, guide their lifestyles, and enslave workers all across the planet.
Yes I know, that seems like an off-topic rant, but it isn’t really.
The manufacturers of tech, and the sycophantic snakes-in-the-grass who virally pimp every little thing they stand for (except the base truth that they are little more than profit manufactories) like Wired magazine have sold us all out and have brainwashed massive portions of the world into thinking that they really and truly cannot get through the day without accessing tinkertoy tech.
December 10, 2011 at 1:37 pm
Well for one, the kid was using a really low level USB logger. If you’re logging USB events, you’re going to see everything. It’s fairly obvious he was making some bad assumptions about what CIQ was logging, esp. wrt. SMS.
Secondly, a lot of this depends on the OS, and the way it’s set up. Android is BASED on Linux, but IIRC, there’s some heavy forking going on. If you need to monitor keypresses in a specific context, you’re kind of reliant on the OS facilities for how fine-grained you can be. For example, since CiQ is used by carriers, knowing about dialing and what is dialed make some sense. When you’re dealing with call quality, the phone number is somewhat important. So, you want to know about that.
HOW you know about that can get complicated, and again, the kid doesn’t seem to think about that in the video. For example, does Android have “dialer” keypress events, or are they keypress events that happen in the dialer and there’s additional data passed along to identify that? In once case, CiQ can ignore everything but dialer keypress events, in the other, it has to trap all keypress events, then look to see where they originated and toss them if not the dialer.
I honestly don’t know how Android handles this, but it wouldn’t suprise me if it were the latter. Keep in mind that a consequence of Android being “open”, (that’s a different argument for another time) is that you can’t assume things. On iOS, because of how Apple controls things, you get to make assumptions. You don’t have to (normally) worry about random replacement dialers, carrier junk, etc. So, you can get away with things that you can’t in Android. (the exception of course, is jailbreaking, but I think you’re a bit of an idiot of you try to factor THAT into your iOS code.)
So without knowing how Android’s event and notification mechanisms work, (and Trevor CERTAINLY didn’t talk about it), we don’t know that CiQ has other options, or that if it does, those other options don’t have greater costs in terms of resource usage, (a huge concern on handhelds.)
That’s my biggest problem with the video and the articles. There’s no context, no depth, no *explanation*. Just a lot of “OMG!”, and a lot of it is not correct.
December 9, 2011 at 1:58 pm
Gentlemen,
All this software does is log system events to assist with QA. Meaning if there is a problem with some software on the phone they have a log of what may have triggered the issue. See this article for more info:
http://www.networkworld.com/news/2011/120711-carrier-iq-253845.html
If you are familiar with software development, its something akin to a debugger. Or the diagnostic computer in your car. There nothing nefarious or even particularly interesting about it.
Trever Eckhart is just a dingleberry sys admin, not a security researcher. Carrier IQ is totally justified in suing his ass.
re: computer security in general, I’ll suggest reading Ken Thompson’s excellent paper “Reflections on Trusting Trust”
http://cm.bell-labs.com/who/ken/trust.html
The conclusion is that you can’t trust code you didn’t write yourself.
But I heartily agree that the general lack of interest re: security and privacy issues by the general public is appalling. But its good job security for people like me.
December 9, 2011 at 2:14 pm
Opinions vary. FYI –
http://www.xda-developers.com/android/what-people-arent-saying-about-carrier-iq-xda-tv/
It’s its potential that is a worry – and the fact it is concealed to the extent it is. As for security, working with antivirus for so long I am also concerned why it has not tripped heuristic triggers. Far less invasive applets do. Ruminating on why this is so is heading into tinfoil hat territory.
December 9, 2011 at 2:47 pm
Speaking of av, this just popped up in a newsfeed. Gives two sides –
http://www.theregister.co.uk/2011/12/08/carrier_iq_android_detection/
December 9, 2011 at 2:52 pm
Claiming that the software could be configured to log keystrokes is somewhat silly. That’s true for any software that deals with user input.
I think the software is embedded in the firmware of the phone and isn’t a Java app, so the Android AV stuff won’t detect it.
December 9, 2011 at 3:17 pm
I think the software is embedded in the firmware of the phone and isn’t a Java app, so the Android AV stuff won’t detect it.
Which qualifies is as a rootkit –
It *is* pretty deeply hidden, and without a high degree of know-how, not easy to kill.
December 10, 2011 at 1:39 pm
I seriously doubt this is a rootkit. By that definition, all hardware drivers are rootkits. This is no more a rootkit than your keyboard driver is, and I can tell you which one captures more information.
December 10, 2011 at 1:41 pm
I’m glad the Reg talked to AV companies, but they’re pretty clear in why they don’t key on CiQ: *It’s not malware*. “I don’t like that’ does not make it malware. It makes it something you don’t like.
December 9, 2011 at 3:12 pm
I’m somewhat of a stickler for definitions. I haven’t seen any evidence to date that this software is malicious, so there is no reason AV should detect it as malware or even spyware.
We pull machines infected with TDSS off our network every single day. There is enough bad stuff out there already, we don’t need to making stuff up.
http://en.wikipedia.org/wiki/TDSS
December 9, 2011 at 3:34 pm
I’m not arguing with you. All I started out saying was that av heuristics generally warn you of apps for less than what CIQ does. Remember that is behavioural, and not pattern, detection. ROM emulators are a good example.
July 2, 2014 at 1:06 am
Thanks for finally writing about >Shiny Junk For Retards
| grey lining <Liked it!