Carrier IQ Spyware Discovered in Millions of Phones

[del35]

I don't text. Hardly email. Don't have a facebook account or twitter. There are very few pictures of me in existance.

That may be the case. The problem is that all your passwords are out there. Someone you did not authorized has access to your personal information. If you locked up a picture of you and your partner being intimated somewhere on the web, or in your phone, your phone carrier has access to it and could release the information without your consent. This is quite disturbing indeed as everyone using these devices is opening themselves up to being blackmailed. I want out of my contract with my carrier, or I want CIQ out of my phone.

 

[omaudio]

I don't get it- you can get rid of it by rooting but then you can only use his app to see if it is there if your droid is rooted??
"Android device owners can check to see if Carrier IQ is installed on their device (despite what carriers and manufacturers may say) by downloading this app developed by Eckhart. Unfortunately, it only works on rooted devices."

 

[maddad]

The company that makes the software is not at fault here. If the OEM's are installing this software on their phones, they are the ones who should be sued!

 

[NotANerd]

Color me not surprised. Yet another good reason to not have a cell phone.
My sister, however, is going to crap her pants.

 

[keyanf]

I guess I can add "doesn't have a rootkit" after it costing and weighing a fraction of a smart phone, being more durable and having a longer battery to the list of reasons I have an "outdated" phone.

 

[fixxxer113]

"The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling."

What he meant was: "I THOUGHT WE WERE IN CHARGE OF THAT!!"

 

[cumi2k4]

oh this is going to get nasty....somebody pass the popcorn please

 

[zybch]

[citation][nom]bystander[/nom]While I don't have anything against MS, and like a lot of their stuff, I'm not as sure as you are that it doesn't exist as it's not the manufacturers that are adding this functionality, it's the carriers.
I have a rooted android, hopefully that keeps me safe for now.[/citation]

Fingers crossed, but its probably a good idea to make sure that CIQ service isn't running (just because a device is rooted won't give automatic CIQ-free status).
As I understand it, MS have their own tools in the OS used for collecting info about misbehaving apps and device crashes which ONLY record the relevant stuff and anonymize that info anyway so their OEMs have no need to use Carrier IQ spyware.
I certainly trust them a lot more than the likes of Google or Apple who have both proven that they cannot be trusted with their customers' data (google with its wifi and search stuff, and apple with the location data and other stuff it makes its devices collect and upload to them for god knows what purpose).

 

[bin1127]

Is it really that hard to just provide a phone service without invading the privacy of your customers? We who use cell phones are not terrorists or criminals. Why u do dat tapping man?

 

[Guest]

At first reading this I was like "wooah... Verizon can see my bank account log-in??"

... but then I realized they already rob me blind once per month anyways, so they probably aren't interested in the log-in for my empty bank account anyways.

 

[TeraMedia]

I'm not worried about a carrier knowing where I am, because they already have full ability to figure that out to within a few hundred feet anyway. That's merely a hazard of using a cell phone.

But what if I use my phone for online banking? Or for internet-based credit card transactions? If these guys are intercepting the https requests before the SSL encrypts them, then they're defeating internet security as well as any trojan key logger could ever hope to. The question I have is, how much of the data we saw in TrevE's logs gets sent to the carriers (and how often), and how much is simply overwritten as log files rotate? This is a serious amount of sensitive data.

I say take the data thieves to some country that upholds the old "steal a loaf; lose your hand" types of laws, and see how well they can pull off this kind of crap with just one hand. If CarrierIQ is on phones in the US, you know it's elsewhere too, so it's bound to be in such a location as well.

 

[shanky887614]

im in the clear with this


my smrtphone - zte blade

has been running custom firmware with a custom kernel since the day i took it out the box it came in


i think i only had it on ofw for about 2hours

 

[COLGeek]

Lots of "noise" and misinformation on this subject in the news. Really nothing here folks.

 

[guruofchem]

I feel so much better knowing that our chief spear-carrier in the Senate is Al Franken...

 

[Niva]

Wow this is a huge precedent, I hope they cream this company and break it off in the carriers who allowed this to happen. Wiretapping charge sounds about right. If anything else, such as personal data or passwords are transferred it's insane.

Maybe next time the carriers decide to do this, they'll think twice.

So frustrating...

 

[K2N hater]

[citation][nom]bin1127[/nom]Is it really that hard to just provide a phone service without invading the privacy of your customers? We who use cell phones are not terrorists or criminals. Why u do dat tapping man?[/citation]
Don't be ingenuous. It has nothing to do with tracking criminals or protecting you from irrational terror. It's all about profits with selling all the data and power.
[citation][nom]Teramedia[/nom]If these guys are intercepting the https requests before the SSL encrypts them, then they're defeating internet security as well as any trojan key logger could ever hope to.[/citation]
What prevents them from doing so?

 

[eddieroolz]

This is extremely worrying news. And unlike most malware that's been discussed recently, this is not Android-exclusive, which worries me even further. This is a direct and utter contravention of almost every privacy laws in place in developed economies...

 

[captaincharisma]

another good reason for getting the nexus phones. you do not have to worry about anyone putting custom apps on it.

 

[macandrews]

Good for me atleast

Android spyware

 

[ceo3h]

It's gonna cost CIQ more money than they ever made by selling this stupid app to the greedy carriers to begin with. Android spyware