Researcher Claims Carrier IQ Smartphone Software Is a Rootkit
Trevor Eckhart, a smartphone security researcher, claims that a hidden software installed on many smart phones logs numerous details about users' activities.
The researcher has posted a video on Youtube detailing hidden software - known as Carrier IQ - installed on smart phones that logs every text message, Google search and phone number typed on a wide variety of smart phones - including HTC, Blackberry and others - and reports them to the mobile phone carrier.
Eckhart typed a text message of "Hello world!" only to have it instantly appear in a Control IQ application log in an Android phone.
The application also logs the URL of websites searched on the phone, even if the user encrypts that data using "Https" URLs. In addition, the software always runs when Android operating system is running and users are unable to stop it, according to Eckhart said.
Responding to Echart, Carrier IQ said that its software measures operational information in mobile devices in order to "assist operators and device manufacturers in delivering high quality products and services to their customers."
"While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rd parties. The information derived from devices is encrypted and secured within our customer's network or in our audited and customer-approved facilities," Carrier IQ said.
Control IQ had tried to silence Echkart with a cease-and-desist letter threatening legal action but backed off after lawyers at the Electronic Frontier Foundation (EFF) went to his defense.
"Eckhart's research is protected by fair use and the First Amendment right to free expression," the EFF said. "As the Copyright Act says, 'the fair use of a copyrighted work . . . for purposes such as criticism, comment, news reporting . . . or research, is not an infringement of copyright.' Furthermore, Eckhart's analysis is just the kind of speech that that the First Amendment is meant to protect - public commentary that will help consumers better understand the products they use and help researchers investigate those products." The EFF also sent a response to Control IQ, available here.
Finally last week Control IQ withdrawed the specific cease and desist letter to Mr. Trevor Eckhart, apologizing for it and saying that the company's action was "misguided."
"We are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," Control IQ said. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
RIM and Nokia denied the use of the Carrier IQ software in their phones.
More information on Eckhart' research is available here.
Eckhart typed a text message of "Hello world!" only to have it instantly appear in a Control IQ application log in an Android phone.
The application also logs the URL of websites searched on the phone, even if the user encrypts that data using "Https" URLs. In addition, the software always runs when Android operating system is running and users are unable to stop it, according to Eckhart said.
Responding to Echart, Carrier IQ said that its software measures operational information in mobile devices in order to "assist operators and device manufacturers in delivering high quality products and services to their customers."
"While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rd parties. The information derived from devices is encrypted and secured within our customer's network or in our audited and customer-approved facilities," Carrier IQ said.
Control IQ had tried to silence Echkart with a cease-and-desist letter threatening legal action but backed off after lawyers at the Electronic Frontier Foundation (EFF) went to his defense.
"Eckhart's research is protected by fair use and the First Amendment right to free expression," the EFF said. "As the Copyright Act says, 'the fair use of a copyrighted work . . . for purposes such as criticism, comment, news reporting . . . or research, is not an infringement of copyright.' Furthermore, Eckhart's analysis is just the kind of speech that that the First Amendment is meant to protect - public commentary that will help consumers better understand the products they use and help researchers investigate those products." The EFF also sent a response to Control IQ, available here.
Finally last week Control IQ withdrawed the specific cease and desist letter to Mr. Trevor Eckhart, apologizing for it and saying that the company's action was "misguided."
"We are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," Control IQ said. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
RIM and Nokia denied the use of the Carrier IQ software in their phones.
More information on Eckhart' research is available here.