CarrierIQ: Most Phones Ship With "Rootkit"

← Back to Stories (view on slashdot.org)

CarrierIQ: Most Phones Ship With "Rootkit"

Posted by Unknown on Wednesday November 16, 2011 @03:55AM from the your-keystrokes-may-be-monitored-for-qa-purposes dept.

First time accepted submitter Kompressor writes "According to a developer on the XDA forums, TrevE, many Android, Nokia, and BlackBerry smartphones have software called Carrier IQ that allows your carrier full access into your handset, including keylogging, which apps have been run, URLs that have been loaded in the browser, etc." Since this was submitted, a few more details have come to light. The software was designed to give carriers useful feedback on aggregate usage patterns, but the software runs as root and the privacy implications are pretty severe.

37 of 447 comments (clear)

Min score:

Reason:

Sort:

Doesn't Matter by Anonymous Coward · 2011-11-16 03:57 · Score: 4, Funny

It doesn't matter because Android is open.
That's all that matters.
1. Re:Doesn't Matter by Anonymous Coward · 2011-11-16 03:59 · Score: 5, Insightful
  
  In open source, the user can do whatever he or she wants with the software.
  In proprietary software, it's the other way around.
2. Re:Doesn't Matter by WorBlux · 2011-11-16 04:03 · Score: 5, Insightful
  
  But many of the drivers and first stage bootloaders aren't
3. Re:Doesn't Matter by circletimessquare · 2011-11-16 04:03 · Score: 5, Funny
  
  in soviet software land, software programs you!
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
4. Re:Doesn't Matter by ByOhTek · 2011-11-16 04:14 · Score: 5, Insightful
  
  I think the GPs point is that, in this case, the latter can also be true for open source software.
  
  --
  Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
5. Re:Doesn't Matter by marcosdumay · 2011-11-16 05:15 · Score: 4, Insightful
  
  Or maybe his point was that, if Android was really open such things would be easy to fix.
  
  --
  Rethinking email
6. Re:Doesn't Matter by Runaway1956 · 2011-11-16 05:31 · Score: 4, Insightful
  
  What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.
  I'm one who likes a lot of what Google does, but I'm no blind fanboi. Google dropped the ball when they permitted downstream customers to close their source. And, that's why I'm using a "dumb phone"*, with no plans to upgrade. I'm not about to pay the phone company hundreds of dollars, PLUS an exorbitant contract fee, so that they can spy on me.
  * It should be noted that even old "dumb phones" are pretty easy to spy on, albeit to a lesser extent than is exposed in this and other recent articles.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
7. Re:Doesn't Matter by zill · 2011-11-16 05:37 · Score: 5, Insightful
  
  No, you cannot replace the first stage bootloader and the baseband, so they will forever remain proprietary. There is no way to have a working Android phone without running proprietary code unfortunately.
  
  You can, however, get Android running without relying on proprietary code. It just won't work as a phone unfortunately.
8. Re:Doesn't Matter by gauauu · 2011-11-16 05:37 · Score: 5, Informative
  
  What Marcos said. Android is not "open source". It's "kinda sorta open to downstream proprietors, but not to end users", which is not open source at all.
  Well, it's not "free" according to GPLv3 (android devices can be Tivo'ised preventing you from running modified code), but anyone can download the android source and modify and rebuild it. If your device supports it (many do), you can run your modified code on your device. I'm not sure how you can say Android isn't open source, as that's pretty much the definition of open-source.
  Now you could argue that it's not "free" as defined by RMS and the FSF, and you'd have a decent argument. But claiming it's not open source is just incorrect.
9. Re:Doesn't Matter by Ossifer · 2011-11-16 05:43 · Score: 5, Interesting
  
  I disagree. The very real risk (result!) is from the carriers putting crapware/spyware/etc. that you can't remove. I don't fear Google or Apple in this respect. Consider that yesterday it was revealed that Japan's largest carrier doesn't sell the iPhone precisely because Apple won't allow them to install such things.
  
  Secondly, I don't consider it truly open source, unless I can reasonably make changes, which you can't do with Android phones currently on the market.
10. Re:Doesn't Matter by Drakino · 2011-11-16 06:37 · Score: 4, Insightful
  
  Only parts of Android are open source. Other parts, including key infrastructure pieces and the majority of apps people use that ship on the devices are closed.
  And open source here is a license that doesn't require Google to disclose the source when shipping, leading to every Android Honeycomb tablet that shipped this year being a closed platform until this week.
  Google has severely muddied the meaning of open and open source compared to what we are used to from the GPL and Linux worlds.
  Never let your hatred of Apple, Microsoft or whoever to cloud your judgement of the companies you do cling to. Google's "open" message is eerily similar to FUD messages Microsoft was spreading in the 90s when it came to Java and "open computing". The quicker we hold these companies accountable, the quicker it improves. Getting stuck in fanboy wars and putting on the blinders helps no one.
11. Re:Doesn't Matter by adolf · 2011-11-16 07:50 · Score: 4, Insightful
  
  There is no spoon.
  
  --
  Kid-proof tablet..
12. Re:Doesn't Matter by nevermore94 · 2011-11-16 11:57 · Score: 4, Interesting
  
  You are right. It doesn't matter. I am not a tinfoil hat wearer because I am a Computer Systems Engineer and Network Administrator and I know how much data they can gather from you if they want to and have pretty much just stopped caring. They don't need any special app hidden on your phone to spy on you. They could record every single URL that you visit from their server end. Unless you are taking some extraordinary measures on your phone like running through proxies (which can then log everything you do themselves) or Tor they can already track all of your online activity. Does this make something like CIQ right, hell no, and I have already verified that my Android phone doesn't contain it. But, it also doesn't mean that I have any allusions that every URL I visit isn't being recorded somewhere. I just don't care because I don't do anything on my phone that I wouldn't want the world to know about anyway. That is why burner phones were invented ;-)
  PS, if you want an interesting look into which Android apps are tracking you when you use them, check out the app:
  Addons Detector
  
  --
  Nevermore.
but but but... Apple by Anonymous Coward · 2011-11-16 03:58 · Score: 5, Insightful

With a walled garden, Apple keeps the carriers out too.
1. Re:but but but... Apple by CastrTroy · 2011-11-16 04:08 · Score: 5, Interesting
  
  This is the best thing that the iPhone has done for the cell phone industry. Apple doesn't bow down and let the carrier load whatever crap they want to on the phone. This makes the iPhone a much better experience, because an iPhone from Verizon is exactly the same as an iPhone from AT&T and it exactly the same as an iPhone you purchase directly from Apple. The only difference is that the carrier specific phones have been locked to that provider, but that's acceptable since you're getting the phone at a huge discount. I wish more handset makes, especially the big ones (HTC, Motorola, Nokia) would do the same to offer their customers a much better and more consistent experience.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
2. Re:but but but... Apple by sribe · 2011-11-16 04:20 · Score: 4, Insightful
  
  ...but that's acceptable since you're getting the phone at a huge discount.
  I don't even believe that. As long as you continue to pay your contract, you should be able to unlock the phone.
3. Re:but but but... Apple by Unoriginal_Nickname · 2011-11-16 04:27 · Score: 5, Funny
  
  Has anyone?
4. Re:but but but... Apple by sootman · 2011-11-16 04:56 · Score: 4, Informative
  
  You don't even need to go as far as the EULA -- iOS 5 actually asks you during setup if you want to allow usage data to be sent.
  http://www.thewwwblog.com/wp-content/uploads/2011/10/ipad-ios-5-diagnostics-7.jpg
  (From http://www.thewwwblog.com/apple-ios-5-setup-steps-apple-ipad.html )
  
  --
  Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
5. Re:but but but... Apple by popoutman · 2011-11-16 05:05 · Score: 5, Informative
  
  EULAs are not contracts. They are a wishlist by the software writers, and such are part of an honour system. They are not legally binding in sane jurisdictions.
  
  --
  - This sig deliberately left blank. Nothing to see, move along.
6. Re:but but but... Apple by LordLimecat · 2011-11-16 05:35 · Score: 5, Insightful
  
  Article is a load of crap, they give no details on how they know its there. They show screenshots of 2 android phones with visible GUIs which show CIQ, and then claim its on iPhone and Blackberry as well. Sorry, Ive dug through all the servicebooks on several blackberries (8250, 9600, 7200) and Ive never seen a CIQ service book.
  And as for this statement...
  
  According to TrevE, the software is installed as a rootkit software in the RAM of devices where it resides. This software basically is completely hidden from view and in it virtually invisible,
  
  Someone doesnt understand the volatile nature of RAM, or is terrible at communicating. Rootkits dont reside in RAM, because then they would be removable with a battery removal. As for "completely hidden", why then does he have screenshots of a CIQ GUI where theres a "disable CIQ" checkbox?
  The credibility factor of this story is in the negatives, especially when they really dont explain what their proof is and they have one guy on a forum claiming this-- its not even a researcher with a known real name. Who says this isnt a massive troll?
7. Re:but but but... Apple by The+Moof · 2011-11-16 06:34 · Score: 5, Insightful
  
  They are not legally binding in sane jurisdictions.
  That, right there, is the catch. If you're in the US, you're not in a sane jurisdiction. Have you seen some of the egregious things they've been putting in EULAs these days that are actually being held up in court?
8. Re:but but but... Apple by Drakino · 2011-11-16 06:44 · Score: 5, Informative
  
  You mean the smartphone location fiasco where it was discovered that *gasp* AGPS caches data on phones, including Android, Blackberry, iPhone and WebOS? Yep. Typical internet echo chamber amplification that turned it into an attack point for fanboys who didn't actually do any research.
  Apple did have one legitimate bug in the situation. The cache was in a folder marked for backup to computers, due to it living in the same location as the settings file to toggle what apps can use location data. This was fixed, and the cache was reduced. I personally preferred the old cache time, since it meant my phone found my location when I wanted it to quicker. But they bowed to the pressure from the echo chamber anyhow.
Cyanogen by Tsingi · 2011-11-16 03:59 · Score: 4, Insightful

Nice.
Buy a phone you can root and put CyanogenMod on it. It works great!
1. Re:Cyanogen by Pieroxy · 2011-11-16 04:04 · Score: 5, Funny
  
  Tell that to my Mom. You're in for a rough ride, I'll tell you that much!
  
  --
  Write boring code, not shiny code!
2. Re:Cyanogen by gparent · 2011-11-16 04:07 · Score: 5, Funny
  
  I'm always in for a rough ride with your mom. Oh, you mean to install Cyanogenmod?
3. Re:Cyanogen by dkleinsc · 2011-11-16 04:11 · Score: 4, Funny
  
  Plus, as any Aussie can tell you, rooting a phone is more than little bit kinky.
  
  --
  I am officially gone from /. Long live http://www.soylentnews.com/
4. Re:Cyanogen by oakgrove · 2011-11-16 04:44 · Score: 4, Informative
  
  I put Cyanogen on my Samsung Vibrant. It has "removed carrier iq" in the release notes.
  
  --
  The soylentnews experiment has been a dismal failure.
Re:So by Rootkit · 2011-11-16 04:09 · Score: 5, Informative

http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/ The bottom of this page has a section about detection including an app to detect hidden UIs.
some legitimate technical questions by nimbius · 2011-11-16 04:30 · Score: 4, Interesting

that should get asked about the article
does cyanogenmod mitigate this threat? if not how about whispercore? could whisper systems in the future detect and correct this
rootkit?
can rootkit detection systems presently available in linux detect and successfully help a hacker to remove the rootkit?

--
Good people go to bed earlier.
Re:Really? by Smallpond · 2011-11-16 04:38 · Score: 5, Informative

" By entering this Agreement, you consent to our data collection, use and sharing practices described in our Privacy Policy available at verizon.com/privacy." -- from Verizon Customer Agreement
That's why.
Samsung Vibrant by oakgrove · 2011-11-16 04:39 · Score: 4, Informative

When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.

--
The soylentnews experiment has been a dismal failure.
1. Re:Samsung Vibrant by gstoddart · 2011-11-16 05:02 · Score: 4, Interesting
  
  When I rooted my Vibrant and stripped out CIQ, the performance went through the roof. Logging every single thing a user does takes a toll apparently.
  And, I'm betting it's the users paying for the data plan usage that sends this stuff.
  So, you're paying extra to be snooped on. I highly doubt they exclude this data from what they charge you.
  
  --
  Lost at C:>. Found at C.
2 Questions by JustNiz · 2011-11-16 04:50 · Score: 4, Interesting

1) How can you authoritatively determine the android phone you are about to buy doesn't have Carrier IQ installed, BEFORE you buy it?
2) If you already have an android phone, (how) can you check for and uninstall Carrier IQ?
1. Re:2 Questions by SmurfButcher+Bob · 2011-11-16 05:12 · Score: 5, Interesting
  
  3. If your lawyer has this on his (her) phone, are they in breach of confidence? What about now that they know about CIQ?
  4. If a medical *anything* has this on their phone, is this a HIPAA issue?
  
  --
  
  help me i've cloned myself and can't remember which one I am
2. Re:2 Questions by compro01 · 2011-11-16 05:55 · Score: 4, Informative
  
  1. Ask around basically.
  2. a guy on xdadevs whomped up an app to detect (requires root) and remove (requires root and 99 cent donation) CIQ, among other things. http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109
  
  --
  upon the advice of my lawyer, i have no sig at this time
Re:list? by Anonymous Coward · 2011-11-16 05:06 · Score: 4, Insightful

I can only speak for my Employer... BlackBerry: 0
It's a very misleading article. Yes it shows that a "root kit" install has appeared on an Android device, but it is clear that the author has no idea about the security restrictions applicable to BB devices. Want to block your Carrier's Application? Simply go to Security Options -> Advanced Security Options -> Certificates. Find your Carrier certs and revoke them. It won't block your phone calls, or data connections, but any app which your carrier has installed to your device with a Service Book will be prevented from running.
Oh, and you can also see exactly what modules are stored on your device under the Options->Applications listings. I seriously doubt you will ever find this stuff in there.
RMS was right by SigmundFloyd · 2011-11-16 05:24 · Score: 5, Informative

Stallman doesn't sound so crazy now...

--
Knowledge is power; knowledge shared is power lost.