Researchers Say Carrier IQ Isn't Logging Data, Texts

Trailrunner7 writes "Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say the application has some powerful, and potentially worrisome capabilities, but as it's currently deployed by carriers it doesn't have the ability to record SMS messages, phone calls or keystrokes. However, the researchers note there is still potential for abuse of the information that's being gathered, whether by the carriers themselves or third parties who can access the data legitimately or through a compromise of a device. Jon Oberheide, a security researcher who has done a lot of work on Android devices, also analyzed several versions of the Carrier IQ software and found the software has the ability to record some information, but that doesn't mean it's actually doing so. That part is up to each individual carrier. However, he says the ability to collect such data is a dangerous thing. 'There is a lot of capability to collect sensitive data, which is dangerous in any scenario,' Oberheide said in an interview. 'It's up to the carriers to use the software as they choose, but you could sort of put some blame on Carrier IQ. But they put it on the carriers.'" For those who don't want to trust in the good will of Carrier IQ or carriers themselves, here are a couple ways to get it off your phone.

On trusting shit.

[Hazel+Bergeron]

If I use any modern mobile 'phone then I assume anything I put on it and where it is can be read by the OS vendor and the carrier. The environment is too tightly controlled and lacking in openness for me to be able to come close to verifying otherwise. We can assume that the facility is only used on rare occasions because one significant revelation of data transmission will put people off buying the product, IOW the only thing keeping anyone safe is the "you're not important enough to matter" card.

But if you're doing anything remotely interesting, whether that's in industry or activism, you'd be a fucking idiot to use the routine features of a smartphone.

Re:Old news

[StripedCow]

Indeed, and carriers of course could already view and record text messages. They don't need an app for that.

Re:I don't care if it is harmless

[icebike]

No one forced your provider ti install CarrierIQ

And you have not a single shred of leverage to get the carrier to remove it.

Unless and until the hue and cry becomes so loud and congress takes an interest, they will all continue to foist
this stuff on the user, so your threat to take your business elsewhere means nothing.

If you don't object this camel's nose, you'll have the neck and forelegs soon.

CarrierIQ makes its living selling burglar tools. They can't survive without your acquiescence. Your carriers won't help you.

Go Senator Franken!

Re:Old news

[Pf0tzenpfritz]

Fact is: They sold you a phone with a rootkit installed that could record and transmit anything without your notice or your consent. That's still fucking bad enough for me. Claiming that "it wasn't activated by default" doesn't change a bit of it.