Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Reverse Engineers Carrier IQ

Posted by samzenpus on from the see-how-it-ticks dept.

MrSeb writes "At this point we have a fairly good idea of what Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation — the preeminent protector of your digital rights — has taken it one step further and reverse engineered some of the program's code to work out what's actually going on. There are three parts to a Carrier IQ installation on your phone: The program itself, which captures your keystrokes and other 'metrics'; a configuration file, which varies from handset to handset and carrier to carrier; and a database that stores your actions until it can be transmitted to the carrier. It turns out that that the config profiles are completely unencrypted, and thus very easy to crack."

9 of 103 comments (clear)

  1. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Insightful

    'crack' is a vague expression. It says that it's unencrypted, which doesn't mean it isn't encoded. If you read the articles, it will be clear that by cracking they mean understanding what's in there.

  2. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Insightful

    Unencrypted != human readable.

    Obfuscated bytecode is unencrypted and still takes a lot of effort to make sense from.

  3. So it's badly written & only helps the carrier by phonewebcam · · Score: 3, Insightful

    All it needs now is a $5 per Android handset "licensing fee" and you've got your smoking gun!

  4. Cough it up by PopeRatzo · · Score: 4, Insightful

    If you haven't done so yet this year, it's time to go donate a few bucks to EFF.

    I wouldn't bring it up if we didn't need them so bad.

    I'm in for another fifty, just because I saw this story and it's fucking Christmas and if SOPA passes we might as well kiss our Internet goodbye.

    --
    You are welcome on my lawn.
  5. Consumer Protection by sociocapitalist · · Score: 5, Insightful

    At the risk of being modded down, I think that if there is not already legislation to protect people from this type of spying then there should be.

    --
    blindly antisocialist = antisocial
  6. Re:collector/c info please by Anonymous Coward · · Score: 2, Insightful

    Interesting. Port 10010 doesn't show up on a port scan but responds to telnet.

    host ciqcol01.ciq.labs.att.com
    ciqcol01.ciq.labs.att.com has address 216.103.127.200

    nmap -P0 216.103.127.200
    Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-12-23 07:52 CST
    Nmap scan report for 216.103.127.200
    Host is up (0.028s latency).
    Not shown: 998 filtered ports
    PORT STATE SERVICE
    139/tcp closed netbios-ssn
    445/tcp closed microsoft-ds

  7. Re:Wikipedia article by MarkGriz · · Score: 4, Insightful

    Welcome to Wikipedia, the free encyclopedia that anyone can edit.

    --
    Beauty is in the eye of the beerholder.
  8. I smell a class action suit by fred911 · · Score: 4, Insightful

    So not only are you possibly able to invade my privacy, but you're also charging me for the bandwidth to do it? I'm sure the TOS doesn't cover you for the later.

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  9. Of course by Anonymous Coward · · Score: 3, Insightful

    Of course there will be. The legislation will say "you may continue to spy as long as we get a cut".

    No, that wasn't a joke.