Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Reverse Engineers Carrier IQ

Posted by samzenpus on from the see-how-it-ticks dept.

MrSeb writes "At this point we have a fairly good idea of what Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation — the preeminent protector of your digital rights — has taken it one step further and reverse engineered some of the program's code to work out what's actually going on. There are three parts to a Carrier IQ installation on your phone: The program itself, which captures your keystrokes and other 'metrics'; a configuration file, which varies from handset to handset and carrier to carrier; and a database that stores your actions until it can be transmitted to the carrier. It turns out that that the config profiles are completely unencrypted, and thus very easy to crack."

10 of 103 comments (clear)

  1. If it's unencrypted... by Anonymous Coward · · Score: 5, Funny

    ...why would anyone have to crack it? Just open and read it. BRB, I'm going to 'crack' these jpegs of naked ladies.

    1. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Insightful

      'crack' is a vague expression. It says that it's unencrypted, which doesn't mean it isn't encoded. If you read the articles, it will be clear that by cracking they mean understanding what's in there.

    2. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Insightful

      Unencrypted != human readable.

      Obfuscated bytecode is unencrypted and still takes a lot of effort to make sense from.

    3. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Informative

      Being unencrypted and being human readable are two different things. Reverse engineering includes figuring out the data structure and format and actually figure out what bit means what data. Generally a simple process if it isn't compressed, encrypted or complex, but still reverse engineering.

    4. Re:If it's unencrypted... by sunderland56 · · Score: 5, Informative

      It is a binary, not source code. So it's like having a file containing an image of naked ladies, but not knowing what sort of compression scheme was used.

      It was also written in forth, of all things. So it's like finally figuring out the compression scheme and decoding the file - only to find out that it is an image of naked lady *martians*.

    5. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Funny

      Indeed. Anyone who has worked with any sort of Perl source code knows just how true your statement is. It's unencrypted, it's not (intentionally) obfuscated, and it may even have comments, but it's not human-readable, even after you've worked extensively with Perl for a couple of decades.

    6. Re:If it's unencrypted... by c · · Score: 5, Funny

      > It was also written in forth, of all things. So it's like finally figuring out the compression
      > scheme and decoding the file - only to find out that it is an image of naked lady *martians*.

      Er... you do realize this is slashdot, and to an entire generation of nerds who spent most of their post-pubescent lives lusting after Star Trek aliens, both real-live implementations of "forth" and images of "naked lady martians" are considered a good thing to find inside compressed, encrypted binary blobs?

      Stick with something safe, like car analogies.

      --
      Log in or piss off.
    7. Re:If it's unencrypted... by Anonymous Coward · · Score: 5, Funny

      Ever look at LISP code. Looks like fingernail clippings in oatmeal.

  2. Consumer Protection by sociocapitalist · · Score: 5, Insightful

    At the risk of being modded down, I think that if there is not already legislation to protect people from this type of spying then there should be.

    --
    blindly antisocialist = antisocial
  3. collector/c info please by sgt+scrub · · Score: 5, Interesting

    Of course we hope people can also send us Profiles from Windows Mobile, BlackBerry, iPhone and "feature phone" ports of Carrier IQ.

    I'd settle for more info about "c" on the machines collecting data.

    grep -H https *.xml

    att-galaxy-s2-defaultProfile.pro.xml: UploadUrl="https://ciqcol01.ciq.labs.att.com:10010/collector/c">
    htc-amaze-tmob-defaultProfile.pro.xml: UploadUrl="https://oddca.t-mobile.com/collector/c">
    htc-evo-sprint-iqprofile.pro.xml: UploadUrl="https://collector.iota.spcsdns.net:10003/collector/c">
    tmob-galaxy-s2-defaultProfile.pro.xml: UploadUrl="https://oddca.t-mobile.com/collector/c">

    I was able to get ciqcol01.ciq.labs.att.com 10010 to respond with telnet; but, it dropped my connection when I sent GET/POST etc. The others didn't respond. I'm assuming they have been moved.

    --
    Having to work for a living is the root of all evil.