Printed from http://www.electronista.com

Researcher shows CarrierIQ taking more data than claimed

updated 06:25 pm EST, Tue November 29, 2011

Video shows CarrierIQ, Sprint lied about data

The latest update in the CarrierIQ data collection controversy and the related privacy issues has brought apparent video confirmation. shared by Geek and made by security researcher Trevor Eckhart, the video (below) shows a LogCat proving that the CarrierIQ name is not mentioned anywhere in the startup code. The handset used is a stock HTC Evo 3D, and there is no way to shut down the app as it's not visible.

The video shows that CarrierIQ software knows about a text message and its contents before the user is even notified. Earlier, both CarrierIQ and Sprint claimed the contents of an SMS were not saved. Geek's Russell Holly tried to contact CarrierIQ about this matter but they didn't comment directly, stating instead that it's looking forward to a meeting with the Electronic Frontier Foundation and will continue to keep users updated.

The video also shows that the software records keystrokes. It likewise records calls with network strength values, which primarily allows carriers to fix problems but could also be used to intercept data. CarrierIQ is also collecting keystrokes of incompleted calls and even random keystrokes, or more than it needs

When using Wi-Fi, CarrierIQ records website security information, including URL and even passwords sent over the ostensibly secure HTTPS. This doesn't involve Sprint, as it's on Wi-Fi, so it shouldn't be recorded, Holly concludes.

CarrierIQ hasn't responded to the video, but it's now under pressure to prove that it hasn't created problems for a significant portion of Android. HTC, other phone makers, and carriers are known to have loaded CarrierIQ, all of which are thought to have been well-meaning but which could have created an extra security risk by giving hackers a treasure trove of information either on the device or sent to outside servers.





By Electronista Staff
toggle

Comments

  1. facebook_David

    Via Facebook

    Joined: Dec 2011

    0

    HYPE! You've been fooled, maybe

    That looks similar to the usual LogCat output when your Android phone is in USB Debugging mode. Tons of keystrokes and data is sent over the usb cable to the programmer's computer, which helps programmers debug their own phone and apps they are writing. Eckhart needs to show proof that the data is actually being logged by CarrierIQ and subsequently sent out over the air. The video shows no such thing. I repeat, the phone puts out all the keystrokes normally over the usb cable when in usb debugging mode. Go to Settings -> Applications -> Development (on my T-mobile GalaxyS). -David, android developer.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Linksys EA6900 AC Router

As AC networking begins to makes its way into more and more devices you may find yourself considering an upgrade for your home network ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Ooma Office small business VoIP

Voice over IP (VoIP) services have been around for a very long time. Only recently has the implementation become a bit more robust, al ...

Sponsor

toggle

Most Commented

 
toggle

Popular News