Printed from http://www.electronista.com

Researcher shows CarrierIQ taking more data than claimed

updated 06:25 pm EST, Tue November 29, 2011

Video shows CarrierIQ, Sprint lied about data

The latest update in the CarrierIQ data collection controversy and the related privacy issues has brought apparent video confirmation. shared by Geek and made by security researcher Trevor Eckhart, the video (below) shows a LogCat proving that the CarrierIQ name is not mentioned anywhere in the startup code. The handset used is a stock HTC Evo 3D, and there is no way to shut down the app as it's not visible.

The video shows that CarrierIQ software knows about a text message and its contents before the user is even notified. Earlier, both CarrierIQ and Sprint claimed the contents of an SMS were not saved. Geek's Russell Holly tried to contact CarrierIQ about this matter but they didn't comment directly, stating instead that it's looking forward to a meeting with the Electronic Frontier Foundation and will continue to keep users updated.

The video also shows that the software records keystrokes. It likewise records calls with network strength values, which primarily allows carriers to fix problems but could also be used to intercept data. CarrierIQ is also collecting keystrokes of incompleted calls and even random keystrokes, or more than it needs

When using Wi-Fi, CarrierIQ records website security information, including URL and even passwords sent over the ostensibly secure HTTPS. This doesn't involve Sprint, as it's on Wi-Fi, so it shouldn't be recorded, Holly concludes.

CarrierIQ hasn't responded to the video, but it's now under pressure to prove that it hasn't created problems for a significant portion of Android. HTC, other phone makers, and carriers are known to have loaded CarrierIQ, all of which are thought to have been well-meaning but which could have created an extra security risk by giving hackers a treasure trove of information either on the device or sent to outside servers.





By Electronista Staff
toggle

Comments

  1. facebook_David

    Via Facebook

    Joined: Dec 2011

    0

    HYPE! You've been fooled, maybe

    That looks similar to the usual LogCat output when your Android phone is in USB Debugging mode. Tons of keystrokes and data is sent over the usb cable to the programmer's computer, which helps programmers debug their own phone and apps they are writing. Eckhart needs to show proof that the data is actually being logged by CarrierIQ and subsequently sent out over the air. The video shows no such thing. I repeat, the phone puts out all the keystrokes normally over the usb cable when in usb debugging mode. Go to Settings -> Applications -> Development (on my T-mobile GalaxyS). -David, android developer.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News