Running a Verizon Droid X, I can't find any trace of CarrierIQ -- and this is the 2nd time I've searched for it. Good news, I reckon...But I agree with your assessment. What can be misused, assuredly will be.
David On Wed, Nov 30, 2011 at 2:14 PM, Stu Sjouwerman <[email protected]>wrote: > Google, What Happened To 'Do No Evil'? > > Google: #FAIL! There is a process installed on most recent Android phones > called Carrier IQ. You cannot stop this process. It looks at what is > happening on the phone and sends every button you press to the IQ app. > From there, the data — including the content of text messages — is sent > to Carrier IQ’s servers, in secret. I checked it out on my own HTC > Android phone from Sprint and sure enough, it's there. > > It cannot be turned off without rooting the phone and then replacing the > whole OS. Moreover, even if you stop paying for service from your > carrier and just use Wi-Fi, your phone still reports to Carrier IQ. Dang! > > Worse, if you use Google search, and type in a search term, this is > supposed to be https, so it should be encrypted. However, the Carrier > IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL. > > This particular software is installed on 142 million handsets, including > modern BlackBerry and Nokia phones, but no one knew about it until > Android developer Trevor Eckhart analyzed how it works. > > The software secretly logs pretty much anything that happens on a phone, > supposedly for the reason that carriers and phone manufacturers 'can do > quality control'. Yeah right, maybe so, but Carrier IQ can be served with > subpoenas as well, and then all traffic is right there for Big Brother to > be perused. Me no like. And think about compliance for a moment !!! > > Wow, what a privacy and security hole, unbelievable. Here is the 17-min > video where he clearly shows what is going on. Eckhart calls it a rootkit, > but that is a bit much, though it clearly qualifies as a Backdoor Trojan > in my book. > > Probably CIQ started out with the laudable idea to measure carrier and > handset performance. But that is where it went off the rails in a hurry. > Using code that acts like a backdoor Trojan is totally the wrong way to > do that. I wonder if they heard of the Sony rootkit debacle of 2005? > > It's not clear yet how this went down, did Google cave to the carriers' > demands to have this running without being able to stop it, to get their > contracts? Did the carriers put it on there without them knowing? Why did > they not scream bloody murder when they found out? Who is behind this? > > I would have expected more from Google, and am disappointed. See the > video for yourself. Not that I have anything to hide, but I'm going > to root my phone now. Video on WIRED: > http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/ > > Warm regards > > Stu Sjouwerman > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin -- David _____________________ * * *Under the heading of, "we wish"... *"But ambitious encroachments of the federal government, on the authority of the State governments, would not excite the opposition of a single State, or of a few States only. They would be signals of general alarm. ... But what degree of madness could ever drive the federal government to such an extremity." --James Madison, Federalist No. 46, 1788 ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
