CNN.COM as well. From: Stu Sjouwerman [mailto:[email protected]] Sent: Friday, December 02, 2011 6:51 AM To: NT System Admin Issues Subject: RE: Google, What Happened To 'Do No Evil'?
It's all over the news now. Even the Wall Street Journal had an article about it today! From: Micheal Espinola Jr [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, December 01, 2011 6:24 PM To: NT System Admin Issues Subject: Re: Google, What Happened To 'Do No Evil'? I dont think that's an accurate summation. As far as I know, CIQ operates the same way on all devices. relaying full diagnostic information should be off all all devices by default, but there are still various ways this information can be [ab]used without the consumer's consent. -- Espi On Thu, Dec 1, 2011 at 3:07 PM, Jon Harris <[email protected]<mailto:[email protected]>> wrote: Okay so I had not finished all of the messages in the thread it was on the iPhone but at least you could turn it off and you can't do that on the others. Jon On Thu, Dec 1, 2011 at 5:59 PM, Jon Harris <[email protected]<mailto:[email protected]>> wrote: It seems no one has yet found it on either the iPhone or the Windows phones. It has so far only been on the Android, RIM, and Nokia based phones that have it. I believe the article says that both Apple and Microsoft retain more control (or implies they do) of the OS post sale to manufactures than the other vendors are. Jon On Wed, Nov 30, 2011 at 8:56 PM, Micheal Espinola Jr <[email protected]<mailto:[email protected]>> wrote: I dont see how this is a Google failure. Its installed and tracked by the carrier. Its not inherent in any OS - its an installed component found in *many* mobile devices across just about all modern platforms. Or am I mistaken? -- Espi On Wed, Nov 30, 2011 at 2:14 PM, Stu Sjouwerman <[email protected]<mailto:[email protected]>> wrote: Google, What Happened To 'Do No Evil'? Google: #FAIL! There is a process installed on most recent Android phones called Carrier IQ. You cannot stop this process. It looks at what is happening on the phone and sends every button you press to the IQ app. >From there, the data - including the content of text messages - is sent to Carrier IQ's servers, in secret. I checked it out on my own HTC Android phone from Sprint and sure enough, it's there. It cannot be turned off without rooting the phone and then replacing the whole OS. Moreover, even if you stop paying for service from your carrier and just use Wi-Fi, your phone still reports to Carrier IQ. Dang! Worse, if you use Google search, and type in a search term, this is supposed to be https, so it should be encrypted. However, the Carrier IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL. This particular software is installed on 142 million handsets, including modern BlackBerry and Nokia phones, but no one knew about it until Android developer Trevor Eckhart analyzed how it works. The software secretly logs pretty much anything that happens on a phone, supposedly for the reason that carriers and phone manufacturers 'can do quality control'. Yeah right, maybe so, but Carrier IQ can be served with subpoenas as well, and then all traffic is right there for Big Brother to be perused. Me no like. And think about compliance for a moment !!! Wow, what a privacy and security hole, unbelievable. Here is the 17-min video where he clearly shows what is going on. Eckhart calls it a rootkit, but that is a bit much, though it clearly qualifies as a Backdoor Trojan in my book. Probably CIQ started out with the laudable idea to measure carrier and handset performance. But that is where it went off the rails in a hurry. Using code that acts like a backdoor Trojan is totally the wrong way to do that. I wonder if they heard of the Sony rootkit debacle of 2005? It's not clear yet how this went down, did Google cave to the carriers' demands to have this running without being able to stop it, to get their contracts? Did the carriers put it on there without them knowing? Why did they not scream bloody murder when they found out? Who is behind this? I would have expected more from Google, and am disappointed. See the video for yourself. Not that I have anything to hide, but I'm going to root my phone now. Video on WIRED: http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/ Warm regards Stu Sjouwerman ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
