Sprint has decided to stop using Carrier IQ’s diagnostic software in light of the ongoing controversy about user privacy, according to reports.
Browsing Category: Mobile Security
The latest generation of desk-jockey’s admitted in a recent CISCO study that they frequently ignore and/or circumvent the information technology (IT) policies of their employers, heightening corporate risk.
Carrier IQ, the embattled software company at the center of the controversy over alleged data collection on mobile devices, has released a new document that details the ways in which carriers deploy the software, how it works on devices and what data it is capable of collecting. The company also admitted in the document that its software has a bug that, in some specific cases, could cause the application to collect the contents of SMS messages.
There has been another round of malicious apps discovered in the official Android Market, with this wave containing hidden functionality to send SMS messages to premium-rate numbers. The apps, which Google has pulled from the Market already, are counterfeit versions of popular games, including Angry Birds.
A lot has been said about the Carrier IQ software, the way that it’s used by carriers and whether it’s capable of intercepting calls, texts and data on users’ handsets. It’s still not clear exactly what’s going on, but one lesson that has emerged from all of this is this: The mobile devices people buy and use for personal and sensitive taks every day simply do not belong to them.
The controversy over stealthy monitoring software by CarrierIQ has raised important questions about user privacy and business ethics in the Brave New World of smart phones, tablets and the like. In the uproar over CarrierIQ’s surreptitious monitoring of mobile phone users, various tools have appeared that claim to be able to detect the software. However – removing CarrierIQ from your phone is another matter entirely. And,while some sites have offered instructions on doing so, Kaspersky Lab researcher Tim Armstrong said that, for all but a few mobile phone hardware experts, doing a CarrierIQ-pendectomy is a bad idea.
As the situation involving Carrier IQ continues to evolve and users become more aware of the software and its capabilities, a couple of tools designed to detect the application’s presence on mobile devices have emerged.
The researchers who last week said they had succeeded in jailbreaking the RIM PlayBook tablet have now posted a detailed walkthrough of how users can accomplish the same task on their own. The technique requires the use of a custom tool, but otherwise is fairly straightforward.
Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say that the application has some powerful, and potentially worrisome capabilities, but that as it’s currently deployed by carriers it doesn’t have the ability to record SMS messages, phone calls or keystrokes. However, the researchers note that there is still potential for abuse of the information that’s being gathered, whether by the carriers themselves or third parties who can access the data legitimately or through a compromise of a device.
The half life of the CarrierIQ “rootkit” scandal proved to be a little more than a week. That’s about how long it took for Trevor Eckhart, a young, Connecticut-based Android developer to begin raising questions about some stealth software he discovered running on Android phones by HTC and speculation in the media and online to run rampant about what kinds of spying said software might be engaged in. It was time enough for CarrierIQ to issue a lawyer letter threatening to sue the Eckhart and the Electronic Frontier Foundation to come to his defense and even for Congress to get involved – each of which ensured even more news cycles would be taken up with the mini-controversy. And it was time, at long last, for more information to become available about what was really going on with CarrierIQs software, and for cooler heads to prevail on both sides. The question, now, is why incidents like this provoke our anger so – and what we can do to stop them from happening again.