More on Carrier IQ, which collects information about your cell phone, your call experience, dropped calls, location, and other information limited only by the imagination of the intelligence specialists of the FBI, CIA, NSA, and other interested parties.
by Ognir » Sun Nov 27, 2011 10:46 am
This information is written to the best of my knowledge using publicly available resources. No security was bypassed to obtain anything marked confidential, and Carrier IQ made no effort to protect said documents.
You can take the Carrier IQ training yourself here – https://dis1.water.carrieriq.com/dis/training.jsp
I have made a mirror of all materials referenced here for download for the sole purpose of allowing others to understand and verify my security research on Carrier IQ.
mirror1 – http://www.multiupload.com/BAAKNNSM3J
What is Carrier IQ?
Written by Trevor Eckhart
Carrier IQ (CIQ) sells rootkit software included on many US handsets sold on Sprint, Verizon and more. Devices supported include android phones, Blackberries, Nokias, Tablet devices and more.
Carrier IQ is the market leader in Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users.
Recognizing the phone as an integral part of a mobile service delivery, and using the device to measure key parameters of service quality and usage, the Carrier IQ solution gives you the unique ability to analyze in detail usage scenarios and fault conditions by type, location, application and network performance while providing you with a detailed insight into the mobile experience as delivered at the handset rather than simply the state of the network components carrying it.
Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality.
It collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool
Great! Less dropped calls, better network experience. It sounds good on the surface. I was also able to obtain a stock copy of carrier IQ before it gets modified by third parties, and it has surveys users can fill out if they get a dropped call, browser ends unexpectedly, etc. It makes its presence known by putting a checkmark in the status bar. This could potentially be pretty useful information from a network administration standpoint, and is made clear to users its running. Unfortunately this is not always the real world case, it can be modified to be completely hidden.
Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev
A data-logging software company is seeking to squash an Android developer’s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company’s training manuals from his website.
Though the software is installed on millions of Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent.
Eckhart called the software a “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge in order to secretly intercept the device’s workings. Malware such as keyloggers and trojans are two examples.
He also mirrored the Mountain View, Calif. company’s training manuals he’d found on Carrier IQ’s publicly available website. The manuals provide a limited roadmap for how Carrier IQ works, Eckhart said in a telephone interview.
When Carrier IQ discovered Eckhart’s recent research and his posting of those manuals, Carrier IQ sent him a cease-and-desist notice, saying Eckhart was in breach of copyright law and could face damages of as much as $150,000, the maximum allowed under U.S. copyright law per violation. The company removed the manuals from its own website, as well.
On Monday, the Electronic Frontier Foundation announced it had came to the assistance of the 25-year-old Eckhart of Connecticut, whom Carrier IQ claims has breached copyright law for reposting the manuals.
“I’m mirroring the stuff so other people are able to read this and verify my research,” he said. “I’m just a little guy. I’m not doing anything malicious.”
The company is demanding Eckhart retract (.pdf) his “rootkit” characterization of the software, which is employed by most major carriers, Eckhart said.
The EFF says Eckhart’s posting of the files is protected by fair use under the Copyright Act for criticism, commentary, news reporting and research, and that all of Carrier IQ’s claims and demands are “baseless.” (.pdf)
Andrew Coward, Carrier IQ’s marketing manager, said in a telephone interview Tuesday that the company, not Eckhart, should be in “control” of the manuals.
“Whatever content we distribute we want to be in control of that,” he said. “I think obviously, any company wants to be responsible for the information that gets distributed.”
He said “legal matters” prohibited the 6-year-old company from discussing the Eckhart flap further.
He said the company’s wares are for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
“We’re not looking at texts. We’re counting things. How many texts did you send and how many failed. That’s the level of metrics that are being gathered,” he said.
He answered “probably yes” when asked whether the company could read the text messages if it wanted.
Marcia Hofmann, an EFF senior staff attorney, said the civil rights group has concluded that “Carrier IQ’s real goal is to suppress Eckhart’s research and prevent others from verifying his findings.”
In a Monday letter to Carrier IQ, Hofmann said Eckhart’s speech was protected by the First Amendment.
What’s more, the company is demanding that Eckhart inform Carrier IQ of the names of all persons to which Eckhart has forwarded the training material. The company also wants Eckhart to send “written retractions” to everybody who has viewed his research in hard copy or on the web.
Among other things, Carrier IQ insists that Eckhart retract his “root kit” characterization of the unremovable software, and other statements, by issuing a press release to The Associated Press.
PC Magazine describes a rootkit as this:
A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have “root” access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder).
Rootkits can also be used for what some vendors consider valid purposes. For example, if digital rights management (DRM) software is installed and kept hidden, it can control the use of licensed, copyrighted material and also prevent the user from removing the hidden enforcement program. However, such usage is no more welcomed than a rootkit that does damage or allows spyware to thrive without detection.
In 2005, Sony came under fire for installing a rootkit on music CDs. Security expert Bruce Schneier wrote then that “The Sony code modifies Windows so you can’t tell it’s there, a process called ‘cloaking’ in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can’t be removed; trying to get rid of it damages Windows.”
In a letter to Eckhart, Carrier IQ said, “If you do not comply with these cease and desist demands within this time period, please be advised the Carrier IQ, Inc. will pursue all available legal remedies, including seeking monetary damages, injunctive relief, and an order that you pay court costs and attorney’s fees.”
The deadline expired Nov. 18, but so far Carrier IQ has not made good on its threats.