Monday, 05 December 2011 22:01

CarrierIQ, Not a Keylogger after all

Written by

Reading time is around minutes.

broken-lockIt looks like the CarrierIQ debacle was quite possibly be a case of Chicken Little meets the digital era with a sinister plot twist. A few weeks ago the news broke that a software researcher (Trevor Eckhart) had found that software that was preinstalled on certain phones appeared to be acting like a keylogger. The hypothesis was based on finding two apps that he could not uninstall or stop. Then he discovered what looked like a link between these two apps and one of the debugging logs (that does record everything that you do). Eckhart announced his findings and a whirlwind of articles ran around the internet a few times.

More recently some of the larger security research companies have weighed in and have (in at least one case) decompiled the app and taken a look at what it does and does not do. So far the consensus is that CarrierIQ does not log and transmit everything you do on your phone. According to Dan Rosenburg (an independent security researcher), CarrierIQ has no ability to record anything other than the keys you press on the dialer pad. Now, this will be good news to people that were concerned about the details of their email and texts being sent back to their carriers, but there are still other things that the carriers are collecting that raise serious questions.

According to CarrierIQ the software can be configured by the carriers to collect information on what applications are being used and what URLs are visited. This is ok, until you begin to wonder who else can gain access to this information that is reportedly stored on the phones. The whole issue has raised enough concerns that Senator Al Franken (formerly of Saturday Night Live) has already asked CarrierIQ some pointed questions and is now moving on to the carriers themselves.

For their part both Sprint and AT&T have admitted using the software, but neither will comment on the features they use. Everyone (with the possible exception of the carriers) agree that while CarrierIQ might not have been the massive threat it was thought to be at first, it is still something that consumers should have known about and should have an option to opt out of.

Discuss in our Forum

Read 1956 times Last modified on Monday, 05 December 2011 22:40

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.