News regarding Carrier IQ, a third-party service loaded on certain smartphones that's capable of tracking users and even recording keystrokes, has been spreading rapidly in the past few days, though the original discovery happened back in March. The world is still learning more about what the service specifically does, but the latest news is that references to Carrier IQ were found in Apple's iOS, the operating system used by the iPhone and iPad. Here's what you need to know.
WHAT IS CARRIER IQ?
Carrier IQ is a little bit of software installed on the kernel level (meaning, way deep down where users can't really get to it) on many of the most popular smartphones in the country. It's a data collecting tool, essentially, getting to-the-minute information on, as Carrier IQ says, dropped calls, signal strength, battery issues, that kind of thing. The software, it seems, is applied by the wireless carrier (like Sprint or AT&T) rather than the device manufacturers--recent comments from HTC and RIM (makers of BlackBerry) suggest that the manufacturers have nothing to do with this software and even, in the case of RIM, do not approve of it. The software is installed without the user's permission before the phone is bought, and the user is not made aware of its existence.
WHAT'S THE PROBLEM?
We all know our phones are being tracked, in all kinds of ways and by all kinds of people. Sometimes it's for diagnostic purposes, like what Carrier IQ claims they're doing. Sometimes it's for advertisers. Sometimes it's unclear. But what's alarming about Carrier IQ is two things: its power and its lack of transparency.
Carrier IQ claims that their software does not monitor keystrokes--basically, everything you tap into your phone. That would include passwords, browsing history, personal correspondence, text messages, everything. Trevor Eckhart, an XDA developer (XDA is one of the largest online forums for developers working with Android and other platforms) from Connecticut, is the man responsible for discovering Carrier IQ, and in this video, he pretty clearly proves that the software does indeed have the ability to--and does--log your keystrokes. Even worse, it secures a connection to send these logs back to Carrier IQ even if your phone is in airplane mode, which is designed to turn off all wireless connections.
Eckhart posted several videos about Carrier IQ, calling it a "rootkit," a name for software surreptitiously installed on devices that monitors their use without making their presence known. Carrier IQ responded with a cease-and-desist letter (and a damned aggressive one at that--you can read it here (PDF)), though they relented, apologized, and retracted the letter once the Electronic Frontier Foundation came through and defended Eckhart.
The name "rootkit" is not inaccurate; it was only by chance that Eckhart stumbled on the service, which nobody in the press was aware of before he posted his video. It's basically impossible to remove, even for an experienced developer like Eckhart.
IS MY PHONE INFECTED?
Gizmodo has a live updating list of the phones and tablets that are safe, inasmuch as somebody has claimed they are safe. Not to say we don't believe, say, Verizon when they tell us they have never used Carrier IQ, but we are obliged to report that Verizon is the only source telling us facts about Verizon, which makes us sort of reluctant to report them as unassailable facts. Non-Nexus Android phones seem to be at the most risk; Eckhart's original discovery was on an HTC phone running Android, and phones from manufacturers like Samsung have also been found to be using Carrier IQ.
Devices running iOS, like the iPhone and iPad, well, that's a little bit different. An apparently "well-known" iPhone hacker going by the name Chpwn has found references to Carrier IQ deep within the iPhone's internal files. That was verified by The Verge, so we can pretty safely say that Apple does use Carrier IQ. However, it's a very limited form: unlike the Android version Eckhart found, the iPhone version is actually turned off by default, collecting and sending no data at all. As it turns out, it's only in action when an iPhone is in diagnostic mode, which would only be used when a user or repair person is doing some serious work on the phone. Even then, it only seems to record limited information like call quality and broad location, and doesn't track keystrokes at all. So iPhone users are, on the whole, safe from whatever Carrier IQ is doing.
Other platforms are less clear. Carrier IQ seems more dependent on carrier than platform, so even though RIM says it does not use Carrier IQ on its BlackBerrys, that doesn't mean your AT&T or Sprint BlackBerry is Carrier-IQ-free. Microsoft also says its Windows Phones do not come with the software; it's not clear if Windows Phones can have Carrier IQ applied or not.
Eckhart, that inexhaustible developer, created a little program that'll detect if Carrier IQ is installed on your phone. You can download it here. But to fully rid yourself of the rootkit, well, that's not easy. You'll have to root your phone, which (while having some nice benefits of its own, especially for Android users) may violate your terms of service and make your relationship with your wireless carrier a little dicey in terms of future servicing.
SHOULD I PANIC?
Probably not, but that doesn't mean what Carrier IQ, the wireless carriers, and cellphone manufacturers are doing is at all okay. Something like keystroke logging is so sensitive that any service that does it should be glaringly obvious, and, most importantly, turned off by default. Users should always know when what they type isn't private. That being said, despite Carrier IQ's lousy reaction to this whole thing (note to all electronics companies: do not sue hackers), we really don't know what Carrier IQ was being used for, only what it's capable of. It could certainly have been used to track strength of signal related to location, which, fine! That could be helpful! But its lack of transparency and its ability to do some very, very nasty things means that somebody owes some smartphone owners an apology--and a rethinking of privacy policies.
I'm sick of device makers/service providers treating purchased goods still as their property. This, just as in the case of the PS3 hack, is a situation in which even though you paid your hard-earned money for the device you don't technically own it. That in mind, they (be it the manufacturer or service provider) feel free to do what they want on it (like collect private data) without even telling us and the bad part is, the Supreme Court agrees with them. It used to be that you owned what you paid for, and could do as you please with it. We need to get back to that. And I DO NOT want my device usage tracked just out of the mindset that its nobody's business!
I'm wondering if CarrierIQ can be tricked into thinking its established a connection to its home server. In other words, forcing it to dump that data into a non-existent system.
I am so sick of the carriers putting stuff into phones. It should be the makers. I am glad that carrieriq isnt actively in iphone though. It shouldnt be there anyway. I wonder if it can be activated.
the future is happening so fast that it is now.
how is this not illegal? I mean this is stealing of private data and information...this is THEIFT of OUR private informatioN!! this is essentially ILLEGAL wire tapping...how is this NOT illegal all together!?
"how is this not illegal?"
Funny that you should ask that, Senator Al Franken is currently marching up their lawn and bellowing about wiretapping laws. He seems a bit angry, which is a good thing for everyone who isn't iq.
This is truly sickening. While i understand the need to have monitoring software in limited fashion for quality of service/support purposes, the fact that they were so hush hush about it screams foul play.
And there is never a support/service justification for recording keystrokes.
All the more reason we need more transparency and legislation guarding against the clandestine use of these services.
and @soniasweeney, eat S@#%, go F*&@ yourself, and go F*&@ your italian fraud sites. damn spammers
"Thoughtcrime, they called it."
enjoy ur tracking smartphones, i'll stick to my basic dumbphone, that i rarely even use.
I had Blackberry. Piece of crap fell apart. Went back to a dumbphone. Better call quality, speakerphone, texting. Cheaper rate plan.
It's no one's fault. This is the first generation where so much expensive, ultimately useless stuff has been available to buy. People will look back and see how foolish we were.
MY GAWD!! Isn't there a team of talented and hungry young lawyers out there who can turn this into a class action suit against the carriers, the manufacturers and the oddly named company who came up with this evil little piece of software that they've foisted off on us WITHOUT OUR KNOWLEDGE, of course.
Seems to me that this should be worth a few years worth of cellular bills as a possible settlement to everyone involved.
And as an Apple Stockholder since they went public, you can BET I'll be writing the Board of Directors and everyone/anyone else I know at Apple complaining about the SHAME they have brought on a once-untarnished company that has made a meteoric rise thru the past 25 years from a garage to one of the wealthiest companies in the US. The fact that Apple would put this kind of GARBAGE in their premier product (the iPhone) is taking a financial and moral risk with their reputation and their bank account that they can ill afford to impose on their stockholders! Who in hell approved such CRAP being put into an iPhone, anyway? And why are they not presently unemployed?
Anyone else care to write Apple along with me! They do respond and above all, they do hear public outcries and displeasure and have often responded to same. May be interesting to see what happens here in this case.
Mark in Az
Hello spambot that goes by the name of soniasweeny, may I ask how many bank accounts/passwords your "moneymaking" site has stolen through that bogus link of yours?