Posted 12.01.2011 at 4:02 pm
11 Comments
Smartphones
gillyberlin on Flickr
News regarding Carrier IQ, a third-party service loaded on certain smartphones that's capable of tracking users and even recording keystrokes, has been spreading rapidly in the past few days, though the original discovery happened back in March. The world is still learning more about what the service specifically does, but the latest news is that references to Carrier IQ were found in Apple's iOS, the operating system used by the iPhone and iPad. Here's what you need to know.
WHAT IS CARRIER IQ?
Carrier IQ is a little bit of software installed on the kernel level (meaning, way deep down where users can't really get to it) on many of the most popular smartphones in the country. It's a data collecting tool, essentially, getting to-the-minute information on, as Carrier IQ says, dropped calls, signal strength, battery issues, that kind of thing. The software, it seems, is applied by the wireless carrier (like Sprint or AT&T) rather than the device manufacturers--recent comments from HTC and RIM (makers of BlackBerry) suggest that the manufacturers have nothing to do with this software and even, in the case of RIM, do not approve of it. The software is installed without the user's permission before the phone is bought, and the user is not made aware of its existence.
WHAT'S THE PROBLEM?
We all know our phones are being tracked, in all kinds of ways and by all kinds of people. Sometimes it's for diagnostic purposes, like what Carrier IQ claims they're doing. Sometimes it's for advertisers. Sometimes it's unclear. But what's alarming about Carrier IQ is two things: its power and its lack of transparency.
Carrier IQ claims that their software does not monitor keystrokes--basically, everything you tap into your phone. That would include passwords, browsing history, personal correspondence, text messages, everything. Trevor Eckhart, an XDA developer (XDA is one of the largest online forums for developers working with Android and other platforms) from Connecticut, is the man responsible for discovering Carrier IQ, and in this video, he pretty clearly proves that the software does indeed have the ability to--and does--log your keystrokes. Even worse, it secures a connection to send these logs back to Carrier IQ even if your phone is in airplane mode, which is designed to turn off all wireless connections.
Eckhart posted several videos about Carrier IQ, calling it a "rootkit," a name for software surreptitiously installed on devices that monitors their use without making their presence known. Carrier IQ responded with a cease-and-desist letter (and a damned aggressive one at that--you can read it here (PDF)), though they relented, apologized, and retracted the letter once the Electronic Frontier Foundation came through and defended Eckhart.
The name "rootkit" is not inaccurate; it was only by chance that Eckhart stumbled on the service, which nobody in the press was aware of before he posted his video. It's basically impossible to remove, even for an experienced developer like Eckhart.
IS MY PHONE INFECTED?
Gizmodo has a live updating list of the phones and tablets that are safe, inasmuch as somebody has claimed they are safe. Not to say we don't believe, say, Verizon when they tell us they have never used Carrier IQ, but we are obliged to report that Verizon is the only source telling us facts about Verizon, which makes us sort of reluctant to report them as unassailable facts. Non-Nexus Android phones seem to be at the most risk; Eckhart's original discovery was on an HTC phone running Android, and phones from manufacturers like Samsung have also been found to be using Carrier IQ.
Devices running iOS, like the iPhone and iPad, well, that's a little bit different. An apparently "well-known" iPhone hacker going by the name Chpwn has found references to Carrier IQ deep within the iPhone's internal files. That was verified by The Verge, so we can pretty safely say that Apple does use Carrier IQ. However, it's a very limited form: unlike the Android version Eckhart found, the iPhone version is actually turned off by default, collecting and sending no data at all. As it turns out, it's only in action when an iPhone is in diagnostic mode, which would only be used when a user or repair person is doing some serious work on the phone. Even then, it only seems to record limited information like call quality and broad location, and doesn't track keystrokes at all. So iPhone users are, on the whole, safe from whatever Carrier IQ is doing.
Other platforms are less clear. Carrier IQ seems more dependent on carrier than platform, so even though RIM says it does not use Carrier IQ on its BlackBerrys, that doesn't mean your AT&T or Sprint BlackBerry is Carrier-IQ-free. Microsoft also says its Windows Phones do not come with the software; it's not clear if Windows Phones can have Carrier IQ applied or not.
Eckhart, that inexhaustible developer, created a little program that'll detect if Carrier IQ is installed on your phone. You can download it here. But to fully rid yourself of the rootkit, well, that's not easy. You'll have to root your phone, which (while having some nice benefits of its own, especially for Android users) may violate your terms of service and make your relationship with your wireless carrier a little dicey in terms of future servicing.
SHOULD I PANIC?
Probably not, but that doesn't mean what Carrier IQ, the wireless carriers, and cellphone manufacturers are doing is at all okay. Something like keystroke logging is so sensitive that any service that does it should be glaringly obvious, and, most importantly, turned off by default. Users should always know when what they type isn't private. That being said, despite Carrier IQ's lousy reaction to this whole thing (note to all electronics companies: do not sue hackers), we really don't know what Carrier IQ was being used for, only what it's capable of. It could certainly have been used to track strength of signal related to location, which, fine! That could be helpful! But its lack of transparency and its ability to do some very, very nasty things means that somebody owes some smartphone owners an apology--and a rethinking of privacy policies.
11 Comments
To comment, please Login.
Popular Tags
Gadgets
Regular Features
140 years of Popular Science at your fingertips.
Innovation Challenges
Popular Science+ For iPad
Each issue has been completely reimagined for your iPad. See our amazing new vision for magazines that goes far beyond the printed page
Download Our App
Stay up to date on the latest news of the future of science and technology from your iPhone or Android phone with full articles, images and offline viewing
Follow Us On Twitter
Featuring every article from the magazine and website, plus links from around the Web. Also see our PopSci DIY feed
February 2013: How To Build A Hero
Engineers are racing to build robots that can take the place of rescuers. That story, plus a city that storms can't break and how having fun could lead to breakthrough science.
Also! A leech detective, the solution to America's train-crash problems, the world's fastest baby carriage, and more.
Popular on Popsci
Most Commented
Most Emailed
Online Content Director: Suzanne LaBarre | Email
Senior Editor: Paul Adams | Email
Associate Editor: Dan Nosowitz | Email
Contributing Writers:
Clay Dillow | Email
Rebecca Boyle | Email
Colin Lecher | Email
Emily Elert | Email
Intern:
Shaunacy Ferro | Email
Today on PopSci.com
Copyright © 2012 Popular Science
A Bonnier Corporation Company. All rights reserved. Reproduction in whole or in part without permission is prohibited.
I'm sick of device makers/service providers treating purchased goods still as their property. This, just as in the case of the PS3 hack, is a situation in which even though you paid your hard-earned money for the device you don't technically own it. That in mind, they (be it the manufacturer or service provider) feel free to do what they want on it (like collect private data) without even telling us and the bad part is, the Supreme Court agrees with them. It used to be that you owned what you paid for, and could do as you please with it. We need to get back to that. And I DO NOT want my device usage tracked just out of the mindset that its nobody's business!
I'm wondering if CarrierIQ can be tricked into thinking its established a connection to its home server. In other words, forcing it to dump that data into a non-existent system.
I am so sick of the carriers putting stuff into phones. It should be the makers. I am glad that carrieriq isnt actively in iphone though. It shouldnt be there anyway. I wonder if it can be activated.
-sevykeble
the future is happening so fast that it is now.
how is this not illegal? I mean this is stealing of private data and information...this is THEIFT of OUR private informatioN!! this is essentially ILLEGAL wire tapping...how is this NOT illegal all together!?
"how is this not illegal?"
Funny that you should ask that, Senator Al Franken is currently marching up their lawn and bellowing about wiretapping laws. He seems a bit angry, which is a good thing for everyone who isn't iq.
This is truly sickening. While i understand the need to have monitoring software in limited fashion for quality of service/support purposes, the fact that they were so hush hush about it screams foul play.
And there is never a support/service justification for recording keystrokes.
All the more reason we need more transparency and legislation guarding against the clandestine use of these services.
and @soniasweeney, eat S@#%, go F*&@ yourself, and go F*&@ your italian fraud sites. damn spammers
"Thoughtcrime, they called it."
enjoy ur tracking smartphones, i'll stick to my basic dumbphone, that i rarely even use.
I had Blackberry. Piece of crap fell apart. Went back to a dumbphone. Better call quality, speakerphone, texting. Cheaper rate plan.
It's no one's fault. This is the first generation where so much expensive, ultimately useless stuff has been available to buy. People will look back and see how foolish we were.
MY GAWD!! Isn't there a team of talented and hungry young lawyers out there who can turn this into a class action suit against the carriers, the manufacturers and the oddly named company who came up with this evil little piece of software that they've foisted off on us WITHOUT OUR KNOWLEDGE, of course.
Seems to me that this should be worth a few years worth of cellular bills as a possible settlement to everyone involved.
And as an Apple Stockholder since they went public, you can BET I'll be writing the Board of Directors and everyone/anyone else I know at Apple complaining about the SHAME they have brought on a once-untarnished company that has made a meteoric rise thru the past 25 years from a garage to one of the wealthiest companies in the US. The fact that Apple would put this kind of GARBAGE in their premier product (the iPhone) is taking a financial and moral risk with their reputation and their bank account that they can ill afford to impose on their stockholders! Who in hell approved such CRAP being put into an iPhone, anyway? And why are they not presently unemployed?
Anyone else care to write Apple along with me! They do respond and above all, they do hear public outcries and displeasure and have often responded to same. May be interesting to see what happens here in this case.
Mark in Az
Hello spambot that goes by the name of soniasweeny, may I ask how many bank accounts/passwords your "moneymaking" site has stolen through that bogus link of yours?