ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

7 questions that Carrier IQ needs to address immediately

By | December 1, 2011, 10:14am PST

Summary: According to Carrier IQ’s website, the rootkit is deployed on over 140 million handsets.

[UPDATE: According to a statement from Apple, the company stopped supporting Carrier IQ with iOS 5.0 on most of its devices, but the iPhone 4 still uses it.]

So it has been revealed that millions of handsets (yes, even the iPhone) have been kitted out with a ‘rootkit‘ that logs out activity on that handset. That ‘rootkit,’ which is called Carrier IQ, is used to supply diagnostic information to the carriers and handset makers.

But it turns out that evidence has emerged that this software is logging all sorts of handset activity, including it seems key presses and the contents of text messages that have are sent or received.

According to Carrier IQ’s website, the rootkit is deployed on over 140 million handsets.

The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart. Here a video in which he presents the case against Carrier IQ. It’s scary stuff:

Carrier IQ have their own video in which they claim that the tool doesn’t record keystrokes and doesn’t provide tracking tools:

Given these mixed messages, Carrier IQ need to address the following questions:

  1. What devices has Carrier IQ been installed on?
  2. Carrier IQ claims the rootkit doesn’t log any data, but Eckhart’s video seems to suggest otherwise - what’s going on here?
  3. What data is being sent back to the carrier/handset maker?
  4. Is the data sent/stored in a way that could identify the handset?
  5. Who has access to this data?
  6. How long is this data kept?
  7. Can users opt out?
At the moment we have deluge of questions and a drought when it comes to answers.

[UPDATE: Senator Al Franken sent an open letter to Carrier IQ’s president and chief executive Larry Lenhart with a whole load of questions of his own.]

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Handset, Carrier, Rootkits, Security, Spyware, Adware & Malware, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
13
Comments
Add Your Opinion

Join the conversation!

Just In

Blind?
rhonin 3rd Dec
@Rikkrdo
Take a second (or third) look.
It has transmit capability apparently.
Then go look at Carrier IQ marketing statement - it confirms it does just that.

plain
View in thread
0 Votes
+ -
It is not Carrier IQ who installs their software on devices, so, actually,
dderss Updated - 1st Dec
... most serious questions have to be addressed to the likes of HTC, LG, Nokia (Nokia now claims it does not use this service), RIM, et cetera -- who agreed to install that software in this criminal form as it is.

They could follow Apple's way -- on their devices this service does not work by default and even when it works it collects only tiny portion of information (basically irrelevant to privacy concerns), comparing to wall-to-wall spying as on many other devices.

So obviously manufacturers knew what they were doing.
0 Votes
+ -
RE: 7 questions that Carrier IQ needs to address immediately
Jimster480 2nd Dec
@dderss Yes but it is not installed by mfg's by handset, its installed by region and carrier. I have already confirmed this personally.
0 Votes
+ -
If by Carrier ....
rhonin Updated - 3rd Dec
@Jimster480
What is the method.
In iOS it appears to be embedded in the OS.
Based on Apples past practice, they would have to do this mayhap at the Carriers request.
0 Votes
+ -
Define by default
rhonin 3rd Dec
@dderss
I have a couple of idevices iOS 4.x
Show me where the opt out is?

On iOS5 there is no mention of CIQ anything, just a plea to help Apple improve its products.
If Apple is no longer using it, why do I have the opt in option?
0 Votes
+ -
RE: 7 questions that Carrier IQ needs to address immediately
phiphi_g 1st Dec
Guess what information is needed for such answers: Some scaring quotes from the website:

??uses data directly from the mobile phone itself to give a precise view of how users interact with both their phones and the services delivered through them, even if the phone is not communicating with the network.??

??See which content they consume, even offline. Identify problems in service delivery, including the inability to connect to the service at all.??

??Get an instant view of performance across the network and compare by geography, tower, user group and a wide range of configurable parameters??
They can divide the users into groups like ??Mainstream Youth??, ??Pioneer Youth??, ??Careerists??
http://www.carrieriq.com/overview/IQInsightExperienceManager/IQINWebExperMgrgraphic.jpg

??Analyze data in real time ??

WTF?? Take that: ?????Task??? phones dynamically over the air to optimise data selection??


??Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies.??

??How do users respond to mobile advertising???

http://www.carrieriq.com/overview/IQInsightExperienceManager/index.htm

OK, I didn't expect that before starting to collect quotes!

Also compare the above to the privacy policy: http://www.carrieriq.com/company/privacy.htm
0 Votes
+ -
RE: 7 questions that Carrier IQ needs to address immediately
hubivedder 1st Dec
Man that Android UI walkthrough is UGLY. Talk about an awful experience.
0 Votes
+ -
to Adrian
Rikkrdo 1st Dec
Adrian Kingsley-Hughes,
Where does the movie show any kind of logging and remote transmission?
It just shows Eckhart using some app called "USB debugging" to show on his Ubuntu console what is happening on the device. Every computer software receives and interprets keystrokes from input devices like keyboards.

Also, why you are posting more about software than about hardware on your blog that has a name of Hardware 2.0? Post more about new hardware pieces than hype histories about software, please.
0 Votes
+ -
Blind?
rhonin 3rd Dec
@Rikkrdo
Take a second (or third) look.
It has transmit capability apparently.
Then go look at Carrier IQ marketing statement - it confirms it does just that.

plain
0 Votes
+ -
RE: 7 questions that Carrier IQ needs to address immediately
Sceptical Observer 1st Dec
Well there goes that lucrative contract they were hoping to get to prepare for SOPA and PIPA along with the riders from the CIA and the NSA....
0 Votes
+ -
And Mark would
Sceptical Observer 1st Dec
ABSOLUTELY LOVE this on the Facebook phone.....
0 Votes
+ -
Carrieriq site
dbell@... 1st Dec
Odd ... their website seems a mite slow in responding. :{)
0 Votes
+ -
Who is "paying" for the data stream?
linux-user 1st Dec
Since 'unlimited data' is disappearing quickly, who is paying for the data stream?

If it being charged to the phone owner, the carrier customer, that's theft. Especially if the phone is being used internationally where data charges are outrageous.

Legitimate network quality control data should go back to the carrier or manufacturer over a channel that is free of charge to the customer, and of course, with the customer's knowledge and consent.

This explains some of the mysterious data overhead that we are being charged for......
0 Votes
+ -
Trevor Eckhart's sloppy diction seems to match his ...
Ngallendou 1st Dec
sloppy view of transparency and democratic process.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix