So, there's a rootkit hidden in millions of cellphones
Summary: Rootkit found in Android, Symbian and even iOS handsets ... but not Windows Phone handsets.
[UPDATE: According to a statement from Apple, the company stopped supporting Carrier IQ with iOS 5.0 on most of its devices, but the iPhone 4 still uses it.]
iPhone owners: Here's how to disable the collection of diagnostic information on your handset.
So, it seems that there is a rootkit hidden in millions of Android, Symbian, BlackBerry, webOS and even iOS handset that logs everything we do.
WHAT?!?!?!
[UPDATE: According to Nokia, 'CarrierIQ does not ship products for any Nokia devices.' RIM has also confirmed that it has never used to installed Carrier IQ on any of its devices. According to HP it 'does not install nor authorize its partners to embed Carrier IQ on its webOS devices.']
The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.
The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart.
Here's a video showing how everything, including text messages and encrypted web searches, are being logged. It's truly horrifying.
NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.
According to Carrier IQ the company is 'not recording keystrokes or providing tracking tools.' The video above seems to suggest otherwise.
When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat.
“Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.”
Like I said earlier, there's a version of Carrier IQ on Apple's iOS, but it doesn't seem to be quite the same and doesn't seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough.
You might have noticed that I didn't list Windows Phone 7 OS earlier. That's because it seems that Windows Phone handsets don't have Carrier IQ installed.
Here's a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ's vice president of marketing explaining how the company sees this as being completely legal.
There are a LOT of unanswered questions. I'm expecting an avalanche of press releases from a lot of carriers and handset makers over the next few days.
Here's a video by Carrier IQ CEO Larry Lenhart describing the benefits of their technology. According to Lenhart, Carrier IQ doesn't record keystrokes and doesn't provide tracking tools:
[UPDATE: Some carriers and makers are already coming out with details.]
[poll id="717"]
[poll id="718"]
What are your thoughts on this?
Related:
- Android bloatware results in serious security flaws
- How to disable the Carrier IQ 'rootkit' on your iPhone
- CarrierIQ: Follow the money and it is the carriers behind it
- Finding and cleaning out your smartphone’s Carrier IQ poison
- Senator demands answers over Carrier IQ mobile phone tracking
- Zack Whittaker: Which phones, networks run Carrier IQ mobile tracking software?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: So, there's a rootkit hidden in millions of cellphones
Froze it with Titanium Backup
RE: So, there's a rootkit hidden in millions of cellphones
Freezing those two apps doesn't even come close to removing CIQ. It runs as a native linux service and their are hooks to it in several of the core android system files. Removing it is tedious but possible. If you really want it removed, you need to load a cuistom ROM with CIQ removed from all of the core android files.
RE: So, there's a rootkit hidden in millions of cellphones
Just flash some variety of Cyanogenmod or AOSP ROM - it's also probably quite a bit faster as well.
Why is it being termed a RootKit?
Hidden? Yes.
Tracking? Yes.
Rooted Access to an outsider? No. .. or at least not been explained yet.
At best, its "Log"ware .. at average levels its Corporate "Spyware" ... and until someone proves they can come back in through CIQ and control your phone ... its not a Rootkit.
RE: So, there's a rootkit hidden in millions of cellphones
SO youll buy a WP7 instead cuz iPhones too have this..
Yeah right....
Pepe-el-Toro-es-innocente!!!!
RE: So, there's a rootkit hidden in millions of cellphones
RE: So, there's a rootkit hidden in millions of cellphones
Buy a Windows Phone instead! Nokia is coming to the states in early 2012. Hobble along on your IOS garbage until then or jump ship for one of the nice HTC/Samsung offerings available now.
RE: So, there's a rootkit hidden in millions of cellphones
RE: So, there's a rootkit hidden in millions of cellphones
RE: So, there's a rootkit hidden in millions of cellphones
Don't buy a locked phone!
RE: So, there's a rootkit hidden in millions of cellphones
Actually not true now about UK pricing in Europe - prices have been capped by the EU precisely because of the rip off prices.
Not wishing to sound Xeonphobic do you honestly believe that buying mobile phones on eBay from China is likely to lead to a more secure handset?
RE: So, there's a rootkit hidden in millions of cellphones
I also despise the contracts, only got a cellphone when I found a prepaid service that had enough minutes to be usable
Never trust a mobile phone service provider...
In a word: [b]Yes[/b]. Think about it...
If you buy a contract phone from a mobile phone service provider, then the provider (or its minions) has physical access to your hardware before supplying it to you. We already know that providers routinely abuse this access by locking your phone exclusively to their services. It would appear from Adrian's article that they frequently also abuse this access in order to install intrusive corporate malware. <br><br>On the other hand, if you buy an unbranded, unlocked generic device from the Far East, mobile phone service providers never have the opportunity physically to tamper with your device. Furthermore, if you decide you no longer wish to do business with any particular provider, then simply swap SIMs and you are rid of them. Also, many countries do not require users to register personal info when initialising an over-the-counter-SIM. Therefore any info collected by the SIM's provider is next to useless anyway.<br><br>WRT the EU thing - it is only very recently that the EU commission has arisen from its pimply backside and addressed the issue of extortionate roaming charges. And its solution is far from ideal. <br><br>It is not a ban on roaming charges <i>per se</i>, merely a "<i>cap</i>". This means that whilst the ruling limits the extent of the rip-off, it does not ban the rip-off altogether. Worse, the fundamental evil where service providers are legally permitted to lock your hardware exclusively to their services has never been addressed. Consequently, roaming charges are still significantly higher for travellers than popping into a local supermarket and picking up a local provider's pay-as-you-go SIM and sticking it into an unlocked phone. And of course, if you travel outside the EU, all proverbial bets are off anyway!<br><br>@redking44 Your pal must have been seriously displeased. From personal experience, I would wager that if he had bought a cheapie unlocked generic phone via eBay and bought local SIM(s) in his country/countries of travel, then is telephony costs would be around a tenth of what he actually spent.
Best wishes, G.
RE: So, there's a rootkit hidden in millions of cellphones
Thank you for a great post displaying practicality, usefullness and common-sense!
@CHaynes
My opinion is your post displays xenophobia. Didn't you know everything is (somewhat already) manufactured in China? Including Apple, Nokia, Motorola, Microsoft, HP, Dell, you name it... So what effective choices do we have? I reiterate to make my point: [b][u][i]All[/i][/u][/b] Apple products are contract manufactured in Asia (mostly China). So please do not talk about low-Chinese quality here... Unless you imply all Apple products are low quality? Simply google [b]Foxconn[/b] for an example of what and who they manufacture for... Yep, all your Apples, Dells and HPs are made in the same spot by the same people with the same electronic components...
[i]~~~~~~~~~~
Blasphemy is an epithet bestowed by superstition upon common sense.
~ Robert Green Ingersoll
Common sense is instinct. Enough of it is Genius.
~ George Bernard Shaw
Common sense is not so common.
~ Voltaire[/i]
RE: So, there's a rootkit hidden in millions of cellphones
Also it is not all that practical for average users who knows nothing about checking their phones for malware as such, when they first receive phones from a far-away seller (call me paranoid, but that's what I would do). If a phone is embedded with malware to steal info to begin with, no matter how cheap it is or how much it could save you on the phone bill, it is not worth it IMO...
In a sense, I guess I take a little comfort in the fact that if it was one of the telecomm companies who screwed me over, I could have some way to go after the corporation. If it was some bad people from out of the country, there would be hardly any way to get them take responsibility of their wrongdoings...
RE: So, there's a rootkit hidden in millions of cellphones
RE: So, there's a rootkit hidden in millions of cellphones
No. As pointed out before, the carrier contract you signed specifically waived your right to sue and locked you into binding arbitration.