So, there's a rootkit hidden in millions of cellphones

So, there's a rootkit hidden in millions of cellphones

Summary: Rootkit found in Android, Symbian and even iOS handsets ... but not Windows Phone handsets.

TOPICS: Mobility, Security

[UPDATE: According to a statement from Apple, the company stopped supporting Carrier IQ with iOS 5.0 on most of its devices, but the iPhone 4 still uses it.]

iPhone owners: Here's how to disable the collection of diagnostic information on your handset.

So, it seems that there is a rootkit hidden in millions of Android, Symbian, BlackBerry, webOS and even iOS handset that logs everything we do.


[UPDATE: According to Nokia, 'CarrierIQ does not ship products for any Nokia devices.' RIM has also confirmed that it has never used to installed Carrier IQ on any of its devices. According to HP it 'does not install nor authorize its partners to embed Carrier IQ on its webOS devices.']

The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.

The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart.

Here's a video showing how everything, including text messages and encrypted web searches, are being logged. It's truly horrifying.

NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.

According to Carrier IQ the company is 'not recording keystrokes or providing tracking tools.' The video above seems to suggest otherwise.

When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat.

“Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.”

Like I said earlier, there's a version of Carrier IQ on Apple's iOS, but it doesn't seem to be quite the same and doesn't seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough.

You might have noticed that I didn't list Windows Phone 7 OS earlier. That's because it seems that Windows Phone handsets don't have Carrier IQ installed.

Here's a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ's vice president of marketing explaining how the company sees this as being completely legal.

There are a LOT of unanswered questions. I'm expecting an avalanche of press releases from a lot of carriers and handset makers over the next few days.

Here's a video by Carrier IQ CEO Larry Lenhart describing the benefits of their technology. According to Lenhart, Carrier IQ doesn't record keystrokes and doesn't provide tracking tools:

[UPDATE: Some carriers and makers are already coming out with details.]

[poll id="717"]

[poll id="718"]

What are your thoughts on this?


Topics: Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: So, there's a rootkit hidden in millions of cellphones

    Needs to be gone immediately. I was considering buying an Android phone to replace my iPhone 4, specifically a Samsung Galaxy SII Skyrocket. But I'm not touching an Android phone until this is resolved.
    • Froze it with Titanium Backup

      My Evo is rooted, so I used Titanium Backup to "freeze" HTC IQagent and IQRD. The processes no longer show in OS Monitor.
      • RE: So, there's a rootkit hidden in millions of cellphones


        Freezing those two apps doesn't even come close to removing CIQ. It runs as a native linux service and their are hooks to it in several of the core android system files. Removing it is tedious but possible. If you really want it removed, you need to load a cuistom ROM with CIQ removed from all of the core android files.
      • RE: So, there's a rootkit hidden in millions of cellphones


        Just flash some variety of Cyanogenmod or AOSP ROM - it's also probably quite a bit faster as well.
      • Why is it being termed a RootKit?

        @ all ... why is this being termed a rootkit? to date not ONE person has explained that CIQ or any Teclo or Hacker for that matter can break into your phone with the CIQ software ..

        Hidden? Yes.
        Tracking? Yes.
        Rooted Access to an outsider? No. .. or at least not been explained yet.

        At best, its "Log"ware .. at average levels its Corporate "Spyware" ... and until someone proves they can come back in through CIQ and control your phone ... its not a Rootkit.
    • RE: So, there's a rootkit hidden in millions of cellphones

      @rshol "Rootkit found in Android, Symbian, BlackBerry, webOS and even iOS handsets ??? but not Windows Phone handsets."

      SO youll buy a WP7 instead cuz iPhones too have this..
      • Yeah right....

        @pepe-el-Toro : I'm sure Microsoft didn't put Carrier IQ because there was no port for Windows Embedded Compact 6, rather for being "nice citizens". I'm sure the deal was well underway when this sh**t hit the fan(boyz)...

      • RE: So, there's a rootkit hidden in millions of cellphones

        @pepe-el-Toro I'm sure Microsoft has their own tracking software. Why would they need to hire a third party to do it?
    • RE: So, there's a rootkit hidden in millions of cellphones


      Buy a Windows Phone instead! Nokia is coming to the states in early 2012. Hobble along on your IOS garbage until then or jump ship for one of the nice HTC/Samsung offerings available now.
      • RE: So, there's a rootkit hidden in millions of cellphones iOS actually asks you up front if you want this data collected. If you answer No, then it isn't collected/sent.
    • RE: So, there's a rootkit hidden in millions of cellphones

      @rshol I phone has it too. See AOL today.
      • RE: So, there's a rootkit hidden in millions of cellphones

        @thegreenwizard1 No, modern iPhones (running iOS 5) does not have it. Even the earlier versions of iOS, asked you to opt-in to sending Apple diagnostics, and Apple didn't collect anything like the data being collected by the carriers.
    • Don't buy a locked phone!

      @rshol <br>1. Seriously, don't buy locked phones. <br><br>2. Don't sign contracts with mobile phone service providers that lock you into using just their service.<br><br>I have never trusted the big telecoms providers. The rootkit is put in by the mobile phone service provider to track your activities and ultimately to sell you more stuff. This works alongside an electronic lock that prevents you from using another provider's SIM (subscriber identity module) in your device. <br><br>The service providers we tolerate here in [i]rip-off[/i] Britain are particularly scummy. They fleece their locked-in users up to GBP1.50 (about two bucks US) a minute should you wish to use your mobile phone, say in France or Germany. Actually, I'm gobsmacked that the EU Competition Commission has let them get away with this horrendously uncompetitive practice for so long - but back to the plot...<br><br>My solution is simple. Buy cheap unbranded, unlocked mobile phones from China (dirt cheap via eBay). These are usually quadbanders that will run on any SIM, anywhere on the planet that has a mobile phone mast within a few km. Means you can mix & match your SIMs, so you make you calls at the best price. Also means it is much, much harder for the scumbag telecoms providers to collect any meaningful data about you.<br><br>My current favourite is the waterproof Chinaphone watch phone W818 (google it) - way cooler (and cheaper) than anything Apple makes IMHO. But there are shed loads of others. Stick your current SIM(s) in it and you're free! <br><br>Best wishes, G.
      • RE: So, there's a rootkit hidden in millions of cellphones


        Actually not true now about UK pricing in Europe - prices have been capped by the EU precisely because of the rip off prices.

        Not wishing to sound Xeonphobic do you honestly believe that buying mobile phones on eBay from China is likely to lead to a more secure handset?
      • RE: So, there's a rootkit hidden in millions of cellphones

        @mrgoose International cellphone use is just as bad in USA; a friend of mine returned from a month's vacation to a $1000 phone bill.....
        I also despise the contracts, only got a cellphone when I found a prepaid service that had enough minutes to be usable
      • Never trust a mobile phone service provider...

        @CHaynes. "[i] you honestly believe that buying mobile phones on eBay from China is likely to lead to a more secure handset?[/i]"

        In a word: [b]Yes[/b]. Think about it...

        If you buy a contract phone from a mobile phone service provider, then the provider (or its minions) has physical access to your hardware before supplying it to you. We already know that providers routinely abuse this access by locking your phone exclusively to their services. It would appear from Adrian's article that they frequently also abuse this access in order to install intrusive corporate malware. <br><br>On the other hand, if you buy an unbranded, unlocked generic device from the Far East, mobile phone service providers never have the opportunity physically to tamper with your device. Furthermore, if you decide you no longer wish to do business with any particular provider, then simply swap SIMs and you are rid of them. Also, many countries do not require users to register personal info when initialising an over-the-counter-SIM. Therefore any info collected by the SIM's provider is next to useless anyway.<br><br>WRT the EU thing - it is only very recently that the EU commission has arisen from its pimply backside and addressed the issue of extortionate roaming charges. And its solution is far from ideal. <br><br>It is not a ban on roaming charges <i>per se</i>, merely a "<i>cap</i>". This means that whilst the ruling limits the extent of the rip-off, it does not ban the rip-off altogether. Worse, the fundamental evil where service providers are legally permitted to lock your hardware exclusively to their services has never been addressed. Consequently, roaming charges are still significantly higher for travellers than popping into a local supermarket and picking up a local provider's pay-as-you-go SIM and sticking it into an unlocked phone. And of course, if you travel outside the EU, all proverbial bets are off anyway!<br><br>@redking44 Your pal must have been seriously displeased. From personal experience, I would wager that if he had bought a cheapie unlocked generic phone via eBay and bought local SIM(s) in his country/countries of travel, then is telephony costs would be around a tenth of what he actually spent.

        Best wishes, G.
      • RE: So, there's a rootkit hidden in millions of cellphones


        Thank you for a great post displaying practicality, usefullness and common-sense!

        My opinion is your post displays xenophobia. Didn't you know everything is (somewhat already) manufactured in China? Including Apple, Nokia, Motorola, Microsoft, HP, Dell, you name it... So what effective choices do we have? I reiterate to make my point: [b][u][i]All[/i][/u][/b] Apple products are contract manufactured in Asia (mostly China). So please do not talk about low-Chinese quality here... Unless you imply all Apple products are low quality? Simply google [b]Foxconn[/b] for an example of what and who they manufacture for... Yep, all your Apples, Dells and HPs are made in the same spot by the same people with the same electronic components...

        Blasphemy is an epithet bestowed by superstition upon common sense.
        ~ Robert Green Ingersoll

        Common sense is instinct. Enough of it is Genius.
        ~ George Bernard Shaw

        Common sense is not so common.
        ~ Voltaire[/i]
      • RE: So, there's a rootkit hidden in millions of cellphones

        @mrgoose I guess I'm equally weary, if not more, of shady people tampering with my phone just as I'm weary of phone carriers doing so. What you suggested makes sense, as long as you get your phone from a reputable seller, who in turn gets his/her inventory from reputable sources (i.e. phones have not had malware preinstalled to steal info).

        Also it is not all that practical for average users who knows nothing about checking their phones for malware as such, when they first receive phones from a far-away seller (call me paranoid, but that's what I would do). If a phone is embedded with malware to steal info to begin with, no matter how cheap it is or how much it could save you on the phone bill, it is not worth it IMO...

        In a sense, I guess I take a little comfort in the fact that if it was one of the telecomm companies who screwed me over, I could have some way to go after the corporation. If it was some bad people from out of the country, there would be hardly any way to get them take responsibility of their wrongdoings...
        IT Pixie
    • RE: So, there's a rootkit hidden in millions of cellphones

      @rshol It's not just android.... I knew something like this was going on. The other day I went to dial my phone (it was low on memory) and I noticed it opened an internet connection and sent some data before it would dial. Right then I knew something was up. I figured out a way to block it and tried dialing and got a dialing error, but then the call went through. I googled the error and nobody had figured this out. I was going to put it on the debugger and watch it and see what it did. Glad this guy reported it with evidence. I'm hoping some attorney picks this up and sees CLASS ACTION written all over it. (motorola droid 1)
      • RE: So, there's a rootkit hidden in millions of cellphones

        "I'm hoping some attorney picks this up and sees CLASS ACTION written all over it. "
        No. As pointed out before, the carrier contract you signed specifically waived your right to sue and locked you into binding arbitration.