Carrier IQ patent outlines keylogging and ability to target individual devices

Diving into the Carrier IQ patent gives us some interesting insights into what the technology might be capable of doing.
Written by Adrian Kingsley-Hughes, Contributing Writer
Unless you've been living in a cave on Mars for the past week then you will have undoubtedly heard of Carrier IQ - a rootkit-like software that's embedded in over 140 million smartphones.

What is Carrier IQ? Well, depending on who you listen to, you get a different story. According to25-year-old Trevor Eckhart, this software has low-level access to the handset and is capable of intercepting key presses, call data, SMS communications and even web activity. However, according to Carrier IQ, the software is a tool used by the carriers to gather data to improve the network.

So what is Carrier IQ designed to do? Well, we don't have any answers to that question at present, but we can get an idea of what Carrier IQ might be used for by taking a look at the patent relating to the technology.

The patent in question is 7,551,922 - Rule based data collection and management in a wireless communications network. There are two sections that are of particular interest.

Page 18, column 12, line 41:

Additionally, because data collection and management system ... allows multiple data collection profiles and data analysis activities to be performed simultaneously, a particular device may be targeted to execute multiple data collection profiles. Therefore, target device database ... tracks the data collection activity occurring on the devices and maintains detailed information about the specific data collection profiles that are active on the devices. In doing so it can detect and resolve any contention or prioritization issues by adjusting the population of target devices selected.

Here, the patent seems to be describing a mechanism that allows a specific devices to be targeted with collection profiles that can be changed on the fly at any time.

Page 19, column 13, line 12:

The queries may be structured in such a way that performance information is gathered about the effect of a simple activity, such as a button press by the user, or information may be gathered about more complex transactions that involve multiple network layers, such as the physical layer, network layer, transport layer and application layer. In particular, the target wireless devices have software stacks that communicate with various network layers of the communications network.

Here the patent is describing the keylogging and data collection capability of the technology.

While the patent doesn't tell us what Carrier IQ is actually doing on user's handsets, it does give us an insight into what it might be capable of doing. If nothing else, I feel that smartphone owners are entitled to have a clear explanation of what Carrier IQ is capable of doing, and have the option to disable all data collection.

Many thanks to tipster Micah for sending this one in!


Editorial standards