[UPDATE: According to a statement from Apple, the company stopped supporting Carrier IQ with iOS 5.0 on most of its devices, but the iPhone 4 still uses it.]
So, it seems that there is a rootkit hidden in millions of Android, Symbian, BlackBerry, webOS and even iOS handset that logs everything we do.
[UPDATE: According to Nokia, 'CarrierIQ does not ship products for any Nokia devices.' RIM has also confirmed that it has never used to installed Carrier IQ on any of its devices. According to HP it 'does not install nor authorize its partners to embed Carrier IQ on its webOS devices.']
The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.
The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart.
Here's a video showing how everything, including text messages and encrypted web searches, are being logged. It's truly horrifying.
NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.
According to Carrier IQ the company is 'not recording keystrokes or providing tracking tools.' The video above seems to suggest otherwise.
When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat.
“Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.”
Like I said earlier, there's a version of Carrier IQ on Apple's iOS, but it doesn't seem to be quite the same and doesn't seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough.
You might have noticed that I didn't list Windows Phone 7 OS earlier. That's because it seems that Windows Phone handsets don't have Carrier IQ installed.
Here's a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ's vice president of marketing explaining how the company sees this as being completely legal.
There are a LOT of unanswered questions. I'm expecting an avalanche of press releases from a lot of carriers and handset makers over the next few days.
Here's a video by Carrier IQ CEO Larry Lenhart describing the benefits of their technology. According to Lenhart, Carrier IQ doesn't record keystrokes and doesn't provide tracking tools:
[UPDATE: Some carriers and makers are already coming out with details.]
What are your thoughts on this?
- Android bloatware results in serious security flaws
- How to disable the Carrier IQ 'rootkit' on your iPhone
- CarrierIQ: Follow the money and it is the carriers behind it
- Finding and cleaning out your smartphone’s Carrier IQ poison
- Senator demands answers over Carrier IQ mobile phone tracking
- Zack Whittaker: Which phones, networks run Carrier IQ mobile tracking software?