[olug] [OT]: Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything

Dave Rowe dave at roweware.com
Thu Dec 1 00:59:15 UTC 2011


I don't care about Carrier IQ, they're providing a service to their
client.  I want statements from the carriers as to why they're putting this
on their phones.  Carrier IQ isn't the bad guy here, so much as being the
crony doing the dirty work.

Hopefully Verizon reads these keystrokes.

-Dave
On Nov 30, 2011 6:47 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:

> http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
>
> (page for tool)
> On Nov 30, 2011 6:41 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:
>
> > well, i feel violated.
> > i use ssh on my phone to access several servers...carrierIQ has my login
> > credentials now.
> >
> > a keylogger falls under wiretap laws IMO
> >
> > androidsecuritytest.com seems to be the place to check out.
> > On Nov 30, 2011 6:35 PM, "Christopher Cashell" <topher-olug at zyp.org>
> > wrote:
> >
> >> On Wed, Nov 30, 2011 at 6:07 PM, Dan Linder <dan at linder.org> wrote:
> >> > From what I understand, the "Carrier IQ" tool is the electronic
> >> > version of the Verizion guy who says "Can you hear me now?"  Each time
> >> > your phone drops a call, gets a high rate of errors, etc, this tool
> >> > logs that information and will upload it to the carrier as an
> >> > additional datapoint for their coverage team to use.
> >>
> >> That was my original thought, and how I pretty much wrote off the
> >> concerns, too.  Now, I'm not so sure.  Capturing the full content of
> >> text messages, and web browser searches (performed with HTTPS, over
> >> wifi, with all other radios disabled) by a third-party application
> >> goes way beyond what I'd consider reasonable technical or service
> >> quality data.  The fact that someone has verified that it is capturing
> >> this information, along with a lot more, is very disconcerting.
> >>
> >> > The conspiracy theory side of me says "Yeah, but what else?" and it
> >> > may be true.  Sadly we might never know unless it was made FOSS.
> >>
> >> Not sure if you read the full article or watched the video, but Mr.
> >> Trevor Eckhart has done a pretty thorough analysis of the software's
> >> activity, showing an extent that seems to be very suspicious at best,
> >> and very scary at worst.  If it's logging (and potentially sending) a
> >> google search query performed over HTTPS, is it also logging (and
> >> potentially sending) credit card numbers and other personal
> >> information to them?
> >>
> >> At the very least, this needs further investigation, and should have
> >> an option for disabling (and removing) it.
> >>
> >> > Dan
> >>
> >> --
> >> Christopher
> >> _______________________________________________
> >> OLUG mailing list
> >> OLUG at olug.org
> >> https://lists.olug.org/mailman/listinfo/olug
> >>
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list