[olug] [OT]: Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything

Kevin sharpestmarble at gmail.com
Fri Dec 2 01:23:31 UTC 2011


It isn't on my unrooted Droid Incredible(v1). He says go to
applications and scroll down to Carrier IQ, but I don't have that on
my list. It could be that a rootkit is hiding it, but a search through
my entire filesystem for ciq, carrier iq, or carrieriq using a third
party tool(Astro File Manager) found no instances of any of the three.
I'm not sure it's on here, and therefore I'm not sure that the OP from
Wired is to be trusted. When you make incredible accusations, you
better be able to back them up.

On Wed, Nov 30, 2011 at 19:05, DYNATRON tech <dynatron at gmail.com> wrote:
> it wasn't on my droidx (verizon).
>
> On Nov 30, 2011 6:59 PM, "Dave Rowe" <dave at roweware.com> wrote:
>>
>>
>> Hopefully Verizon reads these keystrokes.
>>
>> -Dave
>
> hopefully?
>
>> On Nov 30, 2011 6:47 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:
>>
>> > http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
>> >
>> > (page for tool)
>> > On Nov 30, 2011 6:41 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:
>> >
>> > > well, i feel violated.
>> > > i use ssh on my phone to access several servers...carrierIQ has my
> login
>> > > credentials now.
>> > >
>> > > a keylogger falls under wiretap laws IMO
>> > >
>> > > androidsecuritytest.com seems to be the place to check out.
>> > > On Nov 30, 2011 6:35 PM, "Christopher Cashell" <topher-olug at zyp.org>
>> > > wrote:
>> > >
>> > >> On Wed, Nov 30, 2011 at 6:07 PM, Dan Linder <dan at linder.org> wrote:
>> > >> > From what I understand, the "Carrier IQ" tool is the electronic
>> > >> > version of the Verizion guy who says "Can you hear me now?"  Each
> time
>> > >> > your phone drops a call, gets a high rate of errors, etc, this tool
>> > >> > logs that information and will upload it to the carrier as an
>> > >> > additional datapoint for their coverage team to use.
>> > >>
>> > >> That was my original thought, and how I pretty much wrote off the
>> > >> concerns, too.  Now, I'm not so sure.  Capturing the full content of
>> > >> text messages, and web browser searches (performed with HTTPS, over
>> > >> wifi, with all other radios disabled) by a third-party application
>> > >> goes way beyond what I'd consider reasonable technical or service
>> > >> quality data.  The fact that someone has verified that it is
> capturing
>> > >> this information, along with a lot more, is very disconcerting.
>> > >>
>> > >> > The conspiracy theory side of me says "Yeah, but what else?" and it
>> > >> > may be true.  Sadly we might never know unless it was made FOSS.
>> > >>
>> > >> Not sure if you read the full article or watched the video, but Mr.
>> > >> Trevor Eckhart has done a pretty thorough analysis of the software's
>> > >> activity, showing an extent that seems to be very suspicious at best,
>> > >> and very scary at worst.  If it's logging (and potentially sending) a
>> > >> google search query performed over HTTPS, is it also logging (and
>> > >> potentially sending) credit card numbers and other personal
>> > >> information to them?
>> > >>
>> > >> At the very least, this needs further investigation, and should have
>> > >> an option for disabling (and removing) it.
>> > >>
>> > >> > Dan
>> > >>
>> > >> --
>> > >> Christopher
>> > >> _______________________________________________
>> > >> OLUG mailing list
>> > >> OLUG at olug.org
>> > >> https://lists.olug.org/mailman/listinfo/olug
>> > >>
>> > >
>> > _______________________________________________
>> > OLUG mailing list
>> > OLUG at olug.org
>> > https://lists.olug.org/mailman/listinfo/olug
>> >
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list