Image via CrunchBase
I first took attention to Carrier IQ when it was discovered by custom ROM developers for the phone I personally have; the Sprint Epic4G made by Samsung. The device is part of the massively popular Galaxy S line of Android-powered devices that virtually every major cellular carrier in the world sells. Around June, it was discovered that this software records virtually everything a user does with their phone from each screen-tap to every site they visit to recording audio and even the physical orientation of the device itself.
A thread (which I now cannot find on XDA-Developers) outlined this “middleware” and it was surmised that individual Carriers like Sprint used it solely for coverage and troubleshooting issues. An effort was undertaken to remove this software from the Android Linux kernel as it was discovered to hinder the device’s performance. Developers notably had a very difficult time removing Carrier IQ, but managed to eventually remove it for their custom Android ROMs.
Fast forward to Fall of 2011 where a developer named Trevor Eckhart decided to look into Carrier IQ a bit deeper and found that Carrier IQ was essentially a rootkit and actually recorded almost all actions performed with a device it was installed on and phoned home with that information. He has released a video showing proof of Carrier IQ recording his location with location turned off, un-encrypted HTTPS streams, all SMS messages sent/received, and even EVERY touch of the device screen he makes.
Essentially what everything boils down to is that carriers can spy on literally everything you do with your phone. This is obviously a blatant violation of privacy rights and repercussions are sure to come. Developing…
Related articles
- Carrier IQ Rootkit Reportedly Logs Everything On Millions Of Phones (pcworld.com)
- You Can Test Your Android For Carrier IQ (Sort Of) [Carrier Iq] (gizmodo.com)
- People Are Freaking Out About Carrier IQ, The Hidden Smartphone Program That Tracks Everything You Do (businessinsider.com)
- Carrier IQ: How To Find It, And How To Deal With It – TechCrunch (techcrunch.com)
- Silicon Alley Insider: RIM: We Do Not Authorize Carrier IQ On BlackBerry Phones (RIMM) (businessinsider.com)
- Verizon: No CarrierIQ, No way (gigaom.com)
- So, there’s a rootkit hidden in millions of cellphones (zdnet.com)
- Phone ‘Rootkit’ Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases (textually.org)
“Be careful when you fight the monsters, lest you become one.” -Friedrich Nietzsche
The developers of popular Mozilla extension AdBlock Plus had been receiving bug reports of “issues” with another popular extension, NoScript, after an update was issued by the developer of the script-blocking software. The AdBlock Plus developers decided to take a look into what was wrong and found something extremely disturbing. The 1.9.2 update of NoScript had incorporated an obfuscated piece of code that actually made changes to AdBlock Plus to allow for ads on the NoScipt and related sites to be shown. In otherwords, it does what a viruses and other malware does to antivirus software only in reverse; instead of blocking access to update sites, it forced AdBlock Plus to allow ads to be shown for the developer’s site explicitly. This most likely would have flown under the radar had it not completely broken Adblock Plus and get caught doing unethical things to other software for self-interest. The issue snowballed when the issue made it to Reddit and caused an outrage amongst faithful users of both extensions. To make things worse, the developer only slightly backtracked; allowing the user to allow or disallow the code modification upon installation of NoScript. The developer eventually removed the code completely in version 1.9.2.6, but not without severely impacting user opinion of the software and spurring discussion of a policy change regarding Mozilla Extensions.
More after the jump.
