| According to a recent set of articles and blogs, a company called Carrier IQ provides what amounts to a rootkit for cellphones. Cellphone manufacturers, including Nokia, Blackberry, and major Android manufacturers (i.e., Samsung & HTC) install the software, apparently at the request/demand of the carriers.
This software basically is completely hidden from view and in it virtually invisible, and worst of all, rather complicated to kill ... This is given root like rights over the device, which means that it can do everything it pleases and you will have nothing to say about it. Some of the things logged by this software includes:
* your location * when you open an app and what app you open * what media you play and when you play it * when you receive an SMS * when you receive a call * when your screen turns off or on * what keys you press in your phone dialer
The Carrier IQ software sounds like it is highly configurable allowing it to collect a wide range of events (or "intents" as they are called). I'm not sure if the data collection can be modified once the phone is in your hands. Certainly much of this information can already be collected by the carrier by monitoring traffic to your phone, but it is interesting that you phone is configured to collect this information about you.
Also, supposedly all this collected data is sent to a "portal" where tools allow analysts to slice and dice it. However, it wasn't clear to me from this article whether CIQ *could* or *did* ship the collected data off the phone to your carrier.
I wonder if this will cause a brouhaha like Apple's location collection did? I wonder if iOS has this software in it?
The Rootkit Of All Evil – CIQ
More on Carrier IQ
Android Security Test <-- original blog article
Carrier IQ
Todd
|