Carrier IQ: A privacy tempest of what size?

Topic

New Reply

I don’t think the Carrier IQ lawsuits have a leg to stand on.Details in my Windows Secrets Newsletter Top Story.
[See the full post at: Carrier IQ: A privacy tempest of what size?]

Reply | Quote

Replies

First off, I had been following Trevor’s work on the XDA Developers web forum for some time, and thus CIQ controversy even before it began. He never intended to turn this into a 3 ring circus! His original intent, was to try and help make our HTC EVO 3D phones as efficient as possible. Meaning, looking for ways to cut down battery drain, retain system resources for better use, and cut out any unnecessary bandwidth from being used. It was while doing this, digging deep into the Android OS, and HTC Sense, that he began to discover that CIQ was hidden on our phones, buried deep inside it, and entrenched into nearly every aspect of the OS. And unlike on some other phones, we did not have any choice to opt out.

But now to another matter that you seemed to have missed! All the data collected by CIQ is OUT IN THE OPEN. None of it is encrypted at all. So any nefarious hacker can just jack into a CIQ “infected” phone, and right out in the open are your user name and passwords for everything! And considering that many banks now have Android native apps for on-line banking, the hacker now owns your account. CIQ did not even bother to encrypt the data on your phone that it is storing. Nor, do I believe, that the data CIQ sends “home” is encrypted as well. So no matter how you look at the CIQ controversy, you do have to see it as a ticking (spyware/malware) time bomb just waiting to ruin your life.

Reply | Quote

I was stunned when I ready your characterization CIQ is not a rootkit. How is this different from Sony’s DRM root kit? many of the characterisitcs (quoted below) are shared between both programs. Pray tell, what is your definition of a root kit?

Quoting your article “Carrier IQ program doesn’t act like a normal program. It doesn’t show up on the app screens. It starts whenever the phone is turned on, and you can’t turn it off by using commands such as Android’s Forced Stop option. You can’t delete the program, either. In fact, unless you’ve rooted your phone (hacked it to gain control over the operating system), you won’t even see Carrier IQ running.”

Reply | Quote

@Bob –

A rootkit provides ongoing access to the kernel “root” level of the machine. It looks like CIQ was scanning, then discarding, keystrokes. That isn’t the same thing as a rootkit.

I agree that there should be better notification and an up-front ability to opt out.

Reply | Quote

Not to mention the problems posed by having all the data and data streams unencrypted. These data streams are not protected by the federal Wire Tap Act.

Reply | Quote