E90Post
 


 
BMW 3-Series (E90 E92) Forum > BIMMERPOST Universal Forums > Off-Topic Discussions Board > Android handsets secretly logging keystrokes, SMS messages?



Reply
 
Thread Tools Search this Thread
      11-30-2011, 10:28 PM   #1
-=Hot|Ice=-
Been There, Done That.
-=Hot|Ice=-'s Avatar
United_States
702
Rep
4,728
Posts

Drives: 2013 BMW M3
Join Date: Jan 2008
Location: Maryland

iTrader: (0)

Android handsets secretly logging keystrokes, SMS messages?




Quote:
Your Android-based smartphone could be watching just about everything you do, Android security researcher Trevor Eckhart argues in a video posted earlier this week.
In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.
Eckhart started making waves across the privacy community earlier this month after he dug into software developed by Carrier IQ that, he said, runs behind the scenes in Android-based devices to track what users are doing. Eckhart called the software a "rootkit," due to its ability to access device data while concealing its presence.
As one might expect, Carrier IQ took offense to Eckhart's claim, saying that its software is a "diagnostic tool" for companies to "improve the quality of the network, understand device issues, and ultimately improve the user experience." The company also sent Eckhart a cease-and-desist letter and demanded he issue an apology for calling its software a rootkit.
Related Links
Android researcher: Carrier IQ 'diagnostic' tool really a rootkit spy
Carrier IQ apologizes, drops threat to security researcher
CNET's roundup of the best Android phones
Just days later, Carrier IQ did an about face after the Electronic Frontier Foundation responded to its cease-and-desist letter, saying that Eckhart's comments and research are protected under the Copyright Act's fair use provision.
"Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company said in response to the EFF's letter. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
However, Carrier IQ also took the opportunity to clarify what its software doesn't do, including record keystrokes, provide tracking tools, or inspect "the content of e-mails and SMSs." The company also argued that its software does not "provide real-time data reporting to any customer."
But Eckhart's new video seems to refute at least some of those claims. In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS.
"The Carrier IQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings," Eckhart wrote in a blog post. "HTTPs data is the only thing protecting much of the 'secure' Internet. Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above--and can be seen going into the Carrier IQ application."
"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code."
--Trevor Eckhart, Android security researcher
Perhaps most troublesome is that users don't know where their information is going or how it's being used. Earlier this month, Sprint told CNET that it's a Carrier IQ customer, but rejected any notion that it's peering into users' personal data.
"Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service," Sprint told CNET. "We also use the data to understand device performance so we can figure out when issues are occurring."
"We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool," Sprint continued.
But for many handset owners, that might not be enough. So, surely they can turn off the software and stop the tracking, right? Think again, says Eckhart.
"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code," he says. "This is only possible for a user with advanced skills and a fully unlocked device. Even where a device is out of contract, there is no off switch to stop the application from gathering data."
Although Eckhart's data comes from Android devices, it's worth noting that Carrier IQ's software is running on over 130 million mobile devices worldwide, including those made by Nokia and Research In Motion.
Carrier IQ declined CNET's request for comment.
Android handsets secretly logging keystrokes, SMS messages? | The Digital Home - CNET News
__________________
Quote:
Originally Posted by Jaypod View Post
You sound like my buddies who have AMG's - Slam the gas, slam the brakes...
Appreciate 0
      11-30-2011, 11:01 PM   #2
Greenkirby21
Vrooom :)
Greenkirby21's Avatar
United_States
329
Rep
2,597
Posts

Drives: C7 Stringray
Join Date: Jun 2010
Location: Dream Land

iTrader: (1)

yay now android fanboys can't be making fun of my iPhone and being OMG UR BEING TRACKED!!! APPLE SUXXX.
__________________
2014 C7 Corvette Stringray - Laguna Blue - NPP Exhaust - Competition Seats
Appreciate 0
      11-30-2011, 11:07 PM   #3
BTM
Banned
United_States
499
Rep
10,309
Posts

Drives: A///MERICAN!!!
Join Date: Mar 2010
Location: A///MERICA!!!

iTrader: (11)

Garage List
blackberry
Appreciate 0
      11-30-2011, 11:25 PM   #4
BMWinNorthdakota
Banned
254
Rep
1,106
Posts

Drives: 2007 bmw 335i e90
Join Date: Jun 2009
Location: Fargo ND

iTrader: (0)

pretty sure I saw blackberries being used in some of the screenplay on some major network...not that that means anything


Someone read up on this, I actually thought about you guys and knew someone would have a thread up on this. I want to know more. Kinda freaks me out
Appreciate 0
      12-01-2011, 12:27 AM   #5
stylinexpat
Major
stylinexpat's Avatar
428
Rep
1,427
Posts

Drives:
Join Date: Aug 2008

iTrader: (0)

Quote:
Originally Posted by BTM View Post
blackberry
http://www.khaleejtimes.com/Displaya..._December1.xml

Blackberry included
Appreciate 0
      12-01-2011, 12:43 AM   #6
M3Bahn
Lieutenant
M3Bahn's Avatar
329
Rep
483
Posts

Drives: M3
Join Date: Mar 2011
Location: ATL

iTrader: (0)

The Rootkit Of All Evil – CIQ

http://www.xda-developers.com/androi...-all-evil-ciq/
__________________
The journey is the reward.
Appreciate 0
      12-01-2011, 12:55 AM   #7
stylinexpat
Major
stylinexpat's Avatar
428
Rep
1,427
Posts

Drives:
Join Date: Aug 2008

iTrader: (0)

I bet that Carrier IQ is linked to Google dashboard in one way or another.
Appreciate 0
      12-01-2011, 01:29 AM   #8
RnmEvo9
Banned
250
Rep
1,827
Posts

Drives: 2007 335i
Join Date: Apr 2011
Location: Pembroke Pines, FL

iTrader: (2)

Is that only on Sprint phones? Because on my AT&T Galaxy S2, I don't see that application running at all.
Appreciate 0
      12-01-2011, 01:29 AM   #9
stylinexpat
Major
stylinexpat's Avatar
428
Rep
1,427
Posts

Drives:
Join Date: Aug 2008

iTrader: (0)

Quote:
Originally Posted by M3Bahn View Post

From that link I found this..

http://www.xda-developers.com/androi...iq-sues-treve/
Appreciate 0
      12-01-2011, 01:50 AM   #10
-=Hot|Ice=-
Been There, Done That.
-=Hot|Ice=-'s Avatar
United_States
702
Rep
4,728
Posts

Drives: 2013 BMW M3
Join Date: Jan 2008
Location: Maryland

iTrader: (0)

I'm still trying to find it on my SGS II. I'm also trying to find the removal kit.
__________________
Quote:
Originally Posted by Jaypod View Post
You sound like my buddies who have AMG's - Slam the gas, slam the brakes...
Appreciate 0
      12-01-2011, 04:05 AM   #11
stylinexpat
Major
stylinexpat's Avatar
428
Rep
1,427
Posts

Drives:
Join Date: Aug 2008

iTrader: (0)

http://www.theverge.com/2011/12/1/26...do-not-include
Appreciate 0
      12-01-2011, 04:15 AM   #12
Bimmer84
Guardian of the Night
Bimmer84's Avatar
United_States
111
Rep
1,831
Posts

Drives: 2010 335i M Sport Coupe
Join Date: Oct 2010
Location: San Antonio

iTrader: (5)

Garage List
2010 335i E92  [7.50]
How is the battery life on your S2s? I bought mine the other day and it seems to die extremely fast if I don't use Advanced Task Killer frequently. I played a game on the plane the other day for about 45 minutes close to a full charge, and about an hour or so after that I had to shut my phone off because I kept getting critical battery messages...
__________________
2010 335i M Sport Coupe -- Black Sapphire Metallic|Coral Red|Loaded|JB4 Stage 3|BMS DCI|VRSF DPs|Camaross 6k AE|Performance Gloss Black Grilles|CF Performance Spoiler|CF Quad Diffuser|Double Layer Black Chrome Quad Tips|CF Roundels|Smoked Reflectors|Red Cyba Scoops|193s Painted Lamborghini Metallic Dark Gray
Appreciate 0
      12-01-2011, 08:13 AM   #13
M3Bahn
Lieutenant
M3Bahn's Avatar
329
Rep
483
Posts

Drives: M3
Join Date: Mar 2011
Location: ATL

iTrader: (0)

Quote:
Originally Posted by RnmEvo9 View Post
Is that only on Sprint phones? Because on my AT&T Galaxy S2, I don't see that application running at all.
That is the whole point, it runs secretly in background, you have to specifically look for it.

Quote:
How to Tell If It's Running On Your Phone

Right now, Android users are the only ones able to detect and remove the program (score one for openness). However, depending on your phone, you may have to be rooted to do so. Once rooted, running the "CIQ Checks" task in this app on XDA will tell you whether it's running on your system. On HTC phones, you can also search for the app in Settings > Applications as described in the video above, but using the Logging Checker app is the most reliable way to check.

Note also that if you're running an Android Open Source Project (AOSP) based ROM—like CyanogenMod—you do not have Carrier IQ installed on your system. These apps are based on the original, open source version of Android, and don't include any carrier or manufacturer additions like Carrier IQ. If you're using a modded version of your manufacturer's ROM, however—for example, a modded HTC Sense or Samsung TouchWiz ROM—you could still have it installed. To avoid this, either flash AOSP based ROMs, or flash ROMs with Carrier IQ specifically removed (many will say NOCIQ or something similar on their description pages).
http://lifehacker.com/5863895/carrie...w-to-remove-it
__________________
The journey is the reward.
Appreciate 0
      12-01-2011, 08:16 AM   #14
M3Bahn
Lieutenant
M3Bahn's Avatar
329
Rep
483
Posts

Drives: M3
Join Date: Mar 2011
Location: ATL

iTrader: (0)

Quote:
Originally Posted by Bimmer84 View Post
How is the battery life on your S2s? I bought mine the other day and it seems to die extremely fast if I don't use Advanced Task Killer frequently. I played a game on the plane the other day for about 45 minutes close to a full charge, and about an hour or so after that I had to shut my phone off because I kept getting critical battery messages...
It's ok, depends on if I'm gaming and on screen brightness setting.
I think it will get better after I root it.
__________________
The journey is the reward.
Appreciate 0
      12-01-2011, 01:01 PM   #15
-=Hot|Ice=-
Been There, Done That.
-=Hot|Ice=-'s Avatar
United_States
702
Rep
4,728
Posts

Drives: 2013 BMW M3
Join Date: Jan 2008
Location: Maryland

iTrader: (0)

What's retarded is the fact that it's baked into the OS so you have to be pretty good with code to be able to remove it.
__________________
Quote:
Originally Posted by Jaypod View Post
You sound like my buddies who have AMG's - Slam the gas, slam the brakes...
Appreciate 0
      12-01-2011, 01:30 PM   #16
stylinexpat
Major
stylinexpat's Avatar
428
Rep
1,427
Posts

Drives:
Join Date: Aug 2008

iTrader: (0)

We want this crap removed!

http://www.xda-developers.com/androi...alk-about-ciq/
Appreciate 0
      12-01-2011, 01:36 PM   #17
-=Hot|Ice=-
Been There, Done That.
-=Hot|Ice=-'s Avatar
United_States
702
Rep
4,728
Posts

Drives: 2013 BMW M3
Join Date: Jan 2008
Location: Maryland

iTrader: (0)

Amen to that. This ish needs to be removed.
__________________
Quote:
Originally Posted by Jaypod View Post
You sound like my buddies who have AMG's - Slam the gas, slam the brakes...
Appreciate 0
      12-01-2011, 01:42 PM   #18
stylinexpat
Major
stylinexpat's Avatar
428
Rep
1,427
Posts

Drives:
Join Date: Aug 2008

iTrader: (0)

Good old Apple..

Settings -> General -> About -> Diagnostics & Usage -> Don't Send
Appreciate 0
      12-01-2011, 01:44 PM   #19
-=Hot|Ice=-
Been There, Done That.
-=Hot|Ice=-'s Avatar
United_States
702
Rep
4,728
Posts

Drives: 2013 BMW M3
Join Date: Jan 2008
Location: Maryland

iTrader: (0)

Quote:
Originally Posted by stylinexpat View Post
Good old Apple..

Settings -> General -> About -> Diagnostics & Usage -> Don't Send
You don't have that for Android devices.
__________________
Quote:
Originally Posted by Jaypod View Post
You sound like my buddies who have AMG's - Slam the gas, slam the brakes...
Appreciate 0
      12-01-2011, 01:45 PM   #20
M3Bahn
Lieutenant
M3Bahn's Avatar
329
Rep
483
Posts

Drives: M3
Join Date: Mar 2011
Location: ATL

iTrader: (0)

Quote:
Originally Posted by stylinexpat View Post
The problem is... you always run the risk of bricking your phone when rooting it and then you are sol.
__________________
The journey is the reward.
Appreciate 0
      12-01-2011, 08:47 PM   #21
jpsum
Major
jpsum's Avatar
United_States
286
Rep
1,088
Posts

Drives: 2010 TSX
Join Date: Dec 2008
Location: New Haven area

iTrader: (4)

If you have a Verizon phone, you are safe from CIQ.
Appreciate 0
      12-01-2011, 08:50 PM   #22
M3Bahn
Lieutenant
M3Bahn's Avatar
329
Rep
483
Posts

Drives: M3
Join Date: Mar 2011
Location: ATL

iTrader: (0)

Quote:
Originally Posted by stylinexpat View Post
I bet that Carrier IQ is linked to Google dashboard in one way or another.
I bet the NSA owns CIQ.

__________________
The journey is the reward.
Appreciate 0
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 08:39 PM.




e90post
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST