Carrier-installed ‘Carrier IQ’ spyware found in Android, iOS; should we panic? [video]

Last week, research published by security expert Trevor Eckhart pulled back the veil on Carrier IQ, a suite of what can seemingly be described as spyware pre-installed on a wide range of devices by both carriers and vendors. Eckhart cited a BGR story from September as an early reference to the software, which at that time was thought to be a somewhat benign set of quality-control measures. “Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality,” a Sprint spokesperson told BGR in September. “It collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool.” But Eckhart’s interest was piqued. Read on for more.

UPDATE: Sprint and several vendors have issued statements regarding Carrier IQ, which have been added below. 

The security researcher began to dig, and shortly after publishing his findings, he was hit with a cease and desist order from the company behind the software. Clearly, Eckhart was on to something.

“Carrier IQ (CIQ) sells rootkit software included on many US handsets sold on Sprint, Verizon and more,” Eckhart wrote in a report on his website. “Devices supported include android phones, Blackberries, Nokias, Tablet devices and more.” A rootkit is defined as software that enables access to a device unbeknown to the device’s owner. Carrier IQ defines its own solutions as “Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users.”

With support from the Electronic Frontier Foundation Eckhart was able to convince Carrier IQ to retract its borderline comical cease & desist order, which had initially complained of the researcher’s use of the term “rootkit” to describe its software. Carrier IQ had also demanded that Eckhart remove the company’s manuals from his site, though these documents had previously been available on Carrier IQ’s own website.

What’s the big deal about Carrier IQ? From Eckhart’s report:

From training documents found we get an insight to the Carrier IQ Portal. Devices are displayed to the portal operator by individual phone Equipment ID and Subscriber IDs. The “portal administrator” can put devices into categories and see devices in California that have dropped calls at 5pm.

The down side to all of this is the “portal administrator” is also able to “task” a single phone with a profile containing any combinations of metric and trigger. From leaked training documents we can see that portal operators can view and task metrics by equipment ID, subscriber ID, and more. So instead of seeing dropped calls in California, they now know “Joe Anyone’s” location at any given time, what he is running on his device, keys being pressed, applications being used.

References to the software have reportedly been discovered on Android phones, BlackBerry handsets, Nokia devices and even on the most recent public release of Apple’s iOS software. While Nokia has publicly denied the allegations that Carrier IQ software can be found on its Symbian smartphones, other vendors have remained quiet on the matter. Several carriers have seemingly gone into hiding as well, though Verizon Wireless confirmed on record that none of its handsets contain Carrier IQ’s software.

Eckhart estimates that Carrier IQ’s software is currently installed on more than 141 million handsets, and that was before references were found in Apple’s iOS software.

It is likely still too early to panic, however. Despite the extensive coverage this story has garnered across tech blogs and in the media, it remains unclear exactly what Carrier IQ and its clients are doing with this data. It isn’t even clear what data carriers have access to.

We know Carrier IQ software on Android devices can log anything from usage data and location to key strokes and usage habits, but it has not been determined that this data is sent to carriers regularly or at all. Carrier IQ’s software can theoretically be used as a window through which carriers can spy on users in real-time if they so choose, but whether or not the software is used in this manner is also unclear. Going back to Sprint’s statement to BGR from September, “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool.”

Things do look ominous, however. Geek.com has reportedly found “a potentially significant volume of data being collected” by the software, and Eckhart’s own video shows an alarming amount of data being recorded by Carrier IQ, including keystrokes. Of its monitoring suite, Carrier IQ says simply, “Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain.” The firm goes on to state that it “does not provide real-time data reporting to any customer.”

More information will undoubtedly be brought to light in the coming days and in the meantime, a video of Carrier IQ in action while being monitored by Eckhart follows below.

UPDATE: Sprint on Thursday issued a statement regarding its use of Carrier IQ software:

Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service. We also use the data to understand device performance so we can figure out when issues are occurring. We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool. The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.

Sprint is well known for our serious commitment to respecting and protecting the privacy and security of each customer’s personally identifiable information and other customer data. A key element of this involves communicating with our customers about our information privacy practices. The Sprint privacy policy makes it clear we collect information that includes how a device is functioning and how it is being used. Carrier IQ is an integral part of the Sprint service. Sprint uses Carrier IQ to help maintain our network performance.

Apple supplied the following statement to AllThingsD:

We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

HTC’s statement:

Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier.

It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ. HTC is investigating the option to allow consumers to opt-out of data collection by the Carrier IQ application.

RIM’s statement:

RIM is aware of a recent claim by a security researcher that an application called ‘CarrierIQ’ is installed on mobile devices from multiple vendors without the knowledge or consent of the device users,” the company said in a statement. “RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to CarrierIQ.

Nokia’s statement:

Nokia is aware of inaccurate reports which state that software from CarrierIQ has been found on Nokia devices. CarrierIQ does not ship products for any Nokia devices, so these reports are wrong.

And finally, an excerpt from Carrier IQ’s statement issued last week:

We would like to take this opportunity to reiterate the functionality of Carrier IQ’s software, what it does not do and what it does:

  • Does not record your keystrokes.
  • Does not provide tracking tools.
  • Does not inspect or report on the content of your communications, such as the content of emails and SMSs.
  • Does not provide real-time data reporting to any customer.
  • Finally, we do not sell Carrier IQ data to third parties.

Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain.

Here’s what our software does:

  • Our software makes your phone work better by identifying dropped calls and poor service.
  • Our software identifies problems that impede a phone’s battery life.
  • Our software makes customer service quicker, more accurate, and more efficient.
  • Our software helps quickly identify trending problems to help mobile networks prevent them from becoming more widespread.
blog comments powered by Disqus