Your smartphone may be spying on you

Software installed in millions of smartphones can record your every keystroke and provide the information to your carrier, a new video says.

By Karen Datko Nov 30, 2011 7:32PM

Updated Dec. 1, 2011, at 1:42 p.m. ET

 

A security researcher's new video demonstrates how secret software -- installed on 140 million smartphones -- can keep a record of what you key into the device. 

 

Here's the heart of the matter, as described by Gerry Smith on The Huffington Post:

In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software -- known as Carrier IQ -- logs every text message, Google search and phone number typed on a wide variety of smart phones -- including HTC, Blackberry, Nokia and others -- and reports them to the mobile phone carrier.
The application, which is labeled on Eckhart's HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "HTTPS," Eckhart said.

According to Eckhart, you can't easily turn this off. You would have to root the phone and replace the operating system, Wired says. (This article at Lifehacker explains what to do.)

 

Carrier IQ said the software is for "gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life." In other words, finding ways to make your smartphone experience better. (You can read the company's full statement here in a .pdf file.)

However, Wired says:

The company denies its software logs keystrokes. Eckhart's 17-minute video clearly undercuts that claim.

The keystrokes were recorded even when the phone was in airplane mode or using Wi-Fi. Post continues below.

Earlier this month, the company threatened Eckhart with legal action after his initial disclosures about the software, but it apologized (.pdf file) after the Electronic Frontier Foundation got involved.

 

The company did not immediately respond to many requests for comment from tech blogs. Condemnation of the practice and wireless companies that have allowed it has been intense. Joel Hruska wrote at ExtremeTech:

If ever a privacy issue deserved to explode in the faces of those responsible, this one does. The degree of data collection goes far, far beyond any claim to collect anonymous usage information or statistics on dropped calls. There's no reason for the software to even parse the content of SMS data or to log web searches in plain text, much less to report every button press.

Meanwhile, more information has emerged about how widespread the software is. The Washington Post reports: "In a Twitter message, Verizon spokesman Jeffrey Nelson said that the program is not present on any Verizon devices; Nokia has made a similar statement to The Verge."

 

RIM said in a statement: "RIM does not pre-install the Carrier IQ app on BlackBerry smartphones or authorize its carrier partners to install the Carrier IQ app before sales or distribution."

 

The Verge also said that "we've just learned some interesting news from an extremely reliable source: the Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom tablet do not contain Carrier IQ software."

 

It reportedly is on iPhones, "but it seems to be active only when the device is in diagnostic mode," Stan Schroeder wrote at Mashable.

 

If Eckhart's findings are correct, what's being done with the information? Don Reisinger emphasized that issue at CNET:

Perhaps most troublesome is that users don't know where their information is going or how it's being used. Earlier this month, Sprint told CNET that it's a Carrier IQ customer, but rejected any notion that it's peering into users' personal data.

A class-action lawsuit over privacy violations will no doubt result, a University of Colorado law professor told Andy Greenberg at Forbes.

 

You don't need to be a conspiracy theorist to worry about the limits to privacy these days. This software was included in Wired's Thanksgiving Day post, "9 reasons Wired readers should wear tinfoil hats" -- or become more concerned about privacy issues.

 

Another of those nine reasons was:

The government refuses to acknowledge whether the National Security Agency is secretly siphoning the nation's electronic communications to the National Security Agency without warrants, as the Electronic Frontier Foundation alleges.

More on MSN Money:

VIDEO ON MSN MONEY

2Comments
Dec 1, 2011 1:16PM
avatar
According to new information, http://www.extremetech.com/computing/107427-carrier-iq-which-phones-are-infected-and-how-to-remove-it

Not only is the spyware installed in iphones, it is installed directly in iOS by Apple.  So, check your phones.

(edited to fix the url)
Feb 15, 2014 8:12AM
avatar
Hi..friends,
This spy software is only for the iPhone right? If you want android spy app at free of cost then i heard  about the amazing spy application for Android users. Zealspy is the amazing application that monitors your activities of your devices. So download it today by visiting this http://zealspy.com/.

Report
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
Categories
100 character limit
Are you sure you want to delete this comment?

DATA PROVIDERS

Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.

RECENT ARTICLES ON IDENTITY THEFT