Your smartphone may be spying on you
Software installed in millions of smartphones can record your every keystroke and provide the information to your carrier, a new video says.
Updated Dec. 1, 2011, at 1:42 p.m. ET
A security researcher's new video demonstrates how secret software -- installed on 140 million smartphones -- can keep a record of what you key into the device.
Here's the heart of the matter, as described by Gerry Smith on The Huffington Post:
In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software -- known as Carrier IQ -- logs every text message, Google search and phone number typed on a wide variety of smart phones -- including HTC, Blackberry, Nokia and others -- and reports them to the mobile phone carrier.
The application, which is labeled on Eckhart's HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "HTTPS," Eckhart said.
According to Eckhart, you can't easily turn this off. You would have to root the phone and replace the operating system, Wired says. (This article at Lifehacker explains what to do.)
Carrier IQ said the software is for "gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life." In other words, finding ways to make your smartphone experience better. (You can read the company's full statement here in a .pdf file.)
However, Wired says:
The company denies its software logs keystrokes. Eckhart's 17-minute video clearly undercuts that claim.
The keystrokes were recorded even when the phone was in airplane mode or using Wi-Fi. Post continues below.
Earlier this month, the company threatened Eckhart with legal action after his initial disclosures about the software, but it apologized (.pdf file) after the Electronic Frontier Foundation got involved.
The company did not immediately respond to many requests for comment from tech blogs. Condemnation of the practice and wireless companies that have allowed it has been intense. Joel Hruska wrote at ExtremeTech:
If ever a privacy issue deserved to explode in the faces of those responsible, this one does. The degree of data collection goes far, far beyond any claim to collect anonymous usage information or statistics on dropped calls. There's no reason for the software to even parse the content of SMS data or to log web searches in plain text, much less to report every button press.
Meanwhile, more information has emerged about how widespread the software is. The Washington Post reports: "In a Twitter message, Verizon spokesman Jeffrey Nelson said that the program is not present on any Verizon devices; Nokia has made a similar statement to The Verge."
RIM said in a statement: "RIM does not pre-install the Carrier IQ app on BlackBerry smartphones or authorize its carrier partners to install the Carrier IQ app before sales or distribution."
The Verge also said that "we've just learned some interesting news from an extremely reliable source: the Google Nexus One, Nexus S, Galaxy Nexus, and the original Xoom tablet do not contain Carrier IQ software."
It reportedly is on iPhones, "but it seems to be active only when the device is in diagnostic mode," Stan Schroeder wrote at Mashable.
If Eckhart's findings are correct, what's being done with the information? Don Reisinger emphasized that issue at CNET:
Perhaps most troublesome is that users don't know where their information is going or how it's being used. Earlier this month, Sprint told CNET that it's a Carrier IQ customer, but rejected any notion that it's peering into users' personal data.
A class-action lawsuit over privacy violations will no doubt result, a University of Colorado law professor told Andy Greenberg at Forbes.
You don't need to be a conspiracy theorist to worry about the limits to privacy these days. This software was included in Wired's Thanksgiving Day post, "9 reasons Wired readers should wear tinfoil hats" -- or become more concerned about privacy issues.
Another of those nine reasons was:
The government refuses to acknowledge whether the National Security Agency is secretly siphoning the nation's electronic communications to the National Security Agency without warrants, as the Electronic Frontier Foundation alleges.
More on MSN Money:
MORE ON MSN MONEY
VIDEO ON MSN MONEY
Not only is the spyware installed in iphones, it is installed directly in iOS by Apple. So, check your phones.
(edited to fix the url)
Copyright © 2013 Microsoft. All rights reserved.
Quotes are real-time for NASDAQ, NYSE and AMEX. See delay times for other exchanges.
Fundamental company data and historical chart data provided by Thomson Reuters (click for restrictions). Real-time quotes provided by BATS Exchange. Real-time index quotes and delayed quotes supplied by Interactive Data Real-Time Services. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by SIX Financial Information.