What’s your phone’s IQ?
by Xavier Digiti
Mountain View, CA – Worried about someone getting your IP address? What if everything you type into your phone is logged? If you use AT&T, Sprint, T-mobile, or an Apple made phone then your key strokes could possibly be being recorded. The previously mentioned companies utilize a monitoring tool made by a company named Carrier IQ in their networks and devices.
Carrier IQ, a “leading provider of Mobile Service Intelligence Solutions to the Wireless Industry” according to their website, provides a tool to the wireless phone industry that monitors the network to uncover broad trends across a network. The company and industry experts claim that the software only stores the data locally. Carrier IQ also claims that the information is not transmitted to the carrier. If you’ve ever had a phone stolen though you could see how disconcerting this may be. Users may be powerless to stop the software’s recording of info because it is so buried in the operation system that the average user can’t possibly delete it, and doing so would void the phones warrant. This software is reportedly installed on approximately 140 million phones.
The software was discovered by Trevor Eckhart, an Android app developer, who posted a video showing his testing of the software’s existence and function. Mr. Eckhart used the Android debug options while his phone was in airplane mode to show how each key pressed and message sent is logged into the software.
According to the video the phone Mr. Eckhart used was a stock HTC EVO which had been factory reset. Mr. Eckhart goes through the setup process for the phone, and elected not to transmit any data to either Google or HTC during the setup process.
After setting the phone up, he views the running applications list and notes two apps, one titled HTC IQ Agent and the other titled IQRD. The IQRD app requires almost completely open permissions on the phone. The app is shown to always run when the OS is running. The force stop option does nothing, the app continues to run.
Next, the phone is put in USB debug mode allowing Mr. Eckhart to be able to read the phones logs. He then proceeds to press the Home button which is recorded in the log as com.htc.android.iqagent.action.ui19. He goes through each button in dialer; each key pressed is logged in the Carrier IQ app. The same is true for SMS (text) messages.
Mr. Eckhart then goes to the web browser while connected to his home wireless network, runs a search with Google in “https” meaning that anything after the domain was supposed to be encrypted. All information is logged and open in the Carrier IQ app, including what the search was for.
Carrier IQ attempted to silence Mr. Eckhart by sending him a cease –and-desist notice after discovering his video and copies of their training manuals which Mr. Eckhart obtained from their publicly available website. The Electronic Frontier Foundation (EFF) then stepped in to aid Mr. Eckhart claiming that the manuals in question fell under the Copyright Act’s fair use policy for criticism, commentary, news reporting and research, and that the demands made by Carrier IQ were baseless. A copy of the EFF’s response can be found here .
On November 3, 2011 Carrier’s CEO Larry Lenhart responded with a fax to the EFF . In the fax Mr. Lenhart says, “I write to inform you that we are withdrawing our legal request to cease and desist to Trevor Eckhart as of today — November 23rd, 2011.
We are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart, and in retrospect we realize that we would have been better served by reaching out to Mr. Eckhart to establish a dialogue in the first instance.”
Carrier IQ has subsequently released the following statement on December 1st, 2011:
“MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–To clarify misinformation on the functionality of Carrier IQ software, the company is updating its statement from November 23rd 2011 as follows:
“We measure and summarize performance of the device to assist Operators in delivering better service.While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
“Having examined the Carrier IQ implementation it is my opinion that allegations of keystroke collection or other surveillance of mobile device user’s content are erroneous,” asserts Rebecca Bace of Infidel Inc. a respected security expert.
“Privacy is protected. Consumers have a trusted relationship with Operators and expect their personal information and privacy to be respected. As a condition of its contracts with Operators, CIQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.
“Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions.
“Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the Operators provide optimal service efficiency. We are deployed by leading Operators to monitor and analyze the performance of their services and mobile devices to ensure the system (network and handsets) works to optimal efficiency. Operators want to provide better service to their customers, and information from the device and about the network is critical for them to do this. While in-network tools deliver information such as the location of calls and call quality, they do not provide information on the most important aspect of the service – the mobile device itself.
“Carrier IQ acts as an agent for the Operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile Operators. Carrier IQ does not gather any other data from devices.
CIQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows Operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps Operators’ customer service more quickly identify the specific issue with the phone.”
The Huffington Post has put together a list of phones that they claim has the software installed. To see their list, follow the link at the end of this article.
Our phones have access to the most intimate details of our lives. Just how much does your phone know about you?
UPDATE: December 2nd, 2011
On December the 2nd, 2011 after calls for a federal investigation and class action lawsuits, Carrier IQ, Andrew Coward, VP of Marketing for Carrier IQ, has come forward and presented evidence that the software doesn’t represent a privacy threat.
In an interview with The Register Mr. Coward states that the information input into the phones memory is dumped almost immediately after. He goes on to state that the only occasion the information is transmitted to Carrier IQ is in instances where the phone crashes or when a call is dropped. Mr. Coward claims that the only reason the key strokes are logged is to invoke the Carrier IQ programming interface. He also goes on to state that the company collects the data on behalf of the carriers at their behest. The data itself is the property of the carriers although it may be stored at a Carrier IQ data center.
The company claims that while yes, every key stroke can be seen in Trevor Eckhart’s video, the company applies a filter to the information it receives so it never actually gets the detail of what’s in the message, just if the message was successful or not. According to the interview Mr. Coward gave the company transmits data back to the carrier’s based on their specific profile, meaning that different carriers want different information. When asked “How much data on the average phone running Carrier IQ is actually transmitted in a day, week, or a month?”, Mr. Coward answers that 200KB is transmitted a day. He also goes on to say that a large part of that is radio transmission data, the information sent between a cell tower and a cellular phone. Additionally, the information stored is stored in the phones random access memory (RAM).
The question remains as to why all this information is being transmitted and then filtered out at the receiving end. Why not just transmit only what’s needed instead of opening the potential for a massive invasion of privacy at the flip of a switch? This isn’t just a database of reference numbers – people’s whole lives may be being transmitted surreptitiously over the airwaves.
Krypton Radio will continue to report on the situation as it develops.