Now Playing
Loading ...



 Listen Live!

Sen. Franken Queries Cell Carriers Over Security

 Business, Cybercrime, Internet, Mobile Devices, Politics, Sci / Tech, Special Reports  No Responses »
Dec 192011
 

Krypton Radio Special ReportCarrier IQ’s Problems Not Going Away Any Time Soon

by Xavier Digiti

Washington DC – “You agreed to let us do it! ” Sprint, AT&T, HTC and Samsung all stated that when its users signed the end-user licensing agreements, the users gave them the right to use Carrier IQ to monitor app deployment, phone CPU output, connectivity metrics, and battery life. That was their response to Senator Al Franken of Minnesota’s inquiry into Carrier IQ function and role in the cell phone industry. Sen. Franken’s request was sent after Travis Eckhart, an app developer, discovered Carrier IQ installed and running in his HTC EVO. The companies also reported that the software has been in use for years.

T-Mobile and Motorola are expected to respond to Sen. Al Franken’s inquiry by December 20, 2011. They have acknowledged using the software in their devices.

According to reports, the carriers decide what data they receive from carrier IQ. An example is that the phone may transmit text-message data only when a message fails to get delivered. Some carriers collect the data on an anonymous basis, allowing the carrier to obtain the necessary data to analyze network traffic, and connectivity data without knowing who the user is. Other carrier’s however, collect enough data to relate an event to a particular user. Meaning that they know how many times the battery is changed, how many times a charger is used, or what apps are taking the majority of your battery life.

Sprint reports that by way of their “privacy policy” they have the right to collect such information to analyze software and connectivity issues. Sprint also stated that they are going to disable the Carrier IQ app from a reported 26 million active devices.

Senator Franken has this to say about the responses:

“I appreciate the responses I received, but I’m still very troubled by what’s going on,” said Sen. Franken. “People have a fundamental right to control their private information. After reading the companies’ responses, I’m still concerned that this right is not being respected. The average user of any device equipped with Carrier IQ software has no way of knowing that this software is running, what information it is getting, and who it is giving it to-and that’s a problem.  It appears that Carrier IQ has been receiving the contents of a number of text messages-even though they had told the public that they did not.  I’m also bothered by the software’s ability to capture the contents of our online searches – even when users wish to encrypt them.  So there are still many questions to be answered here and things that need to be fixed.”

Below are links to the carrier’s response, hosted on Senator Franken’s web site.  The links feature his letters to AT&T, Sprint, HTC and Samsung, and their responses:

- 30 -

Is Your Cell Phone Spying On You?

 Cybercrime, League of Heroes (LoH)  No Responses »
Dec 052011
 
Krypton Radio Special Report

Krypton Radio Special ReportWhat’s your phone’s IQ?

by Xavier Digiti

Mountain View, CA – Worried about someone getting your IP address? What if everything you type into your phone is logged? If you use AT&T, Sprint, T-mobile, or an Apple made phone then your key strokes could possibly be being recorded. The previously mentioned companies utilize a monitoring tool made by a company named Carrier IQ in their networks and devices.

Carrier IQ, a “leading provider of Mobile Service Intelligence Solutions to the Wireless Industry” according to their website, provides a tool to the wireless phone industry that monitors the network to uncover broad trends across a network. The company and industry experts claim that the software only stores the data locally. Carrier IQ also claims that the information is not transmitted to the carrier. If you’ve ever had a phone stolen though you could see how disconcerting this may be. Users may be powerless to stop the software’s recording of info because it is so buried in the operation system that the average user can’t possibly delete it, and doing so would void the phones warrant. This software is reportedly installed on approximately 140 million phones.

The software was discovered by Trevor Eckhart, an Android app developer, who posted a video  showing his testing of the software’s existence and function. Mr. Eckhart used the Android debug options while his phone was in airplane mode to show how each key pressed and message sent is logged into the software.

According to the video the phone Mr. Eckhart used was a stock HTC EVO which had been factory reset. Mr. Eckhart goes through the setup process for the phone, and elected not to transmit any data to either Google or HTC during the setup process.

After setting the phone up, he views the running applications list and notes two apps, one titled HTC IQ Agent and the other titled IQRD. The IQRD app requires almost completely open permissions on the phone. The app is shown to always run when the OS is running. The force stop option does nothing, the app continues to run.

Next, the phone is put in USB debug mode allowing Mr. Eckhart to be able to read the phones logs. He then proceeds to press the Home button which is recorded in the log as com.htc.android.iqagent.action.ui19. He goes through each button in dialer; each key pressed is logged in the Carrier IQ app. The same is true for SMS (text) messages.

Mr. Eckhart then goes to the web browser while connected to his home wireless network, runs a search with Google in “https” meaning that anything after the domain was supposed to be encrypted. All information is logged and open in the Carrier IQ app, including what the search was for.

Continue reading »