[olug] [OT]: Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything

Christopher Cashell topher-olug at zyp.org
Thu Dec 1 00:34:52 UTC 2011


On Wed, Nov 30, 2011 at 6:07 PM, Dan Linder <dan at linder.org> wrote:
> From what I understand, the "Carrier IQ" tool is the electronic
> version of the Verizion guy who says "Can you hear me now?"  Each time
> your phone drops a call, gets a high rate of errors, etc, this tool
> logs that information and will upload it to the carrier as an
> additional datapoint for their coverage team to use.

That was my original thought, and how I pretty much wrote off the
concerns, too.  Now, I'm not so sure.  Capturing the full content of
text messages, and web browser searches (performed with HTTPS, over
wifi, with all other radios disabled) by a third-party application
goes way beyond what I'd consider reasonable technical or service
quality data.  The fact that someone has verified that it is capturing
this information, along with a lot more, is very disconcerting.

> The conspiracy theory side of me says "Yeah, but what else?" and it
> may be true.  Sadly we might never know unless it was made FOSS.

Not sure if you read the full article or watched the video, but Mr.
Trevor Eckhart has done a pretty thorough analysis of the software's
activity, showing an extent that seems to be very suspicious at best,
and very scary at worst.  If it's logging (and potentially sending) a
google search query performed over HTTPS, is it also logging (and
potentially sending) credit card numbers and other personal
information to them?

At the very least, this needs further investigation, and should have
an option for disabling (and removing) it.

> Dan

-- 
Christopher



More information about the OLUG mailing list