[olug] [OT]: Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything

DYNATRON tech dynatron at gmail.com
Thu Dec 1 00:47:43 UTC 2011


http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110

(page for tool)
On Nov 30, 2011 6:41 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:

> well, i feel violated.
> i use ssh on my phone to access several servers...carrierIQ has my login
> credentials now.
>
> a keylogger falls under wiretap laws IMO
>
> androidsecuritytest.com seems to be the place to check out.
> On Nov 30, 2011 6:35 PM, "Christopher Cashell" <topher-olug at zyp.org>
> wrote:
>
>> On Wed, Nov 30, 2011 at 6:07 PM, Dan Linder <dan at linder.org> wrote:
>> > From what I understand, the "Carrier IQ" tool is the electronic
>> > version of the Verizion guy who says "Can you hear me now?"  Each time
>> > your phone drops a call, gets a high rate of errors, etc, this tool
>> > logs that information and will upload it to the carrier as an
>> > additional datapoint for their coverage team to use.
>>
>> That was my original thought, and how I pretty much wrote off the
>> concerns, too.  Now, I'm not so sure.  Capturing the full content of
>> text messages, and web browser searches (performed with HTTPS, over
>> wifi, with all other radios disabled) by a third-party application
>> goes way beyond what I'd consider reasonable technical or service
>> quality data.  The fact that someone has verified that it is capturing
>> this information, along with a lot more, is very disconcerting.
>>
>> > The conspiracy theory side of me says "Yeah, but what else?" and it
>> > may be true.  Sadly we might never know unless it was made FOSS.
>>
>> Not sure if you read the full article or watched the video, but Mr.
>> Trevor Eckhart has done a pretty thorough analysis of the software's
>> activity, showing an extent that seems to be very suspicious at best,
>> and very scary at worst.  If it's logging (and potentially sending) a
>> google search query performed over HTTPS, is it also logging (and
>> potentially sending) credit card numbers and other personal
>> information to them?
>>
>> At the very least, this needs further investigation, and should have
>> an option for disabling (and removing) it.
>>
>> > Dan
>>
>> --
>> Christopher
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>



More information about the OLUG mailing list