Author Topic: tracking every key stroke  (Read 6726 times)

0 Members and 1 Guest are viewing this topic.

Offline thaiga

tracking every key stroke
« on: December 01, 2011, 08:17:08 PM »
An Android app developer in America has posted a video showing what he claims is 'conclusive proof' that 'Carrier IQ' software installed by manufacturers of many US phones record the way those phone are used in real time, as well as their geographic locations.

Carrier IQ has claimed that the software only tracks information for the benefit of users, not for any spying purposes, and that it is “counting and summarising” information rather than recording it.

However, in a YouTube video posted on Monday, the developer, Trevor Eckhart, did a “factory reset” on his Android phone, returning it to the condition in which it is shipped to customers, and linked it to a computer screen which allegedly displayed what the Carrier IQ software was tracking.

The demonstration showed that the software read every keystroke put into the phone, as well as every text message sent to it. It also appeared to log location data, and transmit this to Carrier IQ.

Mr Eckhart, claims it is used by manufacturers of phones that use Google's Android operating system, as well as some BlackBerry and Nokia handsets. It is not thought to be used in Apple’s iPhones.

It is not known if Carrier IQ is in use in Europe, where it might present a serious breach of the Data Protection laws.

A source at a leading mobile operator said his company didn't install it but that he had been investigating whether UK manufacturers had done so and “couldn’t give a definitive answer”.

Carrier IQ said in a statement that it “assists operators and device manufacturers in delivering high quality products and services to their customers … by counting and measuring operational information in mobile devices – feature phones, smartphones and tablets.

“The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to third parties,” it added.

Carrier IQ would not return requests for further comment, but according to US reports it has issued Mr Eckhart with an order to take down its video. There is no suggestion that Google has authorised the use of the Carrier IQ technology.

The Telegraph
Anyone who goes to a psychiatrist should have his head examined.

Offline thaiga

Re: tracking every key stroke
« Reply #1 on: December 02, 2011, 12:03:11 AM »

UK phone brands deny invasive Carrier IQ use

Mobile phone networks and manufacturers are rushing to deny that their handsets carry the Carrier IQ software that has spawned privacy fears.

It has emerged that the software, which is installed on a number of smartphones to monitor device performance and usage for mobile networks, has been tracking much more done on a handset than necessary, seemingly down to each individual keystroke.

Vodafone has taken to its forums to deny that Carrier IQ is used on its UK handsets.

When asked by a customer if Vodafone UK has any connection with or has ever used Carrier IQ, its community manager said, "I've looked into this and the answer seems to be a no. Take it as that for now, and if I find anything else out I'll update the thread, but I doubt I will.

"There's nothing anywhere to suggest that we ever have."

Worth noting at this point that Carrier IQ issued a press release in 2009 announcing a deal with Vodafone Portugal.

O2 told us, "O2 doesn't collect any information via Carrier IQ. This is a question for the handset suppliers."

When quizzed on whether O2 uses any diagnostic tools on phones, O2 replied: "Not that we know of. Our understanding is that the handset manufacturers might install it so that they can collect diagnostic data, but if they do it's not on our behalf and we don't have access to any of the data that may be collected."

Orange and Vodafone have both also responded to our calls to find out whether the issue is prevalent in the UK, with the former stating it does 'validate' the like of CarrierIQ on any phone in the UK, and Vodafone similarly stating it would never allow such a service on any phone on its network, as it would 'directly contradict our privacy policy to customers.

TechRadar has contacted all the major UK phone networks and handset manufacturers to try and get a clearer picture of which are using Carrier IQ - at present it seems to be mainly a US issue.

We have also contacted Carrier IQ about the situation.

Traces of the software have been found on handsets from almost all major manufacturers, including Nokia, BlackBerry, iOS and Google handsets.

But if networks were quick to wash their hands of Carrier IQ, manufacturers are even less keen to be associated with the tracking software - little wonder after Apple's PR meltdown over location tracking concerns earlier this year.

Nokia, for one, was strenuously denies reports that Carrier IQ is installed on some handsets.

The Finns released a statement saying, "Nokia is aware of inaccurate reports which state that software from Carrier IQ has been found on Nokia devices. Carrier IQ does not ship products for any Nokia devices, so these reports are wrong."

RIM sent TechRadar the following statement concerning BlackBerry handsets:

"RIM is aware of a recent claim by a security researcher that an application called 'Carrier IQ' is installed on mobile devices from multiple vendors without the knowledge or consent of the device users.

"RIM does not pre-install the Carrier IQ app on BlackBerry smartphones or authorise its carrier partners to install the Carrier IQ app before sales or distribution.

"RIM also did not develop or commission the development of the Carrier IQ application, and has no involvement in the testing, promotion, or distribution of the app. RIM will continue to investigate reports and speculation related to Carrier IQ."

Although Google told us it has no comment on the reports, citing "extremely reliable sources" The Verge reports that neither the Google Nexus Android phones nor the original Motorola Xoom use Carrier IQ's tracking software.

That doesn't necessarily mean these handsets don't ever have Carrier IQ installed though; it seems that some carriers require manufacturers to include the software. As Android is open source, it can be added later but closed shops like iOS and Windows Phone may have had to leave a window open for the software's installation.

Carrier IQ featured as number nine in the Wall Street Journal's list of venture-backed companies to watch in 2011, claiming that "the software sits on 140 million devices worldwide".

The main thing that remains unclear at this point is exactly what data is being collected and who it's being sent to. We're continuing to investigate so stay tuned.

In the meantime, here's a video made by researcher Trevor Eckhart, who uncovered the dubious side to the software, showing just how far ranging the data collection can be.

Carrier IQ Part #2
Anyone who goes to a psychiatrist should have his head examined.

Offline Baby Farts

Re: tracking every key stroke
« Reply #2 on: December 02, 2011, 12:41:03 AM »
I forget the name of the software, but there is an app you can install on a nokia phone and monitor / track every sms from that particular device.  Great for those who have a cheating spouse.


  • Guest
Re: tracking every key stroke
« Reply #3 on: December 02, 2011, 08:47:48 AM »
Is there any way to find whether a particular 'phone has Carrier IQ or similar software installed?

If the installation of such software is, at the moment, a matter of geographic location, could it be at the request of some government agency?

Offline thaiga

You're all screwed
« Reply #4 on: December 02, 2011, 08:16:25 PM »
Wikileaks reveals mass surveillance of mobile devices

WIKILEAKS FOUNDER Julian Assange has warned, "You're all screwed," when it comes to smartphone and gadget monitoring and surveillance.

Users of the Iphone, Blackberry and Gmail are among those who are supposedly 'screwed' because more than 150 organisations can monitor data on mobile devices. Assange made the statement at a press conference while unveiling the Wikileaks 'Spy Files' project.

Wikileaks said, "Mass interception of entire populations is not only a reality, it is a secret new industry spanning 25 countries."

"It sounds like something out of Hollywood, but as of today, mass interception systems, built by Western intelligence contractors, including for 'political opponents' are a reality."

Assange said, "Who here has an iPhone? Who here has a BlackBerry? Who here uses Gmail? Well, you're all screwed."

"The reality is, intelligence contractors are selling right now to countries across the world mass surveillance systems for all those products."

The organisations apparently have the ability to track devices, intercept messages and listen to phone calls, according to The Press Association.

It might sound like a complete invasion of privacy but the goings on are legal according to Assange and are leading to a "totalitarian surveillance state".

He said the US, UK, Australia, South Africa and Canada are all developing "spying systems", and the data is collected and sold on to "dictators and democracies alike".

The publication of the 'Spy Files' consisting of 287 documents in collaboration with the web site is a "mass attack on this mass surveillance industry," added Assange. µ

The Inquirer
Anyone who goes to a psychiatrist should have his head examined.

Offline thaiga

Re: tracking every key stroke
« Reply #5 on: December 03, 2011, 08:25:35 PM »
Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases
42 comments, 39 called-out + Comment now + Comment now Move up Move down  Here's The Letter Senator Al Franken Just Sent To Phone 'Rootkit' Firm Carrier IQ  Andy Greenberg Forbes Staff 
Updated with a more detailed response from Carrier IQ below.

A piece of keystroke-sniffing software called Carrier IQ has been embedded so deeply in millions of Nokia, Android, and RIM devices that it’s tough to spot and nearly impossible to remove, as 25-year old Connecticut systems administrator Trevor Eckhart revealed in a video Tuesday.

That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School. He thinks it’s also likely grounds for a class action lawsuit based on a federal wiretapping law.

“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap.” he says. “And that gives the people wiretapped the right to sue and provides for significant monetary damages.”

As Eckhart’s analysis of the company’s training videos and the debugging logs on his own HTC Evo handset have shown, Carrier IQ captures every keystroke on a device as well as location and other data, and potentially makes that data available to Carrier IQ’s customers. The video he’s created (below) shows every keystroke being sent to the highly-obscured application on the phone before a call, text message, or Internet data packet is ever communicated beyond the phone. Eckhart has found the application on Samsung, HTC, Nokia and RIM devices, and Carrier IQ claims on its website that it has installed the program on more than 140 million handsets.

Specifically, Ohm points to changes made to the Wiretap Act under the Electronic Communications Privacy Act of 1986 that forbid acquiring the contents of communications without the users’ consent. “Because this happens with text messages as they’re being sent, a quintessentially streaming form of communication, it seems like exactly the kind of thing the wiretap act is meant to prevent,” he says.  ”When I was at the Justice Department, we definitely prosecuted people for installing software with these kinds of capabilities on personal computers.”
Carrier IQ didn’t respond to my request for comment, but the firm has posted a response statement on its website, claiming that it collects only limited “operational information” on devices for its carrier customers:

“While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools. The information gathered by Carrier IQ is done so for the exclusive use of that customer, and Carrier IQ does not sell personal subscriber information to 3rd parties. The information derived from devices is encrypted and secured within our customer’s network or in our audited and customer-approved facilities

Former Justice Department prosecutor and University of Colorado Law School professor Paul Ohm
But even if the data were somehow aggregated and anonymized before being communicated to a remote server, Ohm argues, Carrier IQ and possibly even Sprint and other carriers shown to have used the company’s services should still expect a costly class action lawsuit. “Even if they were collecting only anonymized usage metrics, it doesn’t mean they didn’t break the law,” says Ohm. “Then it becomes a hard, open question. And hard open questions take hundreds of thousands of dollars to make go away.”

“In the next days or weeks, someone will sue, and then this company is tangled up in very expensive litigation,” he adds. “It’s almost certain.”

Over the last month, Carrier IQ has attempted to quash Eckhart’s research with a cease-and-desist letter, apologizing only after the Electronic Frontier Foundation came to his defense. Eckhart’s legal representation at the EFF declined to comment on the legality of Carrier IQ’s business practices.

If the case went to court, Carrier IQ’s first line of defense might be that users have agreed to some form of tracking in their contract with one of Carrier IQ’s cellular carrier customers. But when I reached Eckhart by phone, he pointed out that in his tests, he turned on the phone’s airplane mode, shutting down its cellular connection and using only Wifi. Even then, the app seemed to record all his keystrokes and communications as they happened. “[Sprint] defines their service as their network,” he says, referring to his own tests on his Sprint-connected HTC Evo. “I don’t understand how my phone on my own wireless network is their service, and how they have the right to look at that.”
Anyone who goes to a psychiatrist should have his head examined.

Offline thaiga

Re: tracking every key stroke
« Reply #6 on: December 03, 2011, 08:30:06 PM »
Is there any way to find whether a particular 'phone has Carrier IQ or similar software installed?

If the installation of such software is, at the moment, a matter of geographic location, could it be at the request of some government agency?

Anyone who goes to a psychiatrist should have his head examined.


  • Guest
Re: tracking every key stroke
« Reply #7 on: December 04, 2011, 09:26:58 AM »
Many thanks. Thaiga!


  • Guest
Re: tracking every key stroke
« Reply #8 on: February 14, 2012, 07:31:25 PM »
Might be worth installing this on your PC/laptop as they have just upgraded it to include Firefox and a few others as well as IE.

There is a small toolbar-like strip at the top of the browser page that gives you the scrambled code of what you type. Decent, I like it and it's free, and can't be too careful these days.