Carrier IQ Rootkit Reportedly Logs Everything On Millions Of Phones [Updated]
By James Mulroy
If you use an Android, BlackBerry, or Nokia smartphone then you may be at risk of being illegally wire-tapped by Carrier IQ–a provider of performance monitoring software for smartphones–according to reports.
Earlier this month, security researcher Trevor Eckhart announced that he found software made by Carrier IQ that may be logging your every move on your mobile phone. Trevor referred to it as a “rootkit“, a piece of software that hides itself while utilizing privileged access like watching your every move. Carrier IQ didn’t take too kindly to this accusation, and responded aggressively with a cease-and-desist letter, and went on to deny this accusation. However, to further back his accusation, Eckhart released a video that he says shows the software in action.
In the video, Eckhart navigates to a list of running applications on his phone, and he found that the application IQRD–made by Carrier IQ–was not shown. However, when he searched all of the applications on the device, Eckhart discovered that IQRD showed up with the option to force stop it; therefore, he determined that the app must have been running. However, when he tried to stop the application, the force stop function did absolutely nothing. Additionally, this application always runs when the device is started, according to his research.
After connecting his HTC device to his computer, Trevor found that IQRD is secretly logging every single button that he taps on the phone–even on the touchscreen number pad. IQRD is also shown to be logging text messages.
In the video, Eckhart shows that Carrier IQ is also logging Web searches. While this doesn’t sound all that bad by itself, it suggests that Carrier IQ is logging what happens during an HTTPS connection which is supposed to be encrypted information. Additionally, it can do this over a Wi-Fi connection with no 3G, so even if your phone service is disconnected, IQRD still logs the information.
Wired goes on to say that the application “cannot be turned off without rooting the phone and replacing the operating system.”
While Eckhart tested his accusation on an HTC device it is likely that Carrier IQ is logging information on millions of more devices. According to Carrier IQ (pdf)”Carrier IQ’s Mobile Intelligence platform is currently deployed with more than 150 million devices worldwide.”
While Carrier IQ has since backed off and apologized for its aggressive legal action against Eckhart, this isn’t the end of the story for Carrier IQ. Paul Ohm, a former Justice Department prosecutor and professor at the University of Colorado Law School, told Forbes that this isn’t just creepy, but it’s also likely grounds for a class action lawsuit, citing a federal wiretapping law.
Make sure to check out the video below to see what Trevor discovered.
Update, Nov 30, 2011: iOS jailbreak developer Grant Paul (AKA chpwn) points out on Twitter that earlier versions of iOS appear to have included Carrier IQ. And Erica Sadum of The Unofficial Apple Weblog (TUAW) notes that iOS 5 makes references to Carrier IQ as well. In the TUAW post, Erica analyzes the Carrier IQ references and concludes that Carrier IQ in iOS 5 doesn’t appear to be collecting much data–if any at all (i.e. it may need to be explicitly turned on). Read her story for the full details.
Update 2:The Verge claims that neither the Nexus-branded Android phones nor the Motorola Xoom tablet include Carrier IQ, and suggests that the carriers insist on including the software. We haven’t been able to verify this, but if you have any more information, feel free to tip us off.
In Video: Carrier IQ Captures Personal Mobile Data