John Paczkowski

Recent Posts by John Paczkowski

Carrier IQ Improves My Wireless Service by Logging My Keystrokes? Please Explain.

Carrier IQ says its software makes cellphones “work better by identifying dropped calls and poor service,” but evidently it does quite a bit more. Security researcher Trevor Eckhart has discovered that it can as well monitor keystrokes, location and received messages, and typically does.

In an 18-minute video clip posted to YouTube, Eckhart demonstrates Carrier IQ’s software as it records virtually all keystrokes made on an HTC Evo 3D. Worse still, it’s shown logging encrypted Web searches, text messages and, well, you name it. In other words, it’s entirely possible that the wireless carriers who install Carrier IQ’s software on cellphones are able to watch what their subscribers are doing on their phones as they do it. Says Eckhart, “So, instead of seeing dropped calls in California, they now know ‘Joe Anyone’s’ location at any given time, what he is running on his device, keys being pressed, applications being used.”

Disconcerting to say the least. More so since Carrier IQ claims its “Mobile Intelligence platform” is currently deployed on more than 150 million devices worldwide, generally installed by the carrier. Eckhart says he’s found it on Android and BlackBerry devices, and others have found evidence of it on iOS, though it does appear to be disabled by default (if it is enabled, it can be turned off pretty simply).

As privacy violations go, this one seems particularly outrageous, though Carrier IQ would likely describe that characterization as an overreaction. It claims it doesn’t track keystrokes, nor does it sell information to third parties.

“While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools,” the company said in a statement. “The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.”

That’s great, but it doesn’t really explain what we see in the video above, in which the application is very clearly logging keystrokes.

If Carrier IQ isn’t recording keystrokes, why is it logging them?

That’s a question U.S. Sen. Al Franken (D-Minn.) would like answered. In a letter to Carrier IQ President and CEO Larry Lenhart today, Franken called on the exec to explain exactly what information the software records, whether that information is transmitted to Carrier IQ or to other companies, and whether that information is shared with anyone else.

“… It appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit,” Franken wrote. “These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.”

Related Posts on Carrier IQ:

Full Carrier IQ Coverage »


Twitter’s Tanking

December 30, 2013 at 6:49 am PT

2013 Was a Good Year for Chromebooks

December 29, 2013 at 2:12 pm PT

BlackBerry Pulls Latest Twitter for BB10 Update

December 29, 2013 at 5:58 am PT

Apple CEO Tim Cook Made $4.25 Million This Year

December 28, 2013 at 12:05 pm PT

Latest Video

View all videos »

Search »

The problem with the Billionaire Savior phase of the newspaper collapse has always been that billionaires don’t tend to like the kind of authority-questioning journalism that upsets the status quo.

— Ryan Chittum, writing in the Columbia Journalism Review about the promise of Pierre Omidyar’s new media venture with Glenn Greenwald