Carrier IQ Improves My Wireless Service by Logging My Keystrokes? Please Explain.
Carrier IQ says its software makes cellphones “work better by identifying dropped calls and poor service,” but evidently it does quite a bit more. Security researcher Trevor Eckhart has discovered that it can as well monitor keystrokes, location and received messages, and typically does.
In an 18-minute video clip posted to YouTube, Eckhart demonstrates Carrier IQ’s software as it records virtually all keystrokes made on an HTC Evo 3D. Worse still, it’s shown logging encrypted Web searches, text messages and, well, you name it. In other words, it’s entirely possible that the wireless carriers who install Carrier IQ’s software on cellphones are able to watch what their subscribers are doing on their phones as they do it. Says Eckhart, “So, instead of seeing dropped calls in California, they now know ‘Joe Anyone’s’ location at any given time, what he is running on his device, keys being pressed, applications being used.”
Disconcerting to say the least. More so since Carrier IQ claims its “Mobile Intelligence platform” is currently deployed on more than 150 million devices worldwide, generally installed by the carrier. Eckhart says he’s found it on Android and BlackBerry devices, and others have found evidence of it on iOS, though it does appear to be disabled by default (if it is enabled, it can be turned off pretty simply).
As privacy violations go, this one seems particularly outrageous, though Carrier IQ would likely describe that characterization as an overreaction. It claims it doesn’t track keystrokes, nor does it sell information to third parties.
“While we look at many aspects of a device’s performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools,” the company said in a statement. “The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools.”
That’s great, but it doesn’t really explain what we see in the video above, in which the application is very clearly logging keystrokes.
If Carrier IQ isn’t recording keystrokes, why is it logging them?
That’s a question U.S. Sen. Al Franken (D-Minn.) would like answered. In a letter to Carrier IQ President and CEO Larry Lenhart today, Franken called on the exec to explain exactly what information the software records, whether that information is transmitted to Carrier IQ or to other companies, and whether that information is shared with anyone else.
“… It appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit,” Franken wrote. “These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.”
Related Posts on Carrier IQ:
- Exclusive Interview: Carrier IQ Gets Transparent About Its Mobile Monitoring
- Carrier IQ: How to Hack Back Your Phone
- Carrier IQ Speaks: Our Software Monitors Service Messages, Ignores Other Data
- Apple: We Stopped Supporting Carrier IQ With iOS 5
- RIM, HTC, Google on Carrier IQ: Blame the Carriers
- Carrier IQ Improves My Wireless Service by Logging My Keystrokes? Please Explain.