Carrier IQ: How to Hack Back Your Phone
The findings of a Connecticut-based systems administrator have sparked alarm in millions of smartphone users, after security researcher Trevor Eckhart published a video showing how a cellphone software company has the ability to log users’ Web searches and keystrokes.
The technology, made by Carrier IQ, is currently deployed on more than 150 million devices worldwide.
Research In Motion and HTC — the maker of the phone targeted in the security demo — have issued statements denying that Carrier IQ is preinstalled on their devices. Meanwhile, U.S. Sen. Al Franken (D-Minn.) has sent a letter to Carrier IQ seeking more information on what the software does.
Carrier IQ has told AllThingsD that while its software has the ability to receive a tremendous amount of information, some of which could be relayed to a carrier for diagnostics purposes, the company doesn’t log keystrokes and the software is not being used to gather intelligence about the phone’s user.
But while we wait for more answers, what’s a smartphone user to do?
Google Android Phones: If you’re wondering whether your Google Android phone might have Carrier IQ installed on it, Eckhart, the researcher behind all of this, points people to a Logging Test app that he claims can be used to verify “what logging is being done on your phone and where the data is going to.” If successfully installed — which we hear may take some finagling, including emailing the app link to yourself to access it, and “rooting” your phone first — the $1 app is meant to detect Carrier IQ and remove it.
According to his blog post, Eckhart has tested this app on the HTC Evo 3D phone; he believes it works on the Sprint Evo 4G and HTC Thunderbolt, as well.
But since the Google Android operating system runs on devices from multiple manufacturers, it is not known at this point which models could be running Carrier IQ and which ones are not.
It should be noted that some manufacturers have denied responsibility for the app; HTC, for example, has put the blame on wireless carriers, and basically advises HTC phone owners to contact their carriers. The company did add it was looking into an option for allowing its customers to opt out of the Carrier IQ application, but no further details were given beyond that.
Sprint has not yet responded to my inquiry as to whether the wireless company was actively involved in the installation of Carrier IQ, or how users might disable such applications on Sprint. AT&T said it uses Carrier IQ solely to improve its network performance; Verizon claims not to use it at all, although my colleague John Paczkowski reports that may not be the case.
RIM BlackBerrys: While RIM hasn’t explicitly pointed to wireless carriers as HTC did, the BlackBerry maker also denies any involvement with Carrier IQ, stating “RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution.”
However, the next part of RIM’s statement on the BlackBerry developers forum indicates that it’s possible Carrier IQ could live on a BlackBerry device.
According to BlackBerry Development Advisor Mark Sohm: “If the Carrier IQ application is present on a BlackBerry smartphone, it does not mean that the Carrier IQ application has ‘hacked’ the BlackBerry platform. It means that either the BlackBerry smartphone user or the user’s BlackBerry Enterprise Server admin explicitly installed the application and authorized it to run.”
In other words, if it’s on your phone, you may have granted it access in some way, shape, form or click of your Qwerty keypad.
Apple iPhones: Apple has issued a statement to AllThingsD declaring that the company stopped supporting Carrier IQ with iOS 5, its latest version of mobile software, and plans to remove it from future mobile software updates, too.
But what if you’re running an earlier version of iOS on your iPhone and are worried about where your data is going? Apparently, you can opt out of having your usage data submitted for diagnostics. To do that, go to to Settings → General → About → Diagnostics & Usage. Select “Don’t Send.”
More info to come as I get it.
Related Posts on Carrier IQ:
- Exclusive Interview: Carrier IQ Gets Transparent About Its Mobile Monitoring
- Carrier IQ: How to Hack Back Your Phone
- Carrier IQ Speaks: Our Software Monitors Service Messages, Ignores Other Data
- Apple: We Stopped Supporting Carrier IQ With iOS 5
- RIM, HTC, Google on Carrier IQ: Blame the Carriers
- Carrier IQ Improves My Wireless Service by Logging My Keystrokes? Please Explain.