Android and iPhone security warning (2011 era phones): hidden program sending personal info to carriers

Editor’s note: This was accurate when it was published in 2011, it is not known if Apple (iPhones) or the phone companies (android devices) ever replaced Carrier IQ after a whistleblower revealed it’s existance. Certainly the FBI is crying like babies about not being able to unlock a 2016 era iPhone found locked after the fact, with no prior access on their part to install spyware.

Once again, my advice never to use a smartphone and to use separate devices for all computing and to connect to phone company and even wifi internet service has been reconfirmed. Although Carrier IQ was either scrapped or replaced after being revealed by a whistleblower, be advised that phones running it might still be on the market used and smartphones from that era should be avoided like the plague.

Above are screenshots of Carrier IQ obtained by security researcher who managed to remove Carrier IQ with considerable difficulty

Links to his posting:

The Huffington Post has republished a story by a security researcher revealing hidden spyware on Android phones used by the cellular carriers

The orignal story on his own website should be considered endangered due to copyright claims by the authors of the spyware, which he terms a rootkit.

The security researcher has posted this video detailing the “carrier IQ” spyware and the threat it poses.
The website has revealed that Apple is also including Carrier IQ in iOS, the operating system used by the iPhone.

Carrier IQ is a spyware application that reports URLs of all websites visited, Google searches, phone numbers typed, and the content of every text message to the carrier. Affected phones include HTC, Blackberry, and althoughj Nokia cliams not to ship any devices with Carrier IQ, security researcher Trevor Eckhart claims that Carrier IQ is in fact found on some Nokia phones.

Verizon had admitted on one website to using Carrier IQ and gives customers the option to opt out of resale of the data, but NOT out of it’s collection.At another time Verizon denied using Carrier IQ, I would not trust their denial.

You may recall that the Apple iPhone was previously found to send user location information back to Apple and to locally store an unencrypted log of all locations visited by the user, and there was speculation that Android was just as unsafe. This has now been confirmed.

There is only one good thing about this: if carriers need to plant software in phones to track what people are doing, it means they are having trouble tracking what people are doing online just by “deep packet sniffing” seeking IP addresses and content, in part due to the spreading use of SSL website encryption.

This means that if you connect a computer with software you control yourself to the Internet by a router (NEVER, EVER let Comcast, etc install software on your computer!), a mobile router/cellular wifi hotspot, a USB wireless device, or other such external Internet connection device, they can only sniff individual packets,and evidently they are having real problems tracking Internet users if they have to push software to end user hardware, the place where it can be found and they can be caught. An encrypted email sent using Tor, over an SSL encrypted connection, cannot be tracked to it’s source or read-UNLESS software like Carrier IQ is installed on the computer on either end of the transaction.

The worst thing about this is that with the tracking known publicly, there is exactly NO deterrent to loal police departments seeking warrants or the FBI issuing “national security letters” to carriers to get this information. If you are an activists and you have an android phone you need to remove this software NOW and shut off the phone until you do.

I suspect the safest way to remove Carrier IQ would be a rooted phone and a total reinstall of the Android operating system, compiled from it’s open source code from a known clean source. Many programmers have said Carrier IQ is so deeply embedded in the OS that a complete new ROM (operating sytem image) is required to get rid of it. There is a site on the Internet offering a removal program, but since removal is limted to the pay version I refuse to link to it.

A long thread of complaints on a Sprint community forum seeking removal methods suggests opting out of Sprint as the only way to opt out of Carrier IQ, but of course this only works if you have some way to verify that the new carrier doesn’t use Carrier IQ. They only way I know of doing that is not to use any device containing carrier-installed user-end software to access the Internet.

If you really need a smartphone, I suggest getting the smallest netbook you can find, a mobile wireless wifi hotspot, and installing Skype on the netbook so you don’t need a dumb phone and its calling plan as well. Needless to say, wipe Windows and install Linux-or next time around, the scandal will be about similar logging software in Windows 7 or 8 netbooks.

Eckhart found the program on his own phone, named “HTC IQ Agent” and dug into it’s fuctions. He found it was extremely difficult to remove and runs as a hidden program in the background. He was able to get access to the training videos for carrier use of the program and similar literature, infuriating both the authors of the program and presumbably carriers as well.

Especially ugly is that the authors of Carrier IQ are trying to prevent Eckhart, who had some kind of business relation with the firm, from publishing this information. I have downloaded a copy of The orignal story on his own wegbsitehis original web posting and placed it in secure encrypted storage in case lawsuits. court-ordered takedown notices or DCMA notices kill the original story.

The status of Carrier IQ as a rootkit makes this at least the second time a major corporation (or more than one of them) has been found planting back doors on customer’s computing devices. Some years ago, Sony introduced copy protection called “xcp” on comercial CD’s. If a windows user tried to play the CD, it asked for permission to install a special audio player, which disabled other audio players and most audio copying functions. The only “legal” as well as the only effective way to remove it was to reinstall Windows or switch to Linux, until several states sued Sony. Sony’s published instructions for removing xcp, which was definsed as a rootkit because it gave Sony adminstrative access to all infected systems, were also distrusted by security researchers.

Leave a Reply --WARNING: do not "Comment using Facebook" or using Twitter-you expose your information to 3ed party tracking

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.