Carrier IQ Software May Not Record Messages But It's a Privacy Risk

Illustration for article titled Carrier IQ Software May Not Record Messages But Its a Privacy Risk

According to security consultant Dan Rosenberg, the Carrier IQ spyware in his Samsung Epic 4G is not recording his text keystrokes. Rosenberg also claims that Carrier IQ cannot record SMS text bodies, emails or web page contents:

CarrierIQ cannot record SMS text bodies, web page contents, or email content even if carriers and handset manufacturers wished to abuse it to do so. There is simply no metric that contains this information.

Advertisement

This contradicts the findings by Trevor Eckhart, who analyzed the live Carrier IQ debug logs in two different HTC phones.

Advertisement

Rosenberg says that, at least on his Samsung, Carrier IQ can't record keystrokes except for those used while dialing phone numbers. It can record GPS location and URLs, even secure ones, however. According to him, HTC should fix the debug logs shown by Eckhart, which are a major privacy risk too.

The conclusion: even without text logging, Carrier IQ is accessing some private information without warning the user and without any easy way to deactivate it. There are no excuses for this abuse. It's just wrong and needs to be fixed now. [Vulnfactory via Cnet]

Share This Story

Get our newsletter

DISCUSSION

golferal
golferal - pataflaflas FTW

I know everyone went batshit crazy when this story first hit, but it's pretty much as I thought. The carriers are mostly using CIQ for analyzing device performance metrics and not super spying on everyone. Yes, it should be opt in, but it's another case of "the sky is falling" internet hype.