carrieriq

8

Carrier IQ being used by the FBI?

If you were glad that Windows Phone doesn't have Carrier IQ on board before, you may be even happier now.The software, found on Android phones, has come under scrutiny for allegedly collecting data on users, including keystrokes, URLs and messages. Microsoft has recently denied using CIQ on any of its Windows Phones. 

Now, a Freedom of Information (FOI) request was put onto the FBI regarding what information it has on Carrier IQ and the response is a bit troubling but not exactly defining either.  In essence, the FOI request was denied on grounds that it would interfere with ongoing investigations and that it is currently being used for law enforcement purposes--the question arises though, who's being investigated Carrier IQ or citizens?

The site MuckRock, who put in the FOI (kudos), seems to think it's the latter--after all, US intelligence agencies do have a history of using outside commercial companies for data collection. In addition, MuckRock notes "...the request was specifically for documents related directly to accessing and analyzing Carrier IQ data.", which hints at something more than the company itself. Of course with the recent outcries against Carrier IQs practices, they could also themselves be under investigation too, which would be ironic.

MuckRock plans to appeal the FOI denial and hopes to get further clarification on the matter.

More →
2
loading...
0
loading...
19
loading...
0
loading...

Within the last few days, the Carrier IQ (CIQ) saga has really made headlines amongst the mobile market. The software, designed to collect data from users on their mobiles so carriers can better understand how phones are being used, has come across as sophisticated spyware. Or at the very least, caused serious concern amongst the security-conscious.

We wrote about in detail here and at the time speculated that Windows Phone was exempt due to the way the OS was designed, including how Microsoft controls its modification.  We also asked ChevronWP7 member Rafael Rivera to do a quick security analysis of  the Windows Phone OS and he found no evidence of Carrier IQ being on board, much as we suspected.

Today, corporate vice president and director of Windows Phone Program Management Joe Belfiore finally chimed in on the matter as well, seemingly putting the issue to rest: Windows Phones do not have any Carrier IQ software installed. While good news for our phones, this does leave Android and (old) iOS still exposed. Since the drama started, RIM, Nokia and Verizon have publicly stated that they do not have CIQ on any of their devices (see more at The Verge).

Now we can add Windows Phone to that list too and due to the backlash, we're betting it will stay that way.

More →
2
loading...
0
loading...
79
loading...
0
loading...

If you haven't been following the Carrier IQ saga, let us try to re-cap it for you. Going back to October, it was reported that software on HTC Android phones was recording data and as Android Central lightly put it, "storing it sloppily". Information that was collected included phone numbers, geolocation and account names. It doesn't identify you per se with your name, but rather your device ID. Still, people rightly raised a storm. Turns out that software had a name: Carrier IQ.

Fast forward to last week when Trevor Eckhart -- aka TrevE -- wrote in detail what Carrier IQ was actually doing on the phone. The company Carrier IQ did not like this, made some legal threats against him, prompting the Electronic Frontier Foundation to step in. Carrier IQ (or just CIQ) quickly backed down and things looked to be at a stand off. CIQ then put out a press-release stating that their software

  • Does not record your keystrokes.
  • Does not provide tracking tools.
  • Does not inspect or report on the content of your communications, such as the content of emails and SMSs.
  • Does not provide real-time data reporting to any customer.
  • Finally, we do not sell Carrier IQ data to third parties.

Now, Eckhart has just published a second video (after the break) in response to CIQ's press release which seemingly contradicts just about all of the above. In the 17 minute long video (it gets good at about 8 minutes), Eckhart goes through and in real-time shows how keystrokes are recorded including phones numbers dialed, HTTPS data is sent unencrypted, text message data is accessed and of course that you really don't know that this app is running. All of this is performed on a stock Sprint EVO 3D and EVO 4G. What makes all of this troubling is the fact that (a) you aren't told about it (b) can't uninstall the software. You need to root the phone and load on a new, custom OS to get rid of it...

More →
8
loading...
0
loading...
64
loading...
0
loading...