Carrier IQ - What do you think?

[wacmedia 277]

Hi,

 

What do boardies think of Carrier IQ ?

 

http://informationweek.com/news/security/mobile/232300025

 

 

It appears all of these so-called Security Researchers admit to Carrier IQ performing:

 

1. secret GPS location tracking.

2. secret virtual keylogging through the Phone Dialer.

3. secret HTTPS capturing of username/passwords at the URL line.

 

Don't these so-called Security Researches immediately recognize the Security Risks when they see one these days? What happened to the professional Security Researchers?

 

Unauthorized GPS location tracking opens the gateway for unknown sources to track the whereabouts of you, your daughters, your sons, and your spouses with real-time GPS accuracy.

 

Unauthorized Virtual keylogging of entries through the Phone Dialer opens the gateway for unknown sources to collect all your Bank Account #s, Credit Cards #s, SSN #s, Pin Codes, and other confidential information you key in during Phone Calls that were not agreed upon within the Network Carrier to Consumer Contract Agreement.

 

Unauthorized capturing of HTTPS URL contents containing Username and Password credentials to High Security Systems opens the gateway for unknown sources to penetrate High Security Systems and Exploit every vulnerability possible that was not agreed upon within the Network Carrier to Consumer Contract Agreement.

Edited December 7, 2011 by wacmedia

[joekicker 53]

What do boardies think of Carrier IQ ?

 

I think if you want to turn on your iPhone or your tablet and a map pops up and says "you are here" and that's where you actually are -- what did you expect? That there was NOT a GPS tracker in your phone or tablet? You have a two-way device that you have asked for and bought and you want to USE that GPS socially. And I think you got what you wanted.

 

I think if you don't want to use such a GPS system, then don't. What's the problem?

 

I think that I expect that if the device knows where I am, then it is hooking me up to the GPS through its software. What did you think?

 

 

I think that if my browser asks me "want me to save this password to make it easy to log in next time?" then -- it's going to log my password and login. If I start typing www.goo... and my browser fills in "gle.com" I think it must have logged and stored that info. What did you think?

 

.

Edited December 7, 2011 by joekicker

[mykl 72]

I think if you want to turn on your iPhone or your tablet and a map pops up and says "you are here" and that's where you actually are -- what did you expect? That there was NOT a GPS tracker in your phone or tablet? You have a two-way device that you have asked for and bought and you want to USE that GPS socially. And I think you got what you wanted.

 

I think if you don't want to use such a GPS system, then don't. What's the problem?

 

I think that I expect that if the device knows where I am, then it is hooking me up to the GPS through its software. What did you think?

 

 

I think that if my browser asks me "want me to save this password to make it easy to log in next time?" then -- it's going to log my password and login. If I start typing www.goo... and my browser fills in "gle.com" I think it must have logged and stored that info. What did you think?

 

.

I think that if the phone then transmits that data to another location without my consent, and with no way to prevent it, there might be a security issue. What do you think?

[gimmble 144]

 

I think I dont give a toss

 

 

 

 

 

Thats what I think :llaugh :llaugh :llaugh

 

 

 

 

 

 

cheers

Rodney

[MM 6,562]

I'm with mykl and gimmble on this one!

 

Sent from my GT-I9100 using Tapatalk

[joekicker 53]

I think that if the phone then transmits that data to another location without my consent, and with no way to prevent it, there might be a security issue. What do you think?

 

I think the data has to kept somewhere. Define "my consent". Define what data belongs to you.

 

Most certainly you can prevent it, though, this much we know. I can tell you for sure that no device I have secretly or openly tracks me by Carrier IQ or similar. For example.

 

You (and the OP of course) put up a conundrum and I'm the first to admit it. But the FACT is you can't get GPS help or a digital phone book or a browser that "knows" what sites you want to go to or automatic logins and all of that - you can't have that AND privacy. It's about as "secret" as the "secret war in Laos". If you want to know about it you can. Bottom line, thoiugh: if you want digital convenience, there is a security tradeoff, just like any other convenience there's a tradeoff.

 

.

[wacmedia 277]

Hi,

 

More info.

 

http://www.bbc.co.uk/news/technology-15982225

 

Legal row over Carrier IQ 'surveillance' app claims

 

hidden application found on millions of smartphones can log almost everything a user does, claims a US security researcher.

Trevor Eckhart unearthed the Carrier IQ application that runs largely unseen on many smartphone handsets.

Mr Eckhart said the software could log locations, websites visited, key presses and many other parameters.

Carrier IQ denied its code was spying. It threatened Mr Eckhart with legal action but later backed down.

Advanced skills

Mr Eckhart said he found Carrier IQ via work he had done on a security program, called Logging Test, which spotted which apps were running on an Android phone.

His analysis revealed that Carrier IQ could be set up to record almost anything and everything done on a smartphone.

Mr Eckhart found the code on Android smartphones and a cut down version has also been seen running on some Apple phones. He claimed it was in use on gadgets from other manufacturers.

Nokia said Carrier IQ did not ship on its products. Research in Motion, the maker of the BlackBerry, said it did not install nor authorise its partners to install Carrier IQ.

In response to Mr Eckhart's claims, Carrier IQ defended its software, saying it was not spying on users.

It said the code was used by mobile operators as a diagnostic tool to spot what was causing calls to drop, texts to go astray and battery power to be drained.

Mr Eckhart claimed Carrier IQ was buried deep in the core code for a smartphone to prevent it being found and, on some phones, was customised to prevent users changing what it logged. In some cases, he said, only those with "advanced skills" would be able to find it.

He

which showed Carrier IQ logging button presses, search queries and locations. Much of the data had been grabbed without consent, he said.

Fair use

The expose led Carrier IQ to start legal action against Mr Eckhart in the form of a "cease and desist" letter which demanded the removal of its training manuals and product information from his website.

This led to the intervention of digital rights group the Electronic Frontier Foundation (EFF) which agreed to represent Mr Eckhart in the legal spat.

In April 2011, Apple was accused of logging users' locations without their consent.

In its response, the EFF said: "We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless."

It said Mr Eckhart's work was "sheltered by both the fair use doctrine and the First Amendment".

Soon after, Carrier IQ withdrew its legal action and said it was "deeply sorry for any concern or trouble" it had caused.

"We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world," it said in a statement.

It reiterated that its software was used for diagnosis and disputed Mr Eckhart's claim that it had logged keystrokes and had tracked where people went.

It said it looked forward to a "healthy and robust" discussion with EFF and Mr Eckhart about its software and the uses to which it had been put.

Senate hearing

The news is the latest in a series of reports by security researchers flagging up different smartphone applications that keep an eye on users.

In April, Alasdair Allan and Pete Warden found that Apple iPhones and tablets running iOS4 regularly recorded a phone's location.

Apple denied it was tracking users and said the data was uploaded to phones to help locate nearby wi-fi and cell phone towers.

In addition, Google played down claims that phones running its Android system were logging locations. It said it gave people a clear choice about whether the information should be gathered.

Both firms were summoned to appear before the US Senate to explain their actions.

Edited December 9, 2011 by wacmedia

[joekicker 53]

Mr Eckhart said the software could log locations, websites visited, key presses and many other parameters.

 

You do know, I presume, that your browser, the software you are personally using RIGHT NOW, does do exactly that? Not "could" do -- does. It's doing it, right this second.

 

You know that, right? So since you know that, what do you think about that?

 

.

[wacmedia 277]

You do know, I presume, that your browser, the software you are personally using RIGHT NOW, does do exactly that? Not "could" do -- does. It's doing it, right this second.

 

You know that, right? So since you know that, what do you think about that?

 

.

 

Hi,

 

I agree, in general, with your views on digital technology/computing. I assume anything I do can be monitored. The point in this smartphone case however is that the app is hidden away where only the very tech savvy can find it. That is what is sinister about it. In the present economic climate where the Western Governments seem to be heading in a Fascistic/Police State direction it is very open to abuse.

 

http://www.zerohedge.com/contributed/%3F-older-posts-ron-paul-%E2%80%9C-patriot-act-was-written-many-many-years-911-and-attacks-simply-

 

Ron Paul: “The PATRIOT Act Was Written Many, Many Years Before 9/11 [And The Attacks Simply Provided] An Opportunity ...

• The government’s spying on Americans began before 9/11 (confirmed here and here. And see this)
  

• The Patriot Act was planned before 9/11 (and see this). Indeed, former Counter Terrorism Czar Richard Clarke told Stanford law professor Lawrence Lessig:
  

After 9/11 the government drew up the Patriot Act within 20 days and it was passed.

The Patriot Act is huge and I remember someone asking a Justice Department official how did they write such a large statute so quickly, and of course the answer was that it has been sitting in the drawers of the Justice Department for the last 20 years waiting for the event where they would pull it out.

(4:30 into

this video

).

• Government plans, exercises or drills to detain American citizens who opposed war were also drawn up before 9/11
  

• The Afghanistan war was planned before 9/11 (see this and this)
  

• The decision to launch the Iraq war was made before 9/11. Indeed, former CIA director George Tenet said that the White House wanted to invade Iraq long before 9/11, and inserted “crap” in its justifications for invading Iraq. Former Treasury Secretary Paul O’Neill – who sat on the National Security Council – also says that Bush planned the Iraq war before 9/11. Top British officials say that the U.S. discussed Iraq regime change even before Bush took office. And in 2000, Cheney said a Bush administration might “have to take military action to forcibly remove Saddam from power.” And see this.
  

• Cheney made Iraqi’s oil fields a national security priority before 9/11. And the Sunday Herald reported: “Five months before September 11, the US advocated using force against Iraq … to secure control of its oil.” (remember that Alan Greenspan, John McCain, George W. Bush, Sarah Palin, a high-level National Security Council officer and others all say that the Iraq war was really about oil.)
  

• The decision to threaten to bomb Iran was made before 9/11, and the Christian Science Monitor notes that the U.S. has been claiming for more than 30 years that Iran was on the verge of nuclear capability
  

• Wars throughout the Middle East and North Africa to effect regime were planned before 9/11
  

• Cheney dreamed of giving the White House the powers of a monarchy long before 9/11
  

• Cheney and Rumsfeld actively generated fake intelligence which exaggerated the threat from an enemy in order to justify huge amounts of military spending long before 9/11. And see this
  

• The government knew that terrorists could use planes as weapons — and had even run its own drills of planes being used as weapons against the World Trade Center and other U.S. high-profile buildings, using REAL airplanes — all before 9/11
  

• America played dirty games to justify wars before 9/11
  

Edited December 10, 2011 by wacmedia

[mykl 72]

You do know, I presume, that your browser, the software you are personally using RIGHT NOW, does do exactly that? Not "could" do -- does. It's doing it, right this second.

 

You know that, right? So since you know that, what do you think about that?

 

.

The browser I am using right now, this very minute (FF) does not send the passwords I use to log into every site I visit to a third party in clear unencrypted text. You do know that, right? The browser I am using right this very minute does not triangulate my location using cell towers (it can't, it's not being used on a cell phone and I'm not using Wifi) and transmit that location to a third party in clear unencrypted text. You do know that, right? It doesn't even transmit my location anywhere, as such. From my ipaddress, which is transmitted, my general location can be determined due to the fact that ipaddress's are assigned to specific ISP's in blocks. You do know that, right?

[joekicker 53]

The browser I am using right now, this very minute (FF) does not send the passwords I use to log into every site I visit to a third party in clear unencrypted text. You do know that, right? The browser I am using right this very minute does not triangulate my location using cell towers (it can't, it's not being used on a cell phone and I'm not using Wifi) and transmit that location to a third party in clear unencrypted text. You do know that, right? It doesn't even transmit my location anywhere, as such. From my ipaddress, which is transmitted, my general location can be determined due to the fact that ipaddress's are assigned to specific ISP's in blocks. You do know that, right?

 

Well, except for where you're wrong, yes, I know. When I use stuff, I find out about it. What's distressing about wac and many others I've read lately on this particular issue is all this "secret" stuff. If it's so secret, how come he knows? What now, they have to kill him because he found out? "I didn't know that" is hardly the same as "secret". And by the way, I'm not against consumer uprisings either, if you think Big Telephone isn't treating you right, by all means go after them. But the whining about "they're secretly tracking me," THAT is the part that riles me.

 

It REALLY must be stressed that if you have a computer, say (or what they call these days a "device") you are NOT a private person. It cannot and will not happen. There are even, these days, laws against privacy on a computer or device. You aren't allowed to be private. If you think you can use a PC or a phone or a tablet or any of that stuff and *also* have privacy, there is quite a lot you don't know.

 

ITEM: What's wrong with your Firefox? Old version? Or you don't trust the cloud?

 

.