Announcement

Collapse
No announcement yet.

Carrier IQ

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Carrier IQ

    For those of you that have been living under a rock, Carrier IQ is software integrated into several Android handsets by carriers and was also integrated into iOS releases before iOS5. According to its creator it only supplies anonymous diagnostic information to carriers about errors occurring on their network. However, that hasn't stopped some from speculating that it can monitor a lot more, including:
    • when they turn their phones on;
    • when they turn their phones off;
    • the phone numbers they dial;
    • the contents of text messages they receive;
    • the URLs of the websites they visit;the contents of their online search queries—even when those searches are encrypted; and
    • the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.


    How much do you trust the software on your phone? Do you use your phone to transmit sensitive information, such as bank account passwords? How much does software like Carrier IQ worry you?

    (FWIW, Cyanogen released a statement saying CyanogenMod will never have Carrier IQ)
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: Carrier IQ

    Originally posted by bascule View Post
    For those of you that have been living under a rock, Carrier IQ is software integrated into several Android handsets by carriers and was also integrated into iOS releases before iOS5. According to its creator it only supplies anonymous diagnostic information to carriers about errors occurring on their network. However, that hasn't stopped some from speculating that it can monitor a lot more, including:
    • when they turn their phones on;
    • when they turn their phones off;
    • the phone numbers they dial;
    • the contents of text messages they receive;
    • the URLs of the websites they visit;the contents of their online search queries—even when those searches are encrypted; and
    • the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.


    How much do you trust the software on your phone? Do you use your phone to transmit sensitive information, such as bank account passwords? How much does software like Carrier IQ worry you?

    (FWIW, Cyanogen released a statement saying CyanogenMod will never have Carrier IQ)
    Here's an article on how to find and get rid of CarrierIQ:
    http://www.zdnet.com/blog/networking...97?tag=nl.e589
    perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

    Comment


    • #3
      Re: Carrier IQ

      yet one more in a long line of reasons for why i utterly love running CyanogenMod. it is one of the best decisions you can probably ever make with regard to your handset. (see if your hardware is compatible here)
      "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
      - Trent Reznor

      Comment


      • #4
        Re: Carrier IQ

        Carrier IQ is exactly why I still have my flip phone from years ago.

        I'm in the process of re-reading 1984 by Orwell the parallels between the book and real life are starting to get more and more scary.

        Comment


        • #5
          Re: Carrier IQ

          TV is free because we endure commercials. I swear cell phones ought to be free between the ads and people like this group.

          Comment


          • #6
            Re: Carrier IQ

            Originally posted by astcell View Post
            TV is free because we endure commercials. I swear cell phones ought to be free between the ads and people like this group.
            What's even more of a rip off is having to buy a cell phone full retail. Mine crapped out on me a couple years ago. I had to get one of the cheapest models and it was still 200 bucks. It was a down grade in tech too, but with all the malware and surveillance stuff on smartphones I'm kinda glad I got what I did.

            Comment


            • #7
              Re: Carrier IQ

              To answer your question, Bascule, not at all. I'm on board with Dev and running a ROM that doesn't include CIQ. I can see both sides of the ethics argument of including such software on the handsets. It can apparently divulge way more info than most people would feel comfortable with. On the other side of the coin, I'm sure that CIQ has delivered info enough to find and fix all manner of problems.

              Am I defending CIQ here? hell no, just saying I think I see where their heads were when they decided to bundle it. Get consent before even monitoring, let alone collecting and transmitting data. That's where the issue lies, on none of the phones pre-loaded with this, did a message pop up on the first boot asking permission to collect anonymous data, even if that data were anonymous. Since CIQ really came into the light, there have been several apps designed and put up on the market to find and kill it. As of now, it's the users' responsibility to choose to do so.

              EDIT: just some typographical errors
              Last edited by sintax_error; December 10, 2011, 12:56.
              "You have cubed asscheeks?"... "Do you not?"

              Comment


              • #8
                Re: Carrier IQ

                Even if you run a custom ROM though, can't they just see all your data further upstream?

                Comment


                • #9
                  Re: Carrier IQ

                  Originally posted by mwerte View Post
                  Even if you run a custom ROM though, can't they just see all your data further upstream?
                  Depends on who's looking, how intently, and how long after that data transaction. From what I understand, as long as you don't get yourself flagged by your carrier for whatever reason, you generally don't need to worry about what they are looking into as far as your traffic. If anyone has anything to cite that contradicts this as far as policies and incidents, I'd be interested in a good read.
                  "You have cubed asscheeks?"... "Do you not?"

                  Comment


                  • #10
                    Re: Carrier IQ

                    Originally posted by mwerte View Post
                    Even if you run a custom ROM though, can't they just see all your data further upstream?
                    If you "own" your own ROM, and OS, and manage to "secure" the platform you and the people you communicate with it are using (phone, OS, Firmware) then you can use encryption. (Examples: RedPhone, TextSecure for android, but these are not the only examples.) With a platform you trust on both ends, and encryption, the phone company may know the source and destination for many of your frames/packets, but may not know the contents.

                    For privacy of identity and security pf *this*, it is more difficult. I don't know of any *commonly used* applications/services for android or Apple's iOS which provide encryption and a degree of "anonymity" to keep secret the identity of the sender and receiver while allowing the sender and receiver to validate each other as being each other when placing/receiving a call or SMS/text.

                    I understand tor is available, and with .onion pseudo TLD for DNS, and other intermediate redirections may be possible, and there are probably VoIP users using applications that support tor for voice service, but I doubt these are *common* on phones.

                    A point on the topic of CarrierIQ, is about holes in firmware meaning you cannot trust the OS running on that firmware. (What can the OS do if firmware can intercept input and generate output without the OS knowing?) If you can't trust the OS because you can't trust the firmware, encryption is not a reliable way to securely (privately) communicate with this device without your conversations being intercepted by "eve".

                    (Firmware backdoors do not guarantee total failure of OS security, but there is a long history to show how firmware backdoors/maintenance-loops/holes can be exploited to "own" an OS.)

                    Comment


                    • #11
                      Re: Carrier IQ

                      << Even if you run a custom ROM though, can't they just see all your data further upstream? >>

                      Idea on this tread ...
                      Rom ... Rom ...

                      Encrypt OS with specific algo ...
                      Last edited by Xenos; December 31, 2011, 07:25.

                      Comment


                      • #12
                        Re: Carrier IQ

                        My trusted pigeon never fails...
                        while 1 == 1:
                        print "Help, I've got myself stuck in a loop."

                        Comment

                        Working...
                        X