Carrier IQ – The untold story
what were you Googling again?
Somewhere sometime and for some reason
George had been waiting for this day to come for a long time. He had it all planned out, and as he sat motionless in a tree that was in a yard not his own, George suddenly wished that he was not quite so afraid of great heights and that it had not rained so much the night before, because he had almost slipped and fallen on his way up the tree. But it was worth it. Tonight, Stephanie would be home alone while her parents were out to dinner. “See you at 9 tonight honey and don’t forget to set the alarm. The password is 69347.” George smiled at the thought that people believed that their cell phone communications were private.
He could have found a way to get physical access to the girl’s cell phone, and he thought that it would have been a lot more fun that way. He could have knocked on the door pretending to be from the telephone company. “I am doing routine work in the area and oh by the way, do you or any of your family use a cell phone with our company?” he would say. And he knew that 99% of the time people would assume that he really was from the telephone company because of the fake uniform and so wouldn’t think twice before handing over every cell phone in the house. No not this time. He wanted to play it safe, and luckily for him, Stephanie’s cell phone already had just what he needed built in to the device by default so there was no need to install anything. It was already there and the average user would never find it because it was cleverly hidden. It loaded when she turned on the phone and there was no easy way to force it to quit. That is if she ever even knew it was there.
So his day had finally come. With his special device he put together one day, George was able to intercept any and all information going in or going out of Stephanie’s cell phone. He was even able to see what she was up to just by her using the device. What keys she pressed, what she typed, what web sites she visited, what her password was to her bank account, and most importantly now, the fact that her parents would be out to dinner until 9 pm and that the passcode for the home alarm was 69347. George was going to have fun tonight.
Carrier IQ – What took us so long to find it?
If you haven’t heard of Carrier IQ by now then you should find out about it. If, like me, you have only recently heard of Carrier IQ then apparently we are out of the loop because they have been around for a while. In fact, the first thing you will notice when watching their training video is that the copyright date is 2005-2007.
And what exactly is the company up to?
I did what any responsible information consumer would do and went to take a look at the Carrier IQ website myself.
When you head over to their overview page, you will see what it is exactly that Carrier IQ is selling.
What caught my eye was what they have to say about their Carrier IQ Insight Experience Manager.
Carrier IQ Insight Experience Manager
From the website itself:
IQ Insight Experience Manager
Boost Revenues with Improved Mobile Customer Experience
IQ Insight Experience Manager provides a level of visibility into true customer experience that was, previously unavailable in the mobile industry. Based on Carrier IQ’s leading Mobile Service Intelligence technology, IQ Insight Experience Manager uses data directly from the mobile phone itself to give a precise view of how users interact with both their phones and the services delivered through them, even if the phone is not communicating with the network.
With user experience increasingly viewed as the key differentiator between mobile providers, IQ Insight enables you to align your business improvements with the things customers truly value. Identify exactly how your customers interact with services and which ones they use. See which content they consume, even offline. Identify problems in service delivery, including the inability to connect to the service at all. This actionable intelligence enables you to focus on critical quality and customer satisfaction issues.
What are you doing CIQ?
Trevor Eckhart made a video (linked to at bottom) in which you can clearly see that CIQ is doing such things as:
- Hiding itself – by not showing up in the applications list
- Running whether or not you want it to – by not allowing you to disable or turn off the process.
- Recording what numbers your press when calling someone
- Recording, in plain text, the contents of your text messages
- Recording, in plain text, the search terms you type into a search engine even when that search is done through your wireless connection and by using SSH.
What are you REALLY doing?
It is my opinion that the use of CIQ or any other similar software service has nothing to do with actual diagnostics that would be useful in improving the quality of service for device customers and has more to do with collecting data on user behavior for the benefit of marketers, advertisers, and the intelligence community.
That was 2005 but this is 2012
If this is what they could do in 2005, then imagine what is going on now in 2012. When a week is a lifetime in terms of technological progression, then we really need to watch over ourselves more closely because, it seems, no one else is doing that for us.
Also, expect to see developers jump in by making software that supposedly looks for, disables, and prevents this type of thing. But in the end, who is to say that the ones creating the “security software” won’t be the same ones who are violating our privacy now.
Somewhere sometime and for some reason
Imagine that you are at a protest somewhere and the city sends in the police to clear out the peaceful protesters. You reach for your phone to send instant messages of the news to your friends and on Twitter but they never receive the message because it was intercepted and deleted before they ever received it.
Learn More
- Download the Carrier IQ product information and training videos.
- Read more about Carrier IQ and its service offerings.
- Read story of how CIQ was found running on someone’s Mobile Phone on Androidsecuritytest.com
- Learn more about Mobile phone terminology such as Firmware, Stock & Custom ROMs, and Flashing, visit www.addictivetips.com article on it here
- Watch the YouTube Video of Carrier IQ in action
@DanielMillsap
Astounding job Daniel. Very perceptive too!
I don’t get what the big deal is about. They are only collecting information for diagnostic purposes. They say that over and over again. Besides, it will keep my child safe someday if she is missing it’s software like this that will help find her.
The “big deal”, Karen, is that they say they do not use all the information they collect. Then why do the collect it? They record ever singe keystroke you push on your phone. The do this all without your consent and with no way to stop it. They also broadcast information from a supposedly secure connection (SSL). Another thing is it slows your phone down, this software gets all incoming test messages, calls, and any other incoming transmissions before they are announced to you. For example, you get a text message from a friend, before your handset registers it and lets you know you even got the text, this software captures and sends the text to a data center somewhere. My biggest problem with this is that the collected data can be gathered by someone with a nefarious purpose. If data is generated, stored, or collected, it is vulnerable to being compromised. Also keylogging and rootkit software are big no-nos in the computer world, every one of them is considered malware.