How to tell if your Android phone has Carrier IQ on it
Dec 2, 2011 — by Eric Brown — from the LinuxDevices Archive — 1 viewsFrançois Simond (“Supercurio”) has created a “Voodoo Carrier IQ detector” app that detects the presence of Carrier IQ — the “diagnostic” firmware that can monitor every keystroke made on most Android devices and many other smartphones. Since Carrier IQ was exposed earlier this week, both its vendor and carriers have denied they're tracking users, but legal experts say it may be violating several laws.
Earlier this week, Android developer Trevor Eckhart posted a YouTube video (see farther below) showing how Carrier IQ can record keystrokes, instant messages, and perhaps even voice and email. According to the video, which has received over a million hits, there's no way to remove the tracking app or turn it off.
Eckhart initially created an app that can interface with various logging services to help detect the presence of Carrier IQ. He admitted, however, that it's a "work-in-progress." In addition, it requires a relatively high degree of technical savvy.
Now, as first reported by Engadget, forensic specialist François Simond ("supercurio") has posted another app (pictured) on Android Market called Voodoo Carrier IQ detector. The Voodoo app lets users detect whether their Android devices house the Carrier IQ "rootkit" tracker, says Simond, who has offered other Android tuning apps under his "Supercurio — Project Voodoo" brand.
Voodoo Carrier IQ detector, too, still needs some work, as "Carrier IQ fixes are not detected yet and still generate false positives," according to Simond. However, he has posted the source code to Github under open source license so others may help perfect it.
For the record, we tried out the app on an HTC Droid Incredible 2 and a Samsung Intercept and found no sign of Carrier IQ. Eckhart demonstrated the Carrier IQ snooping on an HTC Evo 4G.
As detailed in this eWEEK report, Carrier IQ and its carrier partners have denied the software is used to track individual behavior. Carrier IQ stated, "While we look at many aspects of a device's performance, we are counting and summarizing performance, not recording keystrokes or providing tracking tools. The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."
Potential violations of federal regulations and wiretapping law
As Wayne Rash argues in a Dec. 1 follow-up analysis piece on the controversy in eWEEK, Eckhart's demo would suggest Carrier IQ is not being forthcoming about how its firmware is used.
"Clearly Eckhart's demonstration shows that Carrier IQ is at best disingenuous," writes Rash. "The software collects far more than what the company is saying."
Rash goes on to note: "Because Carrier IQ can record the content of email and text messages, it would probably violate U.S. Payment Card Industry, Sarbanes-Oxley Act and Health Insurance Portability and Accountability regulations even if the data isn't sent to Carrier IQ."
Forbes, meanwhile, interviewed former Justice Department prosecutor Paul Ohm as saying Carrier IQ could bring a class action lawsuit based on a federal wiretapping law. "If CarrierIQ has gotten the handset manufacturers to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap," Ohm, now a law professor at the University of Colorado Law School, was quoted as saying.
Since the uproar over the privacy implications of Carrier IQ erupted earlier this week, carriers and smartphone manufacturers have been scrambling to either distance themselves entirely from Carrier IQ, or else explain their interactions with the company as minimal.
According to the original eWEEK report, Verizon Wireless denies using it, for example, while Sprint, T-Mobile, and AT&T released statements saying they use Carrier IQ, but only for aggregate diagnostic purposes, rather than monitoring users' personal data.
Nokia and RIM have denied putting Carrier IQ in their phones, as has Android vendor HTC. Microsoft says it does not use Carrier IQ on its Windows Phone platform, says eWEEK.
Meanwhile, Apple has admitted that Carrier IQ is partially present in iOS 5, but says it has recently stopped supporting it and plans to remove it from its mobile devices in a future software update, according to a Dec. 1 AllThingsD item.
eWEEK's Rash tested a number of Android phones, apparently using Eckhart's detection solution, and came up empty. He investigated several Verizon Wireless phones, as well as a Samsung and HTC phone from T-Mobile, and found nothing. In addition, he found no sign of the rootkit on a BlackBerry phone.
Nevertheless, Rash suggests it may be best not to use Android phones at all until the problem is cleared up. This strikes us as a bit extreme, but then again, so is the potential danger in letting carriers or vendors spy on our mobile activities.
Until Carrier IQ can provide evidence of its innocence, the story is not likely to go away. (U.S. Senator Al Franken of Minnesota is said to be launching a preliminary investigation.)
Meanwhile, if the threat does indeed turn out to be significant, it is yet another security demerit for Android. It's also another reminder that when it comes to security issues, it's not only the "bad" guys you have to worry about.
Trevor Eckhart demonstrating Carrier IQ spying on YouTube
Source: Trevor Eckhart
(Click to play)
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.