rootkit hidden in millions of cellphones

Another email just surfaced …

rootkit hidden in millions of cellphones

Rootkit found in Android, Symbian, BlackBerry, webOS and even iOS handsets …. but not windows phone’s

The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.

The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart.

Here’s a video showing how everything, including text messages and encrypted web searches, are being logged. It’s truly horrifying.

NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.

According to Carrier IQ the company is ‘not recording keystrokes or providing tracking tools.’ The video above seems to suggest otherwise.

When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat.

“Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.”

Like I said earlier, there’s a version of Carrier IQ on Apple’s iOS, but it doesn’t seem to be quite the same and doesn’t seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough.

You might have noticed that I didn’t list Windows Phone 7 OS earlier. That’s because it seems that Windows Phone handsets don’t have Carrier IQ installed.

Here’s a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ’s vice president of marketing explaining how the company sees this as being completely legal.

 

[UPDATE: According to a statement from Apple to AllThingsD, Apple stopped supporting Carrier IQ with iOS 5.0:

“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

When begs the question … what’s collecting all the information on the iPhone? Is this a mechanism developed by Apple for Apple?]

Bit shocked that your iPhone has that Carrier IQ logging feature built into the OS? You can switch it off … in fact, I’ve shown you how to do this before!

Here’s how!

Buried in the Settings menu is an option to choose not to send what Apple calls ‘diagnostic and usage data.’ This option is buried real deep:

Settings > General About Diagnostics & Usage

Here’s the screen you’re looking for:

Set this to Don’t Send and you can stop worrying about where your data is going and who’s looking at it.

Note that this feature is only present on handsets running iOS 5.0 or later (so the iPhone 4S and upgraded iPhone 4 and 3GS handsets.

One thought on “rootkit hidden in millions of cellphones

  1. That’s why I carry a fax machine with me to text on. I connect through the Sega Genesis Online dialup system.

    Seriously, though, that was a great video. How was he the first to figure this out? Are we all too busy Facebooking and watching lolcats to realize it, or the fact that it’s nearly hidden in plain sight make it that difficult to see?

Leave a Reply

Your email address will not be published. Required fields are marked *