Another email just surfaced …
rootkit hidden in millions of cellphones
Rootkit found in Android, Symbian, BlackBerry, webOS and even iOS handsets …. but not windows phone’s
TheĀ rootkitĀ belongs to a company calledĀ Carrier IQĀ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust.
The capabilities of the rootkit were first discovered byĀ 25-year-old Trevor Eckhart.
Hereās a video showing how everything, including text messages and encrypted web searches, are being logged. Itās truly horrifying.
NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset.
According to Carrier IQ the company is ānot recording keystrokes or providing tracking tools.ā The video above seems to suggest otherwise.
When Eckhart initially labeled the software as a rootkit,Ā Carrier IQ threatened him with legal action. Only when theĀ Electronic Frontier Foundation stepped in did the companyĀ back off from this threat.
āEvery button you press in the dialer before you call,ā Eckhart says on the video, āit already gets sent off to the IQ application.ā
Like I said earlier, thereās a version of Carrier IQ on Appleās iOS, but it doesnāt seem to be quite the same andĀ doesnāt seem toĀ accessĀ as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning offĀ Diagnostics and UsageĀ underĀ SettingsĀ seems to be enough.
You might have noticed that I didnāt list Windows Phone 7 OS earlier.Ā ThatāsĀ becauseĀ it seems that Windows Phone handsets donāt have Carrier IQĀ installed.
Hereās a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQās vice president of marketing explaining how the company sees this as being completely legal.
[UPDATE: According to a statement from Apple toĀ AllThingsD, Apple stopped supporting Carrier IQ with iOS 5.0:
āWe stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.ā
When begs the question … what’s collecting all the information on the iPhone? Is this a mechanism developed by Apple for Apple?]
Bit shocked that yourĀ iPhone has that Carrier IQ logging feature built into the OS? You can switch it off ā¦ in fact,Ā Iāve shown you how to do this before!
Hereās how!
Buried in theĀ SettingsĀ menu is an option to choose not to send what Apple calls ādiagnostic and usage data.ā This option is buried real deep:
SettingsĀ >Ā GeneralĀ >Ā AboutĀ >Ā Diagnostics & Usage
Hereās the screen youāre looking for:
Set this toĀ Donāt SendĀ and you can stop worrying about where your data is going and whoās looking at it.
Note that this feature isĀ onlyĀ present on handsets running iOS 5.0 or later (so the iPhone 4S and upgraded iPhone 4 and 3GS handsets.