Welcome to WebmasterWorld Guest from 18.104.22.168
An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.
In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.
Ironically, he says, the Carrier IQ software recorded the “hello world” dispatch even before it was displayed on his handset.
Senator and former late-night funnyman Al Franken has called on Carrier IQ to explain why its diagnostic software, buried in the bowels of 141 million smartphones, isn't a massive violation of US wiretap laws.
In a letter sent to Larry Lenhart, CEO and president of the Mountain View, California-based software maker, Franken expressed concern the software may run afoul of the Electronic Communications Privacy Act, which forbids the monitoring of communications without the users’ consent, and the Computer Fraud and Abuse Act. The letter was sent after a 25-year-old Android app developer published evidence that Carrier IQ software may secretly log end users' key taps and text messages.
The swirling controversy over a company that reportedly installed tracking software on users’ mobile phones has already produced its first two lawsuits. On Thursday, plaintiffs sued the company, Carrier IQ, and phone makers HTC and Samsung for violating a federal wiretapping statute.
The class action lawsuits, filed in Chicago and St. Louis, seek hundreds of million of dollars on behalf of all US residents who had mobile phones containing the software. The lawsuits were brought on the basis of the Federal Wiretap Act, a law that forbids intercepting “oral, wire or electronic communications” and provides penalties of $100 per day for every violation that takes place.
More than 48 hours after a software developer posted evidence Carrier IQ monitored the key taps on more than 141 million smartphones, a company official has come forward to rebut the disturbing allegations. And he's provided enough technical detail to convince The Register the diagnostics software doesn't represent a privacy threat to handset owners.
Yes, Carrier IQ is a vast digital fishing net that sees geographic locations and the contents of text messages and search queries swimming inside the phones the software monitors, the company's VP of marketing, Andrew Coward, said in an extensive interview. But except in rare circumstances, that data is dumped out of a phone's internal memory almost as quickly as it goes in. Only in cases of a phone crash or a dropped call is information transferred to servers under the control of the cellular carrier so engineers can trouble shoot bottlenecks and other glitches on their networks.
The most serious charge against Carrier IQ, a venture capital-funded startup in Mountain View, Calif., that makes diagnostic software for carriers, has been that it records keystrokes and transmits them to carriers. One article on a Mac Web site breathlessly reported that "Carrier IQ probably violated federal wiretap laws in millions of cases." (See CNET's FAQ and related articles.)
Well, no. There's zero evidence that Carrier IQ captured, recorded, or transmitted any keystrokes. But that didn't stop the self-appointed lynch mob on blogs and on Twitter (#OccupyCarriers, that would be you).
Dan Rosenberg, an exceptionally talented security consultant who has discovered more than 100 vulnerabilities in the Linux kernel, FreeBSD, and GNU utilities, extracted a copy of Carrier IQ's software from his own Android phones. He then analyzed the assembly language code with a debugger that allowed him to look under the hood.
(Reuters) - Google does not work with nor does it support Carrier IQ, the software maker which has been accused of violating millions of mobile phone users' privacy rights, Executive Chairman Eric Schmidt said on Thursday.
Carrier IQ makes software that operators including AT&T and Sprint Nextel install in mobile devices. The software transmits data that Carrier IQ says allows mobile operators to better understand their devices and networks.
But it has come under fire following reports that its software collects and transmits potentially sensitive data about phone users.