Who’s Watching You? Monitoring App Allegedly Spies on Users
Dec. 21, 2011 (Vol. 32, No. 40)
Security researcher Trevor Eckhart released a video recently describing a nasty little surprise he found lurking in his Android-based HTC smartphone.
It seems the carrier (not identified) had installed an app from a company called Carrier IQ. What the video shows is a hidden application, almost impossible to detect, that can’t be turned off.
This app allegedly has access to every nook and cranny in the phone and is able to recognize and record virtually every keystroke and button press, including recognizing which websites you visit and what text messages you send.
Carrier IQ Defends Its Software
Carrier IQ’s software is marketed as a tool for carriers to monitor network performance, and the company’s response was quick. Carrier IQ sent Eckhart a cease-and-desist letter and insisted he recant his findings.
Fortunately for Eckhart, the Electronic Frontier Foundation (EFF) got behind him and in a press statement published Nov. 23, Carrier IQ formally withdrew its cease-and-desist letter but continued to insist its software:
- “Does not record your keystrokes.
- Does not provide tracking tools.
- Does not inspect or report on the content of your communications, such as the content of emails and SMSs.
- Does not provide real-time data reporting to any customer.
- Finally, we do not sell Carrier IQ data to third parties.”
So was Eckhart wrong? Not quite.
Carrier IQ released a follow-on statement Dec. 1 to clarify the first one. It read in part, “While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS.”
Clearly Carrier IQ’s legal department was worried by this point, as they also note, “Carrier IQ is aware of various commentators alleging Carrier IQ has violated wiretap laws and we vigorously disagree with these assertions.” Information Week carried one of those stories. So it appears the story is still unfolding.
As the mess spread, vendors and operators ran for cover. AT&T and Sprint acknowledged they did use Carrier IQ while Verizon, RIM, and Nokia said they had nothing to do with the company.
Lawsuits are being launched against Carrier IQ, HTC, and anyone else with a few nickels rolling around in their pockets.
What Eckhart Found
While it is not Oscar material, Eckhart’s video is worth a look. He puts his HTC smartphone in airplane mode to kill all network connections and then lists running applications.
He then goes back to the applications list and finds one called “IQRD,” which clearly is running (it has to run anytime Android is running) even though it wasn’t on the list of running applications.
When Eckhart invokes the “Force Stop” command (which only comes up on running applications), it simply ignores the command. Further, the permissions (what an application can get to in Android), run from soup to nuts. The best part of the demo shows the messages generated from each key depression.
Carrier IQ’s software is on Apple’s iPhone, but you can turn it off in “Settings” by disabling “Remote Diagnostics.”
Amped-Up ‘Crap Ware’ …
Carriers are always loading “crap ware” on phones, generally geared toward luring users to inadvertently subscribe to useless revenue-producing services, such as voice dialing ($4.99 per month), roadside assistance ($2.99 per month), navigation ($10.85 per month) and mobile horoscopes (another $10.85 per month).
But Carrier IQ takes it to a new level.
Most of these rip-off “services” are tied to icons on your home screen you can’t erase, and when you click them to see what they do, presto, you’re getting charged. Carrier IQ’s software, meanwhile, was so cleverly hidden and equipped with such expansive permissions it took a really diligent effort to even find it.
… Or Legit Network Enhancer?
Carriers also have used users’ devices to help monitor network performance. GSM-oriented cellular networks use a handoff technique called Mobile Assisted Hand-Off (MAHO).
In first-generation AMPS networks, the base station controlled the handoff, and simply told the handset what base station to go to and what channel to use.
The 2G GSM networks brought smarter handsets, so the base station now sends a command to the device ordering it to measure the signal strength from surrounding base stations and send a report back the base station uses to decide where to hand the call off to. The carriers routinely send those commands even when they have no intention of handing off the call so they can measure the level of redundancy in the network.
Carrier IQ is doing much the same thing, but grabbing a lot more information.
Implications for Privacy
A podcast for UCStrategies.com explored the issue of privacy in unified communications (UC) systems. These podcasts are weekly events where a number of consultants and analysts involved in the UC market talk about issues relevant to the UC market.
Don Van Doren of UniComm Consulting went right for the most obvious privacy issue in UC, which is presence, or the ability for other contacts to view your availability for various types of communications.
“I think privacy and presence are clearly on a collision course,” Van Doren says. He also raised the concern that the issue is expanding as organizations have the ability to “federate” their UC systems so your presence could be broadcast to suppliers, channel partners and others outside of your organization.
Dave Michels of Verge1 Consulting had been looking into this topic already and has since published his own blog post titled “It’s [None of] Your Business.”
Michels runs through a litany of exposures, and – while many of them deal with consumer-oriented services like Facebook – with BYOD those applications are running on the same smartphones where users get their corporate email. One of Michels’ key points is that we typically offer up access to our information when we agree to the Terms of Service for that nifty new app.
As Eric Felton famously put it, “I suspect most of us make more legal agreements in a year than our grandparents made in a lifetime."
Nancy Jamison of Jamison Consulting had the most passionate disdain toward the whole lack of openness and disclosure. No one has time to read what Felton calls “a mortgage-worth of legalese” just to get a new app or concerns themselves with the 200 tracking cookies dictionary.com drops in your browser every time you check the “Word of the Day.”
Enterprise telecom managers take a complacent approach to privacy at their own risk. In our own electronic universe, our individual privacy is our concern. But when we go to work, we are responsible for the privacy of our users and the security of corporate information.
Carrier IQ should be a wake-up call to the ongoing issues of privacy, particularly where social networking and unified communications come into the picture. UC planning typically focuses on the technical challenges of unified messaging, video compatibility and multi-vendor interoperability. While all of that is critically important, planners and managers should also be aware of the privacy concerns these solutions introduce and work with their legal and human resources groups to ensure they are addressed in the overall design.
Or we could wind up with our own Carrier IQ mess to deal with. 
Michael Finneran is an independent consultant, industry analyst, and writer who focuses on wireless technologies, mobile UC, and fixed-mobile convergence. He wrote the book “Voice Over Wireless LANs - The Complete Guide” (Elsevier, 2008), though his expertise spans the full range of wireless technologies including Wi-Fi, Cellular, WiMAX, and RFID. Contact Michael at mfinneran@dbrnassociates.com. | 
