Developer finds hidden smartphone logging app

Shawn Knight

Posts: 15,256   +192
Staff member

A security researcher by the name of Trevor Eckhart has uncovered a hidden application installed on many popular smartphones that logs nearly everything the user does. Eckhart has posted a 17-minute video on YouTube that shows how the software tracks text messages, Google searches, phone numbers and more.

In the video, Eckhart details the process on his HTC EVO 3D but the software is present on other handsets from manufacturers like RIM and Nokia. The app is called HTC IQ Agent on the EVO 3D and it’s impossible to stop the application from running in the app settings on HTC Android devices. The video shows how the application tracks button presses and even SMS text messages. Furthermore, HTC IQ Agent logs browser searches, even if you are using encryption methods like https. With https, anything after the domain name should be encrypted – it’s not in this case.

Eckhart calls Carrier IQ a rootkit on his blog, which is a term for a piece of software that is installed without the user’s knowledge and is typically used for malicious purposes.

The developer has been in a legal battle with Carrier IQ for some time now. The company sent him a cease and desist letter earlier this month claiming that he violated copyright laws when he published training manuals on his blog. Digital rights group Electronic Frontier Foundation came to Eckhart’s defense and Carrier IQ eventually retracted the legal threat. The group feels that Eckhart has “raised substantial privacy concerns” regarding software that many consumers don’t know about.

Carrier IQ bills themselves as "the leading provider of Mobile Service Intelligence Solutions to the Wireless Industry." A ticker on the company's website shows over 141 million handsets have been deployed running their software. A PDF published on November 16 claims the company does not record keystorkes or provide tracking tools. After watching Eckhart's video, however, it's difficult to believe such a statement. What do you think?

Permalink to story.

 
What do they gain by tracking what you do on your phone? I hope the iPhone doesn't have anything similar installed :s
 
OH MY GOD! I used my cell phone and you won't believe what happened! 30 days later i got a bill and the people who i got my cellphone from KNEW everyone i had called!!!!! They new what time I called at, for how long i talked for, and EVEN KNEW if it was long distance or not!!!


WHERE IS MY PRIVACY!!!!?????????????!!!!!!!!!!!
 
Don't kid yourselves, Qualcomm and other mobile chipset makers incorporate the ability to turn on your phone remotely and listen to your conversations as part of the modem firmware. The NSA uses it to check for disgruntled citizens and other potential "protestors" or "insurgents".

Carrier IQ is most probably filthy with NSA and CIA operatives, just like any other US company in certain industries important to "national security".

Don't forget the state governments: CIA plants in Every Single state. Just in case they need to check your driver's license info for strictly clerical reasons... you know.
 
Burty117 said:
What do they gain by tracking what you do on your phone? I hope the iPhone doesn't have anything similar installed :s

So... what would they get out of tracking the one thing you take everywhere and do almost everything on that includes a gps system... what could they gain from it... what... what... what... I still can't think of a single reason why sorry mate
 
I believe it was stated in an Ars Technica article that the iPhone has no Carrier IQ on it. Although, they didn't deny the possibility that Apple itself could be tracking similar things through their own software built into iOS.
 
I believe the point here is that the tracking software can log your user names and passwords. Like, for instance, the ones you use to access your bank accounts. Or, if that isn't scary enough for you, they could break into your facebook account.

Good luck keeping your privacy and your money.
 
It has just been found on the iphone http://www.theverge.com/2011/11/30/2601875/carrier-iq-references-discovered-apple-ios-iphone
 
I wonder if the same sort of hidden programs may have been installed in Laptop computers! Any thoughts? Anyone?
 
well, any OS has logging capabilities including audit logs. So it is not a big deal. However I agree that the logs should not display sensitive info such as passwords in clear or entire https URLs in clear. So as long as these logs are not sent to anybody outside I do not see other security or privacy concerns.
 
Most of you are totally missing the point! https: is supposed to be encrypted. Because it is not doing any banking, email, or other password based communication is open for theft if found out. This is much worse than worrying about govt listening. Analytics are fine, but keystroke recording is crazy wicked.
 
Some (I used the word some) of these Occupy Wall Street-ers are just a > boil on the worst part of society's ***!

Quote of the day >

Protester "ahhhhhh yehhhh, I think everyone should have some technology"

Reporter> "So you think everyone should have an iPad or cellphone?"..."I see you have one there in your hand"

Protester> "Yee yea yea....everyone should have an iPhone and iPad"

Reporter >"Can I have yours and will you share it with everyone here?"

Protester> "No way dude (it was lady a reporter)....personal property IS NOT private property and whatnot"

******...LMAO

----------------------------------------
Be very careful what you wish for protesters! Think about what you are asking your government to do > GIVE EVERYBODY A TRACKING and money TRANSACTING/payment device to keep track of your dumb ***.

"The easiest way to get someone(s) to do exactly what you want them to do.....is to make them think they have no other choice...or to make them think it was their idea"

These sheep are walking themselves to the slaughter

by Steven L. Goff - 11 days ago - 4 answers - 130 views
 
Big Brother is here and has been for a long time. We were forewarned in the Bible that in the last days you would not be able to buy or sell without the mark of the beast. Computers, everything that is electronic in nature with the ability to make calculations, are in the hands of nearly everyperson at least every family on this earth. NWO is watching us all the time, maybe right now some person is already getting ready to grab the power of all the nations to make people worship him. Oh yeah, I am just a religious nut!
 
I've head of this remote monitoring before as well. It seems plausible to a point, but you'd think you'd see more battery drain when its off. It also brings up liability questions if for instance the phone is off because the signals could interfere with medical equipment... I'm guessing they SHOULD need a warrant or at least one of those damnable NS letters to activate the firmware call backs. Would probably mean it wouldn't be detectable unless one was the subject of said warrant. I guess the moral of the story is you should either hold your "suspect" meetings in a faraday cage or just pull the battery from the phone... I don't care how sneaky they are no power is a no go and in modern ultra sleek phones there just isn't a whole lot of room for secondary back spy batteries/capacitors. Also a secondary lesson would be monitor your phones RF output in the aforementioned faraday cage (to avoid environmental interference) while its off, if you see any changes in activity the FEDs are on to you. :p
 
What do they gain..are you kidding me. this is big brother at its best. Forget about battery drain. When you turn on the phone everything will catch up, you will never realize. This truly is 1984....
 
This is just an example of what happens when you do not protect your civil liberties. All of these measures are a result of laws passed to protect us from terrorism. It is illegal for them to root around your house or even listen to your phone calls without a warrant. But it probably isn’t illegal for them to obtain the same information through these types of apps without a warrant. Hell we will probably start getting speeding tickets from them tracking our phones while we drive. (To protect the children from unsafe drivers of course.)
 
Back