What to Do About Carrier IQ

There’s been a lot of talk about a piece of software installed on many mobile devices called Carrier IQ. The intended purpose of the software according to the manufacturer is to collect metrics to improve many functions of the device on which it’s installed. The uproar has been that this software has access to so much private user data.

According to research by Trevor Eckhart, Carrier IQ has access to basically everything you do on your device, from keystroke logging, to usernames and passwords sent over SSL encrypted connections (albeit before they are encrypted). And while new research has shown that it appears that none of this personal data actually is being harvested, the potential for misuse is very high.

I understand the anger of consumers. I don’t want anyone reading my text messages, or viewing what I search for, reading my email. But what about corporations? What about the possible intellectual property present on these devices?

It is possible that this software can be attacked. I’ve never seen an application that didn’t have a flaw. Isn’t it possible that this software can be compromised, and the data to which it has access could be exfiltrated?

I think the most important point here is that those people that are affected have almost no recourse. The software simply can’t be removed by the average user. Even if a person ‘roots’ or ‘jailbreaks’ their phone to remove the software, there have been reports that this breaks functionality
, or even ‘softbricks’ or temporarily renders the phone inoperable. Some other users are flashing custom ROM’s to their systems. These are customized full replacements of the vendor installed operating system. In some cases, users are still finding Carrier IQ files present after doing so.

We do not recommend rooting your device or installing custom ROM’s for most users. This entirely defeats the security model of your device. Furthermore, custom ROM’s can be so complex, and often do not undergo the scrutiny of the security community. Is this more dangerous than having an administrator level application that can record all your activities? That’s a difficult question to answer.

To summarize, this is a logging application with administrator access hiding on many consumer devices. Even though people pay a yearly, locked-in contract, the service providers felt no responsibility to notify them that this software was present. Not only does this software have an incredible amount of access to personal data, you can’t easily uninstall it. Even if you figure out how to remove it, you may break your device. I have no problem with improving service. I hate dropped calls too. What I do have a problem with is service providers who are intentionally uninformative about what they are doing with your data on a device you’ve paid for, and then not allowing any type of removal or opt-out. Even though this is probably not illegal, it is certainly unethical.

So what can you do about it? While it is possible to detect the presence of Carrier IQ on a device, it is not currently possible to easily remove it. It would seem that the correct thing to do here is talk to your service provider. If your service provider has installed Carrier IQ on your device and you don’t want it there, we urge you to contact their customer service departments and express your outrage.

What to Do About Carrier IQ

Your email address will not be published. Required fields are marked *



Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox