What to Do About Carrier IQ

There’s been a lot of talk about a piece of software installed on many mobile devices called Carrier IQ. The intended purpose of the software according to the manufacturer is to collect metrics to improve many functions of the device on which it’s installed. The uproar has been that this software has access to so much private user data.

According to research by Trevor Eckhart, Carrier IQ has access to basically everything you do on your device, from keystroke logging, to usernames and passwords sent over SSL encrypted connections (albeit before they are encrypted). And while new research has shown that it appears that none of this personal data actually is being harvested, the potential for misuse is very high.

I understand the anger of consumers. I don’t want anyone reading my text messages, or viewing what I search for, reading my email. But what about corporations? What about the possible intellectual property present on these devices?

It is possible that this software can be attacked. I’ve never seen an application that didn’t have a flaw. Isn’t it possible that this software can be compromised, and the data to which it has access could be exfiltrated?

I think the most important point here is that those people that are affected have almost no recourse. The software simply can’t be removed by the average user. Even if a person ‘roots’ or ‘jailbreaks’ their phone to remove the software, there have been reports that this breaks functionality
, or even ‘softbricks’ or temporarily renders the phone inoperable. Some other users are flashing custom ROM’s to their systems. These are customized full replacements of the vendor installed operating system. In some cases, users are still finding Carrier IQ files present after doing so.

We do not recommend rooting your device or installing custom ROM’s for most users. This entirely defeats the security model of your device. Furthermore, custom ROM’s can be so complex, and often do not undergo the scrutiny of the security community. Is this more dangerous than having an administrator level application that can record all your activities? That’s a difficult question to answer.

To summarize, this is a logging application with administrator access hiding on many consumer devices. Even though people pay a yearly, locked-in contract, the service providers felt no responsibility to notify them that this software was present. Not only does this software have an incredible amount of access to personal data, you can’t easily uninstall it. Even if you figure out how to remove it, you may break your device. I have no problem with improving service. I hate dropped calls too. What I do have a problem with is service providers who are intentionally uninformative about what they are doing with your data on a device you’ve paid for, and then not allowing any type of removal or opt-out. Even though this is probably not illegal, it is certainly unethical.

So what can you do about it? While it is possible to detect the presence of Carrier IQ on a device, it is not currently possible to easily remove it. It would seem that the correct thing to do here is talk to your service provider. If your service provider has installed Carrier IQ on your device and you don’t want it there, we urge you to contact their customer service departments and express your outrage.

What to Do About Carrier IQ

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox