Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

EFF Reverse Engineers Carrier IQ

samzenpus posted more than 2 years ago | from the see-how-it-ticks dept.

Android 103

MrSeb writes "At this point we have a fairly good idea of what Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation — the preeminent protector of your digital rights — has taken it one step further and reverse engineered some of the program's code to work out what's actually going on. There are three parts to a Carrier IQ installation on your phone: The program itself, which captures your keystrokes and other 'metrics'; a configuration file, which varies from handset to handset and carrier to carrier; and a database that stores your actions until it can be transmitted to the carrier. It turns out that that the config profiles are completely unencrypted, and thus very easy to crack."

cancel ×

103 comments

Sorry! There are no comments related to the filter you selected.

If it's unencrypted... (5, Funny)

Anonymous Coward | more than 2 years ago | (#38470318)

...why would anyone have to crack it? Just open and read it. BRB, I'm going to 'crack' these jpegs of naked ladies.

Re:If it's unencrypted... (0)

Bananana (1749762) | more than 2 years ago | (#38470344)

One doesn't know it is unencrypted until he figures it out (cracks).

Re:If it's unencrypted... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38470352)

'crack' is a vague expression. It says that it's unencrypted, which doesn't mean it isn't encoded. If you read the articles, it will be clear that by cracking they mean understanding what's in there.

Re:If it's unencrypted... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38470372)

Unencrypted != human readable.

Obfuscated bytecode is unencrypted and still takes a lot of effort to make sense from.

Re:If it's unencrypted... (5, Informative)

Anonymous Coward | more than 2 years ago | (#38470374)

Being unencrypted and being human readable are two different things. Reverse engineering includes figuring out the data structure and format and actually figure out what bit means what data. Generally a simple process if it isn't compressed, encrypted or complex, but still reverse engineering.

Re:If it's unencrypted... (5, Funny)

Anonymous Coward | more than 2 years ago | (#38470402)

Indeed. Anyone who has worked with any sort of Perl source code knows just how true your statement is. It's unencrypted, it's not (intentionally) obfuscated, and it may even have comments, but it's not human-readable, even after you've worked extensively with Perl for a couple of decades.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38470462)

Or ASCII... ever tried reading the binary values for ASCII codes? Thankfully almost every hex editor ever built can decode ASCII...

But I understand the confusion - you just assume that if it isn't encrypted that it will be in a format that can be easily read...

Re:If it's unencrypted... (1)

Dark$ide (732508) | more than 2 years ago | (#38471752)

Or ASCII... ever tried reading the binary values for ASCII codes? Thankfully almost every hex editor ever built can decode ASCII...

But I understand the confusion - you just assume that if it isn't encrypted that it will be in a format that can be easily read...

The youth of today. You've not lived until you've decoded EBCDIC or read the holes on a Hollerith card or five bit paper tape.

ASCII is trivial compared to those three.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38472232)

EBCDIC? what's there to decode? A simple lookup table and you are good to go.

Re:If it's unencrypted... (1)

dbc (135354) | more than 2 years ago | (#38472448)

Punch cards are easy. Get out a bottle of MangnaSee, pour some on a magnetic tape, and stick it under a microscope...

Re:If it's unencrypted... (1)

geekprime (969454) | more than 2 years ago | (#38473024)

Thank you, damn kids nowadays have no idea whatsoever.

Try sight reading paper tape.

Re:If it's unencrypted... (1)

SQLGuru (980662) | more than 2 years ago | (#38473102)

I'll just encyrpt my paper tape by running the tape back side up.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38476024)

Back around 1974-5, right after I got out of college, I went to work for a company that made computer systems for the publishing industry. Being a ham radio operator, as well as a BSEE, I was already familiar with 5-level Baudot ("RTTY") used on Model 28 ASRs, as well as 8-level ASCII used on ASR 33's. But I'd never heard of 6-level TTS paper tape until I started calling on customers. That was weird stuff because the sprocket holes were aligned with the *front* edge of the data holes, not centered on the data holes' centerlines. And, there were 3 data holes on one side of a sprocket hole and 3 on the other side, so which way was up? Even more incredible were the old-timers at some of the customer establishments who could read those tapes visually, similar to some hams I knew (and who apparently didn't have anything better to do...).

So, yeah, ASCII is trivial by comparison, assuming those 8-level tapes were indeed ASCII and not a RIM loader for a PDP-8 or PDP-11 !

Re:If it's unencrypted... (1, Funny)

Tsingi (870990) | more than 2 years ago | (#38470466)

it's not human-readable, even after you've worked extensively with Perl for a couple of decades.

Which pretty much makes you a masochist. I used perl for a project once because it was the only language I could get to talk to MSSQL from Linux without screwing up. I dread maintaining it.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38473018)

I dread maintaining it.

From what you say, I would also dread maintaining your code.

Re:If it's unencrypted... (5, Funny)

Anonymous Coward | more than 2 years ago | (#38471228)

Ever look at LISP code. Looks like fingernail clippings in oatmeal.

Re:If it's unencrypted... (2)

paramour (110003) | more than 2 years ago | (#38473144)

Pah, kids these days. Try TECO

"It has been observed that a TECO command sequence more closely resembles transmission line noise than readable text. One of the more entertaining games to play with TECO is to type your name in as a command line and try to guess what it does. Just about any possible typing error while talking with TECO will probably destroy your program, or even worse - introduce subtle and mysterious bugs in a once working subroutine."
    -- Real Programmers Don't Use PASCAL [ryerson.ca]

The first versions of emacs were written in TECO, inspired in part by tmacs -- TECO macros.

Or try APL. Uses a special character set, permits composed characters, assumes you know linear algebra, and reads right to left -- the epitome of a write-only language.

Now get off my lawn.

Re:If it's unencrypted... (2)

Night64 (1175319) | more than 2 years ago | (#38473442)

The first time I saw someone coding a MUMPS [wikipedia.org] program, I figured that it was just a memory dump.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38471368)

Perl is the only programming language I know of that looks the same both before and after 128 Bit encryption

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38472248)

Maybe so, but it still beats the hell out of C++ with templates and macros for readability.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38470390)

If you didn't have a program that could take those bytes in the jpeg and turn them into pixels on the screen we'd be talking comparison. Cracking the jpegs would then be to get the photo onto your screen. Now do that without the use of libjpeg or the jpeg standard documentation.

Re:If it's unencrypted... (5, Informative)

sunderland56 (621843) | more than 2 years ago | (#38470400)

It is a binary, not source code. So it's like having a file containing an image of naked ladies, but not knowing what sort of compression scheme was used.

It was also written in forth, of all things. So it's like finally figuring out the compression scheme and decoding the file - only to find out that it is an image of naked lady *martians*.

Re:If it's unencrypted... (5, Funny)

c (8461) | more than 2 years ago | (#38470838)

> It was also written in forth, of all things. So it's like finally figuring out the compression
> scheme and decoding the file - only to find out that it is an image of naked lady *martians*.

Er... you do realize this is slashdot, and to an entire generation of nerds who spent most of their post-pubescent lives lusting after Star Trek aliens, both real-live implementations of "forth" and images of "naked lady martians" are considered a good thing to find inside compressed, encrypted binary blobs?

Stick with something safe, like car analogies.

Re:If it's unencrypted... (1)

interval1066 (668936) | more than 2 years ago | (#38471086)

real-live implementations of "forth" and images of "naked lady martians" are considered a good thing...

I must not be living in your universe then. The last time I experienced Forth was an interpreter on a cart I bought for my C64 back in the 80's. I think I popped it in the slot once, then it sat on a shelf for the next 10 years and finally got round filed. I can't think of anyone I know who would consider Forth more than a curiosity and more than one of them would try to re-write the module in Python, probably.

Re:If it's unencrypted... (1)

eudaemon (320983) | more than 2 years ago | (#38471738)

Just as a single data point counterpoint, Forth is used in openboot proms so if you were to admin any Sun gear, you'd be using Forth whether you knew it or not even today. Having said that, it's a nice skill to have, but you probably won't get a job programming in that language.

Re:If it's unencrypted... (1)

jackbird (721605) | more than 2 years ago | (#38472624)

In the early 90s, portions of the computer art crowd (the ivory tower capital-A Art folks, not the demoscene folks) were using a lot of Forth to do things people would use Processing for today.

Re:If it's unencrypted... (1)

geekprime (969454) | more than 2 years ago | (#38473100)

It's my understanding that the camera systems that run suspended on cables over the football fields and up and down the sidelines are run on forth, not that that's a huge job market but it's still in use.

Re:If it's unencrypted... (1)

sjames (1099) | more than 2 years ago | (#38473894)

In spite of protests to the contrary, Postscript is practically forth with a few keywords changed and a vector graphics library pre-loaded.. That came in handy when I needed a program to produce printer ready output.

Python may be generally preferable, but Forth can fit in a really tiny and minimalist environment.

Re:If it's unencrypted... (1)

Thing 1 (178996) | more than 2 years ago | (#38478934)

Python may be generally preferable, but Forth can fit in a really tiny and minimalist environment.

Yeah, but shouldn't it have been called Backth? I mean, it's using reverse polish notation...

Re:If it's unencrypted... (1)

Em Adespoton (792954) | more than 2 years ago | (#38474902)

As another coutner-datapoint: All "new world" Macs (PowerPC Macs running OpenFirmware) were using Forth as the bootloader. This also goes for all Sun gear that used OpenFirmware, as well as anyone else. OF was the only real alternative to CMOS for years, and was built around a Forth interpreter.

Up until 2006 or so, you'd probably get a decent driver-level coding job using Forth, but nowadays Lua would be a more useful language to know.

Re:If it's unencrypted... (1)

dlawson (209945) | more than 2 years ago | (#38477290)

I must not be living in your universe then. The last time I experienced Forth was an interpreter on a cart I bought for my C64 back in the 80's. I think I popped it in the slot once, then it sat on a shelf for the next 10 years and finally got round filed. I can't think of anyone I know who would consider Forth more than a curiosity and more than one of them would try to re-write the module in Python, probably.

Alright, whippersnappers, listen up.

FORTH was incredibly useful in the day when many SS-50 Bus systems had 32KB memory cards. I had one that also came with an old 8-KB memory card, but wasn't functional because it's address space overlapped the 32KB card. A simple lookup of the address pins on the memory controller address chip provided the knowledge to re-address the card to a new range, and so I had a system with 56KB addressable memory (the processor card had RAM and ROM onboard.)

So what to do with the extra space? (Re-)Write my own FORTH based OS, which I had gotten from the FORTH magazine. The FORTH code was written in 8086 based assembler, but I had a MC6809, so a rewrite really sped things up. I even figured out how to thread the stacks so as to not have them collide, or simply scribble over all of memory.

As you can probably guess, the project was useful as a learning tool, not for any real work, but it was three years before the Apple or the IBM PC. I then wrote in Assembler (Flex, AFAIR) a printer driver to properly run my DEC LA36 in HiRes mode. I printed my first resume on it. A friend said "Don't use the bold font, it's ugly." My reply was that it was a testament to my skill, because none of the existing drivers outside of DEC equipment could do that.

BTW, SUN; IBM POWER; and OpenBOOT (AKA OpenFirmware) machines all used FORTH for boot loaders and console monitors. So it is more than a curiousity.

NOW get off my lawn. Or make my day, punk ;-)

Re:If it's unencrypted... (1)

rdebath (884132) | more than 2 years ago | (#38472006)

I did use forth for a little while a long time ago. But I'm far to comfortable with normal algebraic notation to stay with it.

So, IMO it's no use as a high level language, but it makes a very good assembly language especially if you're space constrained because optimising for space is just a simple LZW style compression algorithm. Something that is very, very well understood.

So it'll never die, just get hidden everywhere there's half a penny to be shaved.

Re:If it's unencrypted... (1)

antdude (79039) | more than 2 years ago | (#38477608)

Do most geeks/nerds really know about cars? I am a nerd/geek, and I don't know about cars. :P

Re:If it's unencrypted... (1)

c (8461) | more than 2 years ago | (#38478212)

Judging from most slashdot car analogies, I'd say "no". Which, I think, makes it safer ground than programming languages and naked aliens.

Re:If it's unencrypted... (-1)

Anonymous Coward | more than 2 years ago | (#38470482)

I'm using DOS, you insensitive clod!

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38470620)

That's ok, there were (and, presumably, still are) versions of Forth for DOS

Re:If it's unencrypted... (1)

sjames (1099) | more than 2 years ago | (#38473752)

If the images were in an undocumented proprietary format, figuring that format out so that they could be viewed outside of the intended proprietary app would be cracking.

Re:If it's unencrypted... (0)

Anonymous Coward | more than 2 years ago | (#38477736)

"The program itself, which captures your keystrokes and other 'metrics'"...just open it up in notepad. It's.Just.That.Easy.
Stick to cracking jpegs of naked chicks.

Ok, (-1)

Anonymous Coward | more than 2 years ago | (#38470332)

Zee Question, does it, or can it , on demand, upload my private information?

Re:Ok, (1)

Anonymous Coward | more than 2 years ago | (#38471618)

It took a picture of my dick and tweeted it :(

Tony Weiner.

Re:Ok, (0)

Anonymous Coward | more than 2 years ago | (#38471740)

It took a picture of my tits and tweeted it!

Hayley Williams

Re:Ok, (0)

Anonymous Coward | more than 2 years ago | (#38474120)

It took a picture of my tits and dick, and tweeted it!

Chas Bono

Seems like a waste of time (4, Informative)

jbmartin6 (1232050) | more than 2 years ago | (#38470354)

According to the article, almost nothing has been reverse engineered and at best you get "a hint of what data is being captured" from examining an unencrypted config file

Merry (-1, Offtopic)

uufnord (999299) | more than 2 years ago | (#38470364)

Christmas, Everyone! Love, Santa Ho Ho HO!

All I want to know is... (2)

Saintwolf (1224524) | more than 2 years ago | (#38470378)

Are they actually transmitting my keystrokes to the carrier/google?

Re:All I want to know is... (1)

karolbe (1661263) | more than 2 years ago | (#38471444)

No.

android? (3, Interesting)

stoolpigeon (454276) | more than 2 years ago | (#38470408)

why does a story about carrier iq have the android icon on it?

Re:android? (1)

AHuxley (892839) | more than 2 years ago | (#38470454)

The software was used by US telcos in a few different phone systems they offered ... i.e. sitting between the beloved safe 'open' android or more closed OS's, https and your fingers.

Re:android? (1)

xSander (1227106) | more than 2 years ago | (#38470470)

More like: why isn't there an iPhone/iOS-related tag? Android is mentioned because this spyware was installed on (some) Android phones.

Re:android? (3, Funny)

Culture20 (968837) | more than 2 years ago | (#38471816)

why isn't there an iPhone/iOS-related tag?

Because Apple vowed that it was never installed, and that it was disabled by default when it was installed.

Re:android? (1)

Anonymous Coward | more than 2 years ago | (#38473296)

...and that it was disabled by default when it was installed.

So Apple lied when they said

Apple vowed that it was never installed

no?. And we must believe it was really disabled?

Re:android? (1)

assertation (1255714) | more than 2 years ago | (#38473438)

because Carrier IQ software is embedded in phones that use the Android OS?

So it's badly written & only helps the carrier (3, Insightful)

phonewebcam (446772) | more than 2 years ago | (#38470438)

All it needs now is a $5 per Android handset "licensing fee" and you've got your smoking gun!

Cough it up (4, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#38470448)

If you haven't done so yet this year, it's time to go donate a few bucks to EFF.

I wouldn't bring it up if we didn't need them so bad.

I'm in for another fifty, just because I saw this story and it's fucking Christmas and if SOPA passes we might as well kiss our Internet goodbye.

Re:Cough it up (0)

Anonymous Coward | more than 2 years ago | (#38470516)

EFF that !!

Re:Cough it up (1)

Anrego (830717) | more than 2 years ago | (#38470728)

Yup!

I don't agree with everything the EFF says by any stretch... but compared to the other extremes... they get some of my money!

Re:Cough it up (0)

Anonymous Coward | more than 2 years ago | (#38470852)

Done. Money well spent..

Re:Cough it up (1)

andydread (758754) | more than 2 years ago | (#38471964)

Yeah I am going to have to throw them another $50 too. Every time I see EFF in the news I try to throw a few their way. Hope they keep it up and I'll keep sending some their way every time.

Re:Cough it up (0)

Anonymous Coward | more than 2 years ago | (#38472330)

I send them $50 every month. Best [beep] investment in freedom I can make.

Re:Cough it up (3, Informative)

bcrowell (177657) | more than 2 years ago | (#38473182)

It's tax deductible.

To donate by sending a check: 454 Shotwell St, SF, CA 94110

Donate online [eff.org] .

Good things they've done. [wikipedia.org]

Re:Cough it up (1)

poor_boi (548340) | more than 2 years ago | (#38475514)

I just donated again. Thanks for the reminder.

Consumer Protection (5, Insightful)

sociocapitalist (2471722) | more than 2 years ago | (#38470452)

At the risk of being modded down, I think that if there is not already legislation to protect people from this type of spying then there should be.

Of course (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38471134)

Of course there will be. The legislation will say "you may continue to spy as long as we get a cut".

No, that wasn't a joke.

Re:Of course (1)

bill_mcgonigle (4333) | more than 2 years ago | (#38473006)

Exactly right. EFF isn't corrupt - we're better off with them than legislation.

In this case market regulation >>>> government regulation.

Re:Consumer Protection (2)

tunapez (1161697) | more than 2 years ago | (#38472378)

Protect? Surveillance and enforcement are much more profitable than privacy. Be glad the lawmakers are still calling the internet a 'right', any day it could become a mandate.
This is the greatest spycraft tool and marketing assault ever conceived, all wrapped into the guise of bringing info to the masses!
 
Throttled, vetted and sanitized info is the endgame if the entitled set get their way.

Re:Consumer Protection (1)

b4dc0d3r (1268512) | more than 2 years ago | (#38472800)

What type of spying? So far, no one has shown that anything invasive has been sent. Only videos of event triggers, not actual storage or sending. The profile example for my phone looks innocuous enough, and the more I read about CIQ the more I think it does exactly what it says - help the carrier improve the network.

So what exactly is it you want protection against?

My carrier has already asked that it be removed from devices. The free market worked. Mostly because Sprint has been trying very hard to keep customer satisfaction high.

http://informationweek.com/news/mobility/smart_phones/232300799 [informationweek.com]

Re:Consumer Protection (1)

sociocapitalist (2471722) | more than 2 years ago | (#38475010)

You're referring to this specific instance (CIQ) whereas I am referring to the entire idea.

Even if you are correct that nothing serious has happened..this time, the reality is that if we have no legal protection that we will be spied upon as much as possible for corporate gain.

I want a life and I want it private. As I also want to be able to use the Internet (I don't use facebook et al and I make every effort for my private life NOT to be posted), and I want to be able to use a telephone without fear of being spied upon, I want legislative protection saying that they just can't do it.

Re:Consumer Protection (0)

Anonymous Coward | more than 2 years ago | (#38478942)

I also don't use Facebook. We should be Friends!

collector/c info please (5, Interesting)

sgt scrub (869860) | more than 2 years ago | (#38470520)

Of course we hope people can also send us Profiles from Windows Mobile, BlackBerry, iPhone and "feature phone" ports of Carrier IQ.

I'd settle for more info about "c" on the machines collecting data.

grep -H https *.xml

att-galaxy-s2-defaultProfile.pro.xml: UploadUrl="https://ciqcol01.ciq.labs.att.com:10010/collector/c">
htc-amaze-tmob-defaultProfile.pro.xml: UploadUrl="https://oddca.t-mobile.com/collector/c">
htc-evo-sprint-iqprofile.pro.xml: UploadUrl="https://collector.iota.spcsdns.net:10003/collector/c">
tmob-galaxy-s2-defaultProfile.pro.xml: UploadUrl="https://oddca.t-mobile.com/collector/c">

I was able to get ciqcol01.ciq.labs.att.com 10010 to respond with telnet; but, it dropped my connection when I sent GET/POST etc. The others didn't respond. I'm assuming they have been moved.

Re:collector/c info please (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38470566)

Interesting. Port 10010 doesn't show up on a port scan but responds to telnet.

host ciqcol01.ciq.labs.att.com
ciqcol01.ciq.labs.att.com has address 216.103.127.200

nmap -P0 216.103.127.200
Starting Nmap 5.21 ( http://nmap.org/ [nmap.org] ) at 2011-12-23 07:52 CST
Nmap scan report for 216.103.127.200
Host is up (0.028s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds

Re:collector/c info please (4, Informative)

Anrego (830717) | more than 2 years ago | (#38470612)

By default, nmap only scans a subset of ports (first 1000 of all protocols or something).

Try explicitly telling it to scan that port (using the -p option)

Re:collector/c info please (2)

LordLimecat (1103839) | more than 2 years ago | (#38471750)

Just the 1000 most common ports. Hence why it says "not shown: 998 filtered", as well as the two showing up. There is an option which will tell it to do a full scan of all 65536 ports.

Thats probably why they chose that port, incidentally-- gets missed on a casual scan.

Re:collector/c info please (0)

Anonymous Coward | more than 2 years ago | (#38474066)

It's using SSL, so Telnet won't be able to handle the SSL negotiation. Trying using OpenSSL.

Command: openssl s_client -connect [host]:[port]

Re:collector/c info please (0)

Anonymous Coward | more than 2 years ago | (#38474192)

You probably need client certificates for those https sessions. They're probably hidden in the carrier iq binary somewhere.

Wikipedia article (1)

tpotus (1856224) | more than 2 years ago | (#38470650)

Why isn't there a wikipedia page on Carrier IQ, the software? There's only one on the company? Wiki wars?

Re:Wikipedia article (0)

Anonymous Coward | more than 2 years ago | (#38470768)

The one on the company is pretty much all about the software.

Right now information is changing too much.. once it's all calmed down I'm sure the article will be cleaned up and broken apart as appropriate.

Re:Wikipedia article (4, Insightful)

MarkGriz (520778) | more than 2 years ago | (#38470770)

Welcome to Wikipedia, the free encyclopedia that anyone can edit.

Re:Wikipedia article (1)

Khyber (864651) | more than 2 years ago | (#38473944)

Wiki = What I Know Is.

Given the intelligence of most people on this planet, Wikipedia isn't very intelligent. It's also SLOW to pick up on the latest and greatest. And it's still sorely out of date on many topics.

What Wiki knows is garbage.

Re:Wikipedia article (1)

Thing 1 (178996) | more than 2 years ago | (#38478964)

Wiki = What I Know Is.

Yeah I'm not going to add in the references, this is from this [wikipedia.org] page.

"Wiki" (pronounced [Ëwiti] or [Ëviti]) is a Hawaiian word meaning "fast" or "quick".[5]

Re:Wikipedia article (2)

mcgrew (92797) | more than 2 years ago | (#38475078)

Welcome to Wikipedia, the free encyclopedia that anyone can edit, even though your edit won't last 24 hours.

Re:Wikipedia article (0)

Anonymous Coward | more than 2 years ago | (#38478530)

Welcome to Wikipedia, the free encyclopedia that ALMOST anyone can edit, unless your ip address happens to come from some randomly blocked subnet.

Still undiscovered versions out there? (3, Interesting)

meburke (736645) | more than 2 years ago | (#38470820)

We know it's on android, but the article points to an earlier article that says, "In our post yesterday, we wrongly assumed that Carrier IQ was something that carriers added to smartphones — but now it’s clear that Apple bakes Carrier IQ into its closed-source iOS for use by carriers."

This makes me suspicious that there may be a version in Windows-based phones, or other phones with different data OS' installed.

Re:Still undiscovered versions out there? (2)

LordLimecat (1103839) | more than 2 years ago | (#38471774)

Im curious whether this is true of blackberry. Im still rather skeptical that RIM would take their supposedly security-minded product and then compromise it by including something like this in the stock firmware.

Re:Still undiscovered versions out there? (1)

SmurfButcher Bob (313810) | more than 2 years ago | (#38472598)

^^ Mod parent funny!

I smell a class action suit (4, Insightful)

fred911 (83970) | more than 2 years ago | (#38470910)

So not only are you possibly able to invade my privacy, but you're also charging me for the bandwidth to do it? I'm sure the TOS doesn't cover you for the later.

Re:I smell a class action suit (2)

AHuxley (892839) | more than 2 years ago | (#38471160)

I hope it wakes a generation up. So may thought the https as offered was safe via the trusted device and telco.
This shows how many layers can sit between the users and the trusted network - open or closed in every phone shipped in parts of the world.
Many noted it sends "nothing" back - but it still shows how easy it is to get a whole generation of devices shipped with any shipped or installed crypto dead out of the box.
Where are the telco open source developers, former big telco contractors on this?
All we got was ~ "its hard to keep a software secret in 'our' new open source world" or "https math is safe down the network"

Re:I smell a class action suit (1)

Dishevel (1105119) | more than 2 years ago | (#38472542)

I loved my old Evo.
Rooted with CM7 on it.
Whatever phone you have, you should have root.
Most likely you should replace the stock firmware with something else.

Re:I smell a class action suit (0)

Anonymous Coward | more than 2 years ago | (#38472886)

You do realize that even with a rooted phone, the radio is still a black box, right?

Re:I smell a class action suit (0)

Anonymous Coward | more than 2 years ago | (#38473776)

Well, at least the radio can't keylog.
On second thought, one could probably instrument it to read radio interference caused by the user being too close to the keys O_O

Re:I smell a class action suit (3, Informative)

cnj (87028) | more than 2 years ago | (#38471282)

This may help explain why some carriers (e.g. T-Mobile) required an "unlimited" data plan for certain phones. Even though my wife only uses about 40 MB of data over T-Mobile's network a month, they want to require her to use the more expensive unlimited plan. If it's an unlimited plan, they aren't charging you for additional data transfer.

Well, technically they might be, but not directly; and not legally. If that's really the reasoning, then they're just extremely evil and bad, bad people.

Re:I smell a class action suit (0)

Anonymous Coward | more than 2 years ago | (#38472996)

they want to require her to use the more expensive unlimited plan.

Here you go, the reason. No need to explain it with conspiracy, when plain greed will do just fine.

But really, unless it sends live capture of your desktop and your phone cam plus unencrypted contents of every https request and response, it won't use much data.

Even if it does really capture and send actual key and messages log and not just statistics as promised, it won't make more than a megabyte or two a month. "Les Miserables" or "War and Peace" are 1-2Mb each. Can you type it all in a month?

Least favorite aspect of may favorite language (0)

Anonymous Coward | more than 2 years ago | (#38470992)

I was asked as part of a recent job interview the following question: "What do you like least about your favorite programming language?"

Forth, that it's not more widely used.

Apparently, I was wrong

Root phone and run Cyanogenmod! (1)

Anonymous Coward | more than 2 years ago | (#38471168)

http://www.cyanogenmod.com/blog/cyanogenmod-will-never-have-carrier-iq

Most non-OEM ROMs do not have Carrier IQ.

Re:Root phone and run Cyanogenmod! (0)

Anonymous Coward | more than 2 years ago | (#38472074)

http://www.cyanogenmod.com/blog/cyanogenmod-will-never-have-carrier-iq

Everyone loves light-grey-on-white text.

"The preeminent protector of your digital rights" (0, Offtopic)

Hal_Porter (817932) | more than 2 years ago | (#38472104)

The EFF isn't the preeminent protector of your digital rights. The lordpwnalot toolbar is. It protects against Adware, spyware, and all sorts of other capitalist things.

http://www.lordpwnalot.cn/ [lordpwnalot.cn]

Note : many antivirus software will give a false positive and you may need to disable it to install.

Re:"The preeminent protector of your digital right (0)

Anonymous Coward | more than 2 years ago | (#38472224)

Yes.. because I want to drop my pants to install some chinese crap recommended by who exactly?

Re:"The preeminent protector of your digital right (0)

Lashat (1041424) | more than 2 years ago | (#38474056)

It's lordpwnalot. Surely, you can trust him.

More than just privacy (2)

cybergremlin (136962) | more than 2 years ago | (#38474784)

My big problem with CarrierIQ has not been concerns over privacy (I just assume the carrier can see anything I send over their network) but the fact that it is both buggy and unstoppable. I was in the middle of nowhere when I noticed that my Atrix 2 was nearly dead (I had charged it that morning). Checking the battery monitor showed that "Device Health Applicaton" had sucked down 80% of my battery, and had been using GPS for 6 hours strait. Of course you can not force it to quit, que stream of [explative-deleted]. I was able to stop the bleeding by switching off GPS, and a cold boot restored functionality. Still, having an application that can murder performance, but that you can not kill or remove, seems like bad form at the very least.

How is that reverse engineering? (0)

Anonymous Coward | more than 2 years ago | (#38476152)

They didn't duplicate functionality with nothing to go on but the black box of how it works. They had direct reference material from which they could produce human readable code to duplicate functionality. That isn't reverse engineering, that's copying.

This was too easy... (1)

RevSpaminator (1419557) | more than 2 years ago | (#38476536)

I think it is time to start digging to the Radio Images that are provided by the phone vendors. WHAT are they tracking and WHO are they reporting to?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>