Carrier IQ is BYOD kiss of death -- urgent action required

Does your enterprise operate a Bring-Your-Own-Device (BYOD) policy?

Carrier IQ logo

Are your employees running around with their own iPhones, rather than the company-supplied BlackBerry?The scare over the Carrier IQ spyware/rootkit should make you have second thoughts. I'll tell you why, in The Long View...

We're led to believe that many smartphones are infected from the manufacturer by a spyware rootkit created by the company Carrier IQ. It's been demonstrated that this privacy-invading software logs just about every action you take on your smartphone. While the company maintains that it's "not recording" such information, it's been demonstrated that an incredible amount of detailed data is actually logged. This immense cognitive dissonance could perhaps be explained by a curious definition of the word "recording" -- the company seems to mean that the data remain on the device and aren't transmitted to be recorded by Carrier IQ or its wireless-carrier customers. Bogus semantic niceties aside, this should be extremely worrying for enterprises and organizations of all sizes. The very existence of such logs are an enormously juicy target for industrial espionage. Urgent action required:

  1. Audit the devices used by employees in the performance of their work.
  2. Ensure that Carrier IQ is not installed on them.
  3. If you find such infected devices, pull the battery or otherwise fully disable them.
  4. Ensure that all traces of this perfidious malware are removed.

It's bad enough that company-supplied devices may be infected, but what about employee-owned devices that they use for work? BYOD adds an extra level of complexity to this situation. While we're thinking about this, how about WikiLeaks' revelation that governments around the world are using iTunes exploits to spy on people?

You may choose to trust your own government, but what about the governments of your international competitors? Government-sponsored industrial espionage isn't beyond the ambitions or capabilities of many states. 

Take this seriously, people.  

Background:

Still comfortable with a BYOD strategy? Leave a comment below...

Richi Jennings, blogger at large

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. As well as The Long View, he's also the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com. You can also read Richi's full profile and disclosure of his industry affiliations.  

Join the discussion
Be the first to comment on this article. Our Commenting Policies