AT&T, Sprint confirm use of Carrier IQ software on handsets
Verizon, RIM, Nokia insist their handsets don't support the software
Computerworld - Amid what's snowballing into a major privacy controversy, AT&T, Sprint, HTC and Samsung today confirmed that that their mobile phones integrate a controversial piece of tracking software from a company called Carrier IQ.
Both wireless carriers AT&T and Sprint insisted that the software is being used solely to improve wireless network performance while phone makers HTC and Samsung said they were integrating the software into their handsets only because their carrier customers were asking for it.
T-Mobile said that it, too, uses Carrier IQ's software, which it described as a diagnostic tool to troubleshoot device and network performance. "T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers' internet activity, nor is the tool used for marketing purposes," the company said in an email statement.
Meanwhile, several large carriers and handset makers, including Verizon, Research In Motion and Nokia, distanced themselves from the software and insisted that reports about their devices integrating the tool are false.
The controversy began last week when independent security researcher Trevor Eckhart published a report disclosing how Carrier IQ's software could be used by carriers and device makers to conduct surreptitious and highly intrusive tracking of Android and other smartphone users.
Eckhart described the software as a hard-to-detect and equally hard-to-remove rootkit that could be used by carriers and phone makers to collect almost any kind of data from a mobile phone without the user's knowledge. Eckhart said his research showed that Carrier IQ's software was often enabled to run by default on several mobile devices including those from Samsung, HTC, RIM and others.
A lot of the information collected by Carrier IQ is designed to enable mobile operators and device vendors to quickly identify and address quality and service-related issues. But the software can be tweaked to gather more intrusive data about a user's location, the software and applications on the device, which keys are being pressed and what applications are in use, Eckhart said in his analysis.
Earlier this week, Eckhart posted a video clip on YouTube showing how Carrier IQ's software recorded all of the keystrokes he made on his handset, even when the phone was reset to factory setting and put into airplane safe mode, at which time it was no longer part of the carrier's network. In his research, Eckhart said that phone carriers could program the software to send user data whenever certain triggers or actions were completed.
- Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
- Goodbye 2011 ... What a year!
- Sprint disables Carrier IQ software on its handsets
- Iran tricked U.S. spy drone into landing in country, report says
- FBI never sought Carrier IQ data, director says
- Carrier IQ moves to allay fears of its tracking software
- FBI rejects FOIA request for Carrier IQ info
- Google's Schmidt calls Carrier IQ software a keylogger
- Carrier IQ downplays 2010 patent request
- 8 companies hit with lawsuit over Carrier IQ software
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- How to Keep Company Assets Secure with Federated Identity and Access Management This Technology Spotlight discusses the growing need for security in today's cloud-based, mobile world of IT, and the rise of SaaS-based solutions.
- Security, Privacy and Trust in Email Management This white paper discusses a SaaS-based email management solution that delivers the security, continuity and archiving capabilities your organization demands.
- Unifying Secuirty Operations Agile enterprises know that the way to quickly identify and react to threats to the business is to break down operational siloes by...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...