FAQ: Behind the Carrier IQ rootkit controversy
Critics say Carrier IQ software surreptitiously gathers personal data from phones; Vendor, carriers say only service-related data is tracked
Computerworld - The recent disclosure that top mobile phone providers are using software from Carrier IQ that critics say can gather and track all sorts of personal data from a user's smartphone has sparked a firestorm of controversy.
AT&T and Sprint Thursday admitted to installing the software in their phones, but insist that it's only used to collect service related data.
Other carriers deny using the software.
Here's what the controversy is all about.
What does Carrier IQ do?
Mountain View, Calif.-based Carrier IQ sells software designed to help wireless service providers and device makers identify and diagnose service and quality related problems such as dropped calls and battery drain. The software can be used to collect data for analyzing service quality, device quality and what Carrier IQ calls mobile customer experience.
Carrier IQ says its software is installed on over 150 million devices worldwide.
What sparked the controversy over Carrier IQ?
Earlier this month, Trevor Eckhart, a 25-year-old security researcher from Connecticut published details of research he had done showing how Carrier IQ software can be easily tweaked to conduct surreptitious and highly intrusive tracking of Android, BlackBerry and other smartphone users.
Eckhart described the software as a keystroke logging rootkit that is hard-to-detect, hard-to-remove and programmed to run by default on millions of handsets without the users' knowledge.
In addition to collecting device and service related data, Carrier IQ's software can collect data about a user's location, application use, Web browsing habits, videos watched, texts read and even the keys they press, according to Eckhart. The software runs when the phone is switched on and can log all activities till it is switched off. Carriers can set 'triggers' or actions that cause specific data to be logged and sent to them.
Is it known which carriers and handset makers use the tool?
So far, AT&T and Sprint have confirmed that their handsets run Carrier IQ's software. Both carriers insist that the software meets their stated privacy policies and only to collects service and quality-related data. Neither company has identified the handsets running the software. Neither disclosed whether users are notified of its presence or if they can turn it off.
Device makers HTC and Samsung confirmed that their phones include the software, but said they only added it after requests from the carriers.
What about other carriers and handset makers?
Verizon, Research in Motion and Nokia each say they don't use the software in their phones. All three say reports suggesting otherwise are incorrect. There have been several reports that Carrier IQ software has been found on Apple iPhones as well. iPhone hacker chpwn blogged about discovering Carrier IQ on several models "up through and including iOS 5"-based devices. However, the software appears to be easier to disable on the iPhone than on other devices, according to chpwn. Apple has neither confirmed nor denied the reports. The company did not immediately respond to a request for comment.
- Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
- Goodbye 2011 ... What a year!
- Sprint disables Carrier IQ software on its handsets
- Iran tricked U.S. spy drone into landing in country, report says
- FBI never sought Carrier IQ data, director says
- Carrier IQ moves to allay fears of its tracking software
- FBI rejects FOIA request for Carrier IQ info
- Google's Schmidt calls Carrier IQ software a keylogger
- Carrier IQ downplays 2010 patent request
- 8 companies hit with lawsuit over Carrier IQ software
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts