FAQ: Behind the Carrier IQ rootkit controversy
Critics say Carrier IQ software surreptitiously gathers personal data from phones; Vendor, carriers say only service-related data is tracked
Computerworld - The recent disclosure that top mobile phone providers are using software from Carrier IQ that critics say can gather and track all sorts of personal data from a user's smartphone has sparked a firestorm of controversy.
AT&T and Sprint Thursday admitted to installing the software in their phones, but insist that it's only used to collect service related data.
Other carriers deny using the software.
Here's what the controversy is all about.
What does Carrier IQ do?
Mountain View, Calif.-based Carrier IQ sells software designed to help wireless service providers and device makers identify and diagnose service and quality related problems such as dropped calls and battery drain. The software can be used to collect data for analyzing service quality, device quality and what Carrier IQ calls mobile customer experience.
Carrier IQ says its software is installed on over 150 million devices worldwide.
What sparked the controversy over Carrier IQ?
Earlier this month, Trevor Eckhart, a 25-year-old security researcher from Connecticut published details of research he had done showing how Carrier IQ software can be easily tweaked to conduct surreptitious and highly intrusive tracking of Android, BlackBerry and other smartphone users.
Eckhart described the software as a keystroke logging rootkit that is hard-to-detect, hard-to-remove and programmed to run by default on millions of handsets without the users' knowledge.
In addition to collecting device and service related data, Carrier IQ's software can collect data about a user's location, application use, Web browsing habits, videos watched, texts read and even the keys they press, according to Eckhart. The software runs when the phone is switched on and can log all activities till it is switched off. Carriers can set 'triggers' or actions that cause specific data to be logged and sent to them.
Is it known which carriers and handset makers use the tool?
So far, AT&T and Sprint have confirmed that their handsets run Carrier IQ's software. Both carriers insist that the software meets their stated privacy policies and only to collects service and quality-related data. Neither company has identified the handsets running the software. Neither disclosed whether users are notified of its presence or if they can turn it off.
Device makers HTC and Samsung confirmed that their phones include the software, but said they only added it after requests from the carriers.
What about other carriers and handset makers?
Verizon, Research in Motion and Nokia each say they don't use the software in their phones. All three say reports suggesting otherwise are incorrect. There have been several reports that Carrier IQ software has been found on Apple iPhones as well. iPhone hacker chpwn blogged about discovering Carrier IQ on several models "up through and including iOS 5"-based devices. However, the software appears to be easier to disable on the iPhone than on other devices, according to chpwn. Apple has neither confirmed nor denied the reports. The company did not immediately respond to a request for comment.
- Lawmaker pushes consumer notification bill in wake of Carrier IQ concerns
- Goodbye 2011 ... What a year!
- Sprint disables Carrier IQ software on its handsets
- Iran tricked U.S. spy drone into landing in country, report says
- FBI never sought Carrier IQ data, director says
- Carrier IQ moves to allay fears of its tracking software
- FBI rejects FOIA request for Carrier IQ info
- Google's Schmidt calls Carrier IQ software a keylogger
- Carrier IQ downplays 2010 patent request
- 8 companies hit with lawsuit over Carrier IQ software
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts