A daily digest of IT news, curated from blogs, forums and news sites around the web each morning. We highlight the key commentary and demystify the real story.
Disturbing facts continue to emerge about the spyware/rootkit that comes as standard with many smartphones today -- perhaps most of them. The pre-installed Carrier IQ software is hidden, and can't be disabled by most users. In IT Blogwatch, boggling bloggers say rabbits; white rabbits.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Founder of MetaFilter interviews founder of Slashdot...
Jaikumar Vijayan reports:
[S]ecurity...researcher Trevor Eckhart...earlier this month published a document explaining how Carrier IQ's software...could be used to log detailed information about the phone user's activities. ... Eckhart likened Carrier IQ's software to a rootkit...[which] can collect virtually any kind of data...without the user's permission.
...
In many cases, the software is hidden from users...and is relatively hard for non-technical users...to remove, Eckhart maintained. ... Carrier IQ sent a cease-and-desist letter to Eckhart. ... [T]he Electronic Frontier Foundation (EFF), which promptly agreed to defend the researcher. ... "Given that there is no basis for your legal claims, we must conclude that your threats are motivated by a desire to suppress Mr. Eckhart's research,"...the EFF said in its letter. ... CEO Larry Lenhart...apolog[ized] to Eckhart and...withdr[ew] its threat.
Dan Goodin adds:
[M]illions of smartphones are secretly monitoring...[their] users. ... Eckhart showed how software from...Carrier IQ recorded in real time the keys he pressed. ... [He] demonstrated how each numeric tap and every received text message is logged.
...
Even though he denied the...request that he share his physical location, the Carrier IQ software recorded it...[and] recorded the precise input of his search query...even though he typed it into a page that uses...SSL.
...
In an interview last week, Carrier IQ...[asserted] it never captures key presses. ... More than 19 hours [later], Carrier IQ [has] yet to respond to a request for comment.
Philip Elmer-DeWitt does the fanboi gloating dance:
The app comes pre-installed on more than 140 million handsets, including phones made by Samsung...and Research in Motion -- but not Apple.
But wait! Grant chpwn Paul says iPhones have it too:
Apple has included a copy of Carrier IQ on the iPhone. ... But is this version of Carrier IQ the same...as on Android? ... [N]ot quite. ... It does access: ...
your phone number
your carrier
your country
active phone calls...(not what number was dialed or it was received from) ...
your location (Only, however, if Location Services are enabled)
(Possibly more I havent yet found.) ...
It appears that if you really care about this, Windows Phone 7 is the only mobile operating system without this installed.
And John Gruber picks up the baton:
Worth noting that it appears that nothing gets submitted to Carrier IQ if you opt-out with the Send Automatically switch...deep inside [iOS] Settings.
...
[It] looks like Google is moving to distance itself...from Carrier IQ. If this turns into a scandal its going to get pinned...on the carriers.
