Results 1 to 8 of 8

Thread: Android Phones Have Hidden Spyware

  1. #1
    Gold Stagger Hoop's Avatar
    Join Date
    Jan 2004
    Location
    Greenwood
    Posts
    4,522
    Mood

    Sports Logo Sports Logo

    Default Android Phones Have Hidden Spyware

    http://www.wired.com/threatlevel/201...-logging-video


    The Android developer who raised the ire of a mobile-phone monitoring company last week is on the attack again, producing a video of how the Carrier IQ software secretly installed on millions of mobile phones reports most everything a user does on a phone.


    Though the software is installed on most modern Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until 25-year-old Trevor Eckhart of Connecticut analyzed its workings, revealing that the software secretly chronicles a user’s phone experience — ostensibly so carriers and phone manufacturers can do quality control.


    But now he’s released a video actually showing the logging of text messages, encrypted web searches and, well, you name it.
    Eckhart labeled the software a “rootkit,” and the Mountain View, California-based software maker threatened him with legal action and huge money damages. The Electronic Frontier Foundation came to his side last week, and the company backed off on its threats. The company told Wired.com last week that Carrier IQ’s wares are for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”


    The company denies its software logs keystrokes. Eckhart’s 17-minute video clearly undercuts that claim.
    In a Thanksgiving post, we mentioned this software as one of nine reasons to wear a tinfoil hat.


    The video shows the software logging Eckhart’s online search of “hello world.” That’s despite Eckhart using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google.
    Cringe as the video shows the software logging each number as Eckhart fingers the dialer.


    “Every button you press in the dialer before you call,” he says on the video, “it already gets sent off to the IQ application.”
    From there, the data — including the content of text messages — is sent to Carrier IQ’s servers, in secret.


    By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.


    It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?


    And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?
    "Just look at the flowers ........ BANG"

  2. #2
    Member SycamoreKen's Avatar
    Join Date
    Jan 2004
    Location
    Houston, Texas
    Age
    44
    Posts
    10,461

    Sports Logo Sports Logo Sports Logo

    Default Re: Android Phones Have Hidden Spyware

    I found this as well the other day and posted it to my facebook page. The silence was deafening their as well. Is this really not a big deal or are we just giving up on keeping in privacy at all now?

  3. #3
    Jimmy did what Jimmy did Bball's Avatar
    Join Date
    Jan 2004
    Posts
    19,992

    Default Re: Android Phones Have Hidden Spyware

    or are we just giving up on keeping in privacy at all now
    I'd say you've nailed it. We've become numb to it and accepted it...
    Nuntius was right. I was wrong. Frank Vogel has retained his job.

    ------

    "A player who makes a team great is more valuable than a great player. Losing yourself in the group, for the good of the group, that’s teamwork."

    -John Wooden

  4. The Following 3 Users Say Thank You to Bball For This Useful Post:


  5. #4
    The New Gold Swagger travmil's Avatar
    Join Date
    Dec 2004
    Location
    New Pal
    Posts
    7,217
    Mood

    Sports Logo Sports Logo Sports Logo Sports Logo Sports Logo

    Default Re: Android Phones Have Hidden Spyware

    What is REALLY stupid is a large percentage of Americans are signed up for the do not call list and the do not mail lists. What they don't realize is that things like this, and the shopping "convenience" cards are INFINITELY more powerful and useful tools that retailers use to track you and your habits. Not only that, but those things have become more entrenched in our society than we would ever want to believe, far more prevalent than phone calls and direct mailings ever were.

  6. #5

    Default Re: Android Phones Have Hidden Spyware

    I can speak a little as to the legality. There is an exception to Title 3 (Now Title 1) as follows:

    Provider Exception

    18 U.S.C. § 2511(2)(a)(i) permits

    an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.

    This exception grants providers the right "to intercept and monitor [communications] placed over their facilities in order to combat fraud and theft of service." United States v. Villanueva, 32 F. Supp. 2d 635, 639 (S.D.N.Y. 1998). However, it does not permit providers to conduct unlimited monitoring. See United States v. Auler, 539 F.2d 642, 646 (7th Cir. 1976) ("This authority of the telephone company to intercept and disclose wire communications is not unlimited."). Instead, the exception permits providers and their agents to conduct reasonable monitoring that balances the providers' needs to protect their rights and property with their subscribers' right to privacy in their communications. See United States v. Harvey, 540 F.2d 1345, 1351 (8th Cir. 1976) ("The federal courts . . . have construed the statute to impose a standard of reasonableness upon the investigating communication carrier."). Providers cannot use the rights or property exception to gather evidence of crime unrelated to their rights or property. United States v. Harvey, 540 F.2d 1345, 1352 (8th Cir. 1976).


    While the software should be allowed to document the proper functioning of the device per the exception, I think there's a case where it pertains to the logging of phone numbers, internet searches, etc.. Ultimately, this would probably resolve itself in the removal of that part of the functionality, or perhaps the requirement that the user sign a consent agreement before buying the phone.

    There's an interesting court case dealing with this issue from a different angle:

    Hall v. Earthlink Network, Inc., 2005 U.S. App. Lexis 1230 (2d Cir. 2005) held that Earthlink’s continued reception of emails sent to plaintiff Hall’s account did not constitute an “interception” under the Wiretap Act because it was part of Earthlnk's “ordinary course of business.”

    In theory, the CarrierIQ producer could claim, citing this case as precedent, that the user sends the search or the phone call to a satellite which the carrier paid for. Much like an email provider, it is the carrier's "ordinary course of business" to receive and transmit this data to wherever you were intending it to go, so in that case, you give implied consent for the carrier to have this imformation simply by transmitting it to them. The fact that they log it and transmit it on your phone instead of as it crosses the satellite or cell phone tower is immaterial.

    The point of the Hall case being, if there's not "interception", then it doesn't fall under wiretap laws, and also doesn't fall under the Fourth Amendment, as that only pertains to the Gov and it's agents.

  7. #6
    Go Colts! Shade's Avatar
    Join Date
    Jan 2004
    Age
    36
    Posts
    44,230

    Sports Logo Sports Logo Sports Logo

    Default Re: Android Phones Have Hidden Spyware

    Quote Originally Posted by travmil View Post
    This quote is hidden because you are ignoring this member. Show Quote
    What is REALLY stupid is a large percentage of Americans are signed up for the do not call list and the do not mail lists. What they don't realize is that things like this, and the shopping "convenience" cards are INFINITELY more powerful and useful tools that retailers use to track you and your habits. Not only that, but those things have become more entrenched in our society than we would ever want to believe, far more prevalent than phone calls and direct mailings ever were.
    If anyone really wants your information, they're going to get it. It's just way too easy to do now.

    On a related note, why bother with a "security code" on credit cards if you have to constantly use it anyway to make online purchases?

  8. #7
    Member SycamoreKen's Avatar
    Join Date
    Jan 2004
    Location
    Houston, Texas
    Age
    44
    Posts
    10,461

    Sports Logo Sports Logo Sports Logo

    Default Re: Android Phones Have Hidden Spyware

    Quote Originally Posted by Eindar View Post
    This quote is hidden because you are ignoring this member. Show Quote
    I can speak a little as to the legality. There is an exception to Title 3 (Now Title 1) as follows:

    Provider Exception

    18 U.S.C. § 2511(2)(a)(i) permits

    an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.

    This exception grants providers the right "to intercept and monitor [communications] placed over their facilities in order to combat fraud and theft of service." United States v. Villanueva, 32 F. Supp. 2d 635, 639 (S.D.N.Y. 1998). However, it does not permit providers to conduct unlimited monitoring. See United States v. Auler, 539 F.2d 642, 646 (7th Cir. 1976) ("This authority of the telephone company to intercept and disclose wire communications is not unlimited."). Instead, the exception permits providers and their agents to conduct reasonable monitoring that balances the providers' needs to protect their rights and property with their subscribers' right to privacy in their communications. See United States v. Harvey, 540 F.2d 1345, 1351 (8th Cir. 1976) ("The federal courts . . . have construed the statute to impose a standard of reasonableness upon the investigating communication carrier."). Providers cannot use the rights or property exception to gather evidence of crime unrelated to their rights or property. United States v. Harvey, 540 F.2d 1345, 1352 (8th Cir. 1976).


    While the software should be allowed to document the proper functioning of the device per the exception, I think there's a case where it pertains to the logging of phone numbers, internet searches, etc.. Ultimately, this would probably resolve itself in the removal of that part of the functionality, or perhaps the requirement that the user sign a consent agreement before buying the phone.

    There's an interesting court case dealing with this issue from a different angle:

    Hall v. Earthlink Network, Inc., 2005 U.S. App. Lexis 1230 (2d Cir. 2005) held that Earthlink’s continued reception of emails sent to plaintiff Hall’s account did not constitute an “interception” under the Wiretap Act because it was part of Earthlnk's “ordinary course of business.”

    In theory, the CarrierIQ producer could claim, citing this case as precedent, that the user sends the search or the phone call to a satellite which the carrier paid for. Much like an email provider, it is the carrier's "ordinary course of business" to receive and transmit this data to wherever you were intending it to go, so in that case, you give implied consent for the carrier to have this imformation simply by transmitting it to them. The fact that they log it and transmit it on your phone instead of as it crosses the satellite or cell phone tower is immaterial.

    The point of the Hall case being, if there's not "interception", then it doesn't fall under wiretap laws, and also doesn't fall under the Fourth Amendment, as that only pertains to the Gov and it's agents.
    I'm sure they will use the "its just part of doing business" excuse that they bury in the contract, but the fact that the company denied it was doing so and then threatened the guy who was going to spill the beans shows it is more than that. It just amazes me that people are more upset about things that don't truly affect hem but ignore the ones that could really harm them if the information got into the wrong hands. It doesn't help that the media is too dumb to get it either.

  9. #8
    Member SycamoreKen's Avatar
    Join Date
    Jan 2004
    Location
    Houston, Texas
    Age
    44
    Posts
    10,461

    Sports Logo Sports Logo Sports Logo

    Default Re: Android Phones Have Hidden Spyware

    Quote Originally Posted by Shade View Post
    This quote is hidden because you are ignoring this member. Show Quote
    If anyone really wants your information, they're going to get it. It's just way too easy to do now.

    On a related note, why bother with a "security code" on credit cards if you have to constantly use it anyway to make online purchases?
    In a similar vein, I make a point to thank stores that actually ask for ID with my card. We have become so flippant with our money that I'm surprised there are not more stealing going on.

  10. The Following User Says Thank You to SycamoreKen For This Useful Post:


Similar Threads

  1. Advice for a new cell phone.
    By Tom White in forum Market Square (General Non-Sports Discussion)
    Replies: 6
    Last Post: 02-22-2011, 02:47 PM
  2. Report: Packers have Favre's phone records
    By Basketball Fan in forum Indianapolis Colts
    Replies: 13
    Last Post: 07-27-2008, 01:09 PM
  3. Replies: 30
    Last Post: 07-15-2008, 05:04 PM
  4. OT - Lawmakers take aim at spyware
    By kerosene in forum Indiana Pacers
    Replies: 12
    Last Post: 03-04-2004, 04:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •