Posted on 12/01/2011 10:19:42 AM PST by ShadowAce
Blogger and iPhone hacker Chpwn believes that the controversial Carrier IQ software isn’t confined to Android devices.
In this blog post, he says a look at the /usr/bin folder reveals Carrier IQ’s agent software, identified as IQAgent in iOS 3, and either awd_ice2 or awd_ice3 on iOS 4 or iOS 5 devices.
At this point, Chpwn believes the daemon does not have access to the UI layer, which means it may not be able to capture the kind of data exposed in Android devices.
While Chpwn states that he is not certain the software is launched except when the phone is in diagnostic mode, the discovery is certain to add further momentum to the fury mounting at Carrier IQ’s surreptitious installation on consumer devices.
After denials by Carrier IQ that it was recording user behaviour in real time, Trevor Eckhart posted a video demonstrating that the company’s software was catching Eckhart’s taps, including searches sent to SSL (secure sockets layer) servers.
The row has Australian carriers putting as much distance between themselves and Carrier IQ as they can, as quickly as they can. Telstra’s Craig Middleton hit the Twittersphere today: “Telstra does not use it. We only use customer data for connecting calls and billing for services”.
The carrier’s New Zealand subsidiary Telstra Clear made a similar, but shorter statement.
Wrapping up the Australian carrier scene, both Optus and Vodafone told News.com.au that Carrier IQ’s software isn’t in use in this country; Vodafone has made the same statement for New Zealand, as has Telecom New Zealand. ®
Nothing on Windows Phone yet?
I've read that the software is capturing user interaction like keystrokes, etc. But, is it actually sending any of that information anywhere, or is it just being kept on the device>
It is being sent home to the program's creator.
The guy who discovered it already stated it was on more than just Android.
“Eckhart said he chose the HTC phone purely for demonstration purposes. Blackberrys, other Android-powered handsets, and smartphones from Nokia contain the same snooping software, he claims.”
Not quite. Although the devs are hard at work trying to figure out what data is being sent (since we can’t trust the companies involved to tell the truth, and Carrier IQ has already lied about it), it looks like the specific keypress and https data is just being logged on the device itself (which is still bad).
Security expert Dan Rosenberg cuts through the drama here;
http://pastebin.com/aiYNmYVz
To see if it’s on your phone (and how to possibly remove it if it is), check here;
http://lifehacker.com/5863895/carrier-iq-how-the-widespread-rootkit-can-track-everything-on-your-phone-and-how-to-remove-it
If you have an iPhone, it’s much easier to turn off – check here for details;
http://lifehacker.com/5864159/carrier-iq-is-tracking-your-iphone-too-heres-how-to-turn-it-off
It doesn’t look like it’s on any Nokia or Windows phone, or any Blackberrys, but that may change as more research is done. And it does appear that it’s on certain feature-phones (non-smartphones) also, although no specific examples have been found yet.
Apparently on the iOS devices, you can disable the “send diagnostics and usage information back to Apple” and that shuts this down as well.
As for me, I already had that turned off...
speaking of windows phone. If you’d like to see what it’s like and only have an android or iphone device then click here (from your phone):
It’s a walkthrough of how the OS works as if it’s running on your phone.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.