Wednesday, November 30, 2011

Got Smart Phone? The Secret Software on Your Phone Logging EVERYTHING

No privacy on the Internets, people...and no security either, if you use your smart phone to send confidential information - say, trade secrets or intellectual property that in person would be protected by a Non-Disclosure Agreement (NDA) - how secure is it really? Your secrets are stored on some random server in California in some random part of the cloud...
"The video shows the software logging Eckhart’s online search of “hello world” ... despite ... using the HTTPS version of Google which is supposed to hide searches from those who would want to spy by intercepting the traffic between a user and Google. 
Cringe as the video shows the software logging each number as Eckhart fingers the dialer. 
“Every button you press in the dialer before you call,” he says on the video, “it already gets sent off to the IQ application.”
From there, the data — including the content of text messages — is sent to Carrier IQ’s servers, in secret.
By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.
It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?"
- From
Rooting a phone, the only way to turn the logging off, is not trivial:
"Rooting is a process that allows users of mobile phones and other devices running the Android operating system to attain privileged control (known as "root access") within Android's Linux subsystem with the goal of overcoming limitations that carriers and manufacturers put on some devices. It is analogous to jailbreaking on devices running the Apple iOS operating system." - From Wikipedia
Not that you'd need to be a hardware or software engineer to root your phone but it sure would come in handy, don't you think? I think I'll keep my not-so-smart - and therefore slightly more private - phone for the time being...
The video is long and quite detailed; you may find it tedious but personally I was fascinated (and appalled).

For Eckhart's entire security test, rationales, and rebuttals, click here.