Carrier IQ: Researcher Trevor Eckhart Outs Creepy, Hidden App Installed On Smartphones (VIDEO) (UPDATE)
A security researcher has posted a video detailing hidden software installed on smart phones that logs numerous details about users' activities.
In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software – known as Carrier IQ – logs every text message, Google search and phone number typed on a wide variety of smart phones - including HTC, Blackberry, Nokia* and others - and reports them to the mobile phone carrier.
The application, which is labeled on Eckhart’s HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with "HTTPS," Eckhart said.
The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video.
"Why is this not opt-in and why is it so hard to fully remove?" Eckhart wrote at the end of the video.
In a post about Carrier IQ on his website, Eckhart called the software a "rootkit," a security term for software that runs in the background without a user's knowledge and is commonly used in malicious software.
Eckhart's video is the latest in a series of attacks between him and the company. Earlier this month, Carrier IQ sent a cease and desist letter to Eckhart claiming he violated copyright law by publishing Carrier IQ training manuals online. But after the Electronic Frontier Foundation, a digital rights group, came to Eckhart’s defense, the company backed off its legal threats.
The Electronic Frontier Foundation said the software that Eckhart has publicized "raises substantial privacy concerns" about software that "many consumers don’t know about."
Carrier IQ could not immediately be reached for comment. But the company told Wired.com that its software is used for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
On its website, Carrier IQ, founded in 2005, describes itself as "the world's leading provider of Mobile Service Intelligence solutions."
*A Nokia spokeswoman said CarrierIQ does not ship products for any Nokia devices.
UPDATE 1: Grant Paul, a well-known iPhone hacker who goes by the screenname "chpwn", wrote on his blog that Apple has included Carrier IQ on the iPhone, but the software's default is disabled.
UPDATE 2: Want to find out if your phone is secretly tracking you? Check out our comprehensive list of the devices and carriers known to use Carrier IQ.
UPDATE 3: Senator Al Franken, concerned that Carrier IQ's software may violate federal law, sent a letter to the company requesting an explanation of the software's purpose. (Click here to read more.)
UPDATE 4: Carrier IQ has come forward with a statement regarding its "tracking" software. Many mobile carriers and device manufacturers have also responded to the controversy with statements of their own.
Watch video of Eckhart explaining his findings:
Check out our slideshow (below) to see the 13 smartphones that were rated most vulnerable to hackers and malware in 2011.
#13 - Apple iPhone 4 (And Older Models)
#12 - HTC Evo 4G
#11 - Morotola Droid 2
#10 - LG Optimus One
#9 - Motorola Droid X
#8 - Samsung Galaxy S
#7 - LG Optimus S
#6 - Samsung Epic 4G
#5 - HTC Wildfire
#4 - Sanyo Zio
#3 - Sony Ericsson Xperia X10
#2 - HTC Desire
#1 - Samsung Galaxy Mini