More

Gerry Smith
Gerald.Smith@huffingtonpost.com Become a fan of this reporter
GET UPDATES FROM Gerry
 

Carrier IQ: Security Researcher Dan Rosenberg Defends Mobile Tracking Software

Carrier Iq

First Posted: 12/05/11 12:49 PM ET Updated: 12/05/11 12:49 PM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

Last week, the controversy over Carrier IQ, a software installed on millions of smartphones that monitors details about users' activities, reached a fever pitch.

After security researcher Trevor Eckhart posted a video explaining how the software logs every text message, web search and phone number typed on a wide variety of smartphones, Sen. Al Franken (D-Minn.) called on the software's developer to explain, Rep. Ed Markey (D-Mass.) asked the Federal Trade Commission to investigate, and the company was hit with a class-action lawsuit.

But in a blog post Monday, security researcher Dan Rosenberg defended the software, saying it helped improve mobile phone performance and asserting there had been "a lot of misinformation" about who was collecting the data stored on the phones.

“Since the beginning of the media frenzy over Carrier IQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous," Rosenberg, a security consultant for Virtual Security Research, wrote in a post titled "Carrier IQ: The Real Story."

Based on his analysis of the Samsung Epic 4G Touch, Rosenberg said the software collects data from the phone and uploads it for analysis by mobile carriers, who may request data on dropped calls to improve their service.

At the request of mobile phone carriers, Carrier IQ can record GPS location, the URL of websites visited and which dialer buttons are pressed to determine the destination of a phone call, Rosenberg said. But he added that the software does not record text messages, web page contents, or email content, even if carriers and handset manufacturers request it.

Rosenberg's findings echo a statement last week by Carrier IQ, which asserted that its software, which is installed on 150 million devices but not easily removed by the average user, is merely a diagnostic tool used by its mobile operator customers to assess and improve the quality of a network's services.

Rosenberg says:

"All of the data that is potentially being collected supports CarrierIQ’s claims that its data is used for diagnosing and fixing network, application, and hardware failures. Every metric in the above table has potential benefits for improving the user experience on a cell phone network. If carriers want to improve coverage, they need to know when and where calls are dropped. If handset manufacturers want to improve battery life on phones, knowledge of which applications consume the most battery life is essential. Consumers will have their own opinions about whether the collection of this data falls under the terms set by service agreements, but it’s clear to me that the intent behind its collection is not only benign, but for the purposes of helping the user."

That analysis contrasts with Eckhart's findings. He claims the software logs every text message, Google search and phone number typed on a wide variety of smartphones and reports them to the mobile phone carrier.

In his video, Eckhart asserted the application, which was labeled on his HTC smartphone as "HTC IQ Agent," also logs the URL of websites searched on the phone, even if the user tries to encrypt that data using a URL that begins with "HTTPS."

In a post about Carrier IQ on his website, Eckhart called the software a "rootkit," a security term for software that runs in the background without a user's knowledge and is commonly used in malicious software.

Earlier this month, Carrier IQ sent Eckhart cease and desist letter, claiming he had violated copyright law by publishing Carrier IQ training manuals online. But after the Electronic Frontier Foundation, a digital rights group, came to Eckhart’s defense, the company backed off its legal threats.

Check out our slideshow (below) to see what mobile carriers and manufacturers have to say about Carrier IQ software.
Verizon
1  of  13
PLAY
FULLSCREEN
ZOOM
SHARE THIS SLIDE 
According to GigaOM, Verizon Wireless spokesperson Jeffrey Nelson said in an email that the carrier is not a CIQ customer. "Any report that Verizon Wireless uses Carrier IQ is patently false," wrote Nelson.

ComputerWorld received a similar statement, which reads thus:
"Verizon Wireless does not add Carrier IQ to our phones, and the reports we have seen about Verizon using Carrier IQ are false."
MORE SLIDESHOWS NEXT >   |   < PREV
FOLLOW HUFFPOST TECH

Last week, the controversy over Carrier IQ, a software installed on millions of smartphones that monitors details about users' activities, reached a fever pitch. After security researcher Trevor Ec...
Last week, the controversy over Carrier IQ, a software installed on millions of smartphones that monitors details about users' activities, reached a fever pitch. After security researcher Trevor Ec...
Related News On Huffington Post:
 

Read more from Huffington Post bloggers:
Nathan Newman

Nathan Newman: Who Will Watch the Watchers? Google & Facebook Privacy Audits Should be Fully Public

If Google wants to have the role of trustee of more information about more people than any other company and even the government, then it should accept in turn public scrutiny of its actions as well.
Josh Levy

Josh Levy: Is Your Cell Phone Spying on You?

The fact that one company is secretly storing away the data of millions of mobile phone users -- without our knowledge, and with no way for us to opt out -- is just incredible. Sounds like 1984. But it's happening in 2011.

More in Technology...


 
 
  • Comments
  • 57
  • Pending Comments
  • 0
  • View FAQ
Post Comment Preview Comment
To reply to a Comment: Click "Reply" at the bottom of the comment; after being approved your comment will appear directly underneath the comment you replied to.
View All
Favorites
Recency  | 
Popularity
Page: 1 2  Next ›  Last »  (2 total)
HUFFPOST SUPER USER
HeliosOne
99 Fans
02:49 PM on 12/14/2011
This defense makes no sense. If it's true that they only use general information like where a call is being routed then why do they need to know each and every time the phone is turned on and every keystroke pressed? Clearly the software has the CAPABILITY to track a lot more than what the wireless carriers claim that it's intended for. So, why do these other capabilities (that clearly violate the law) even exist?

It doesn't matter how it's intended. When a retailer is hacked and my credit card information is compromised (as has happened to me at least 4 times in the past 2 years), does it absolve them of any responsibility to me simply because it was unintended? Nope! That's why they've always given me a free subscription to a credit monitoring service after it happens -- because they are liable and they know it. Same goes for the wireless carriers, they are liable for the fact that this software can track this info. The fact that they know it (whether they just learned or always knew is besides the point) they are obligated to act and comply with the law.

What is so scandalous here is the fact that they PROBABLY always knew all along that this was a capability of the software. Obviously, Carrier IQ knew it was possible because they wrote the damn software!!
Permalink  |
photo
combot1
131 Fans
07:20 PM on 12/06/2011
Propaganda spin - if most of the data is so useless why is it logged at all? My data is my own - not the wireless carrier. Enough raining on our shoe. Carriers have enough phones to do research on - they don't have a right to mine.
Permalink  |
photo
Winski
176 Fans
12:23 PM on 12/06/2011
Time for a beginners refresher course for Rosenberg. Either that OR he needs his glasses cleaned with a better cloth, cause his copy of the original video must be blurry...
Permalink  |
This user has chosen to opt out of the Badges program
photo
sixtoes
Independent
524 Fans
04:48 AM on 12/06/2011
Spying on us improves the performance of *something* and I highly doubt it's our smartphones.
Permalink  |
photo
Daniel Hoffman
0 Fans
11:09 PM on 12/05/2011
Three of Sprint's reps, apparently reading from a text, told me that "all the carriers use Carrier IQ." If it's benign, why is Sprint lying to me about it?

I filed an FCC complaint after speaking to a Sprint rep, who called herself "Princess". She would not have the decency to clarify her statement, "We do not have the ability to remove Carrier IQ from your phone." I wanted to know if "ability" referred to "permission" or to "techinical skill". She repeated the same line until I gave up wasting time talking to a company hack.


Sprint has lied to me about Carrier IQ. That much is a fact. They said the phone won't work without Carrier IQ. They said that all the providers use it.



Why lie to protect "service enhancement"?
Permalink  |
photo
conswantanIDIOCRACY
19 Fans
07:59 PM on 12/05/2011
What Carrier IQ really does has been blown out of proportion!! Facebook is far worse! Your Internet Service Provider does far worse things with your data!! Read up on the details in this brilliant article and be disgusted that the media doesn't report much on what they and others do with YOUR data:
http://unique-user.blogspot.com/2011/12/carrier-iq-how-bad-is-it-really.html
Permalink  |
This user has chosen to opt out of the Badges program
photo
orbs
682 Fans
04:27 PM on 12/05/2011
There is no defense.

Its a breach of trust and a blatant disservice to the device's owner.
Permalink  |
This user has chosen to opt out of the Badges program
photo
Eris23
Justice is in indefinite detention.
482 Fans
05:06 PM on 12/05/2011
No defense to what?
Permalink  |
This user has chosen to opt out of the Badges program
photo
orbs
682 Fans
05:10 PM on 12/05/2011
There is no defending the software. At all.
Permalink  |
This user has chosen to opt out of the Badges program
photo
orbs
682 Fans
12:00 PM on 12/06/2011
I'm thinking I'll come to semi-regret entertaining you anymore than I already have. But ok...lets do it this way,

You purchase a home. Months later, you discover that the homes manufacture and contractors have installed camera's and microphones throughout your house.

And your reaction to that would be...'Oh well, thats reality for ya!'

Eris...your argument is without merit.

Good day.
Permalink  |
photo
HUFFPOST SUPER USER
gtoya1331
I can't understand it FOR you
75 Fans
 
04:25 PM on 12/05/2011
what i take away from this is that "YES" you're being tracked and no one is denying that part of it
Permalink  |
photo
HUFFPOST SUPER USER
Tulka2
Solidarity. Courage. Humor.
2105 Fans
03:54 PM on 12/05/2011
So.  To summarize the above article:  "Chill.  Nobody wants to track you or listen to what you are saying... until "they" (read private company or governmental agency) do want to track you and/or listen to you.  Then they can and will."
Permalink  |
alex12345
36 Fans
02:52 PM on 12/05/2011
N who have access to the information collected?
Permalink  |
photo
HUFFPOST SUPER USER
Yam716
For CurlTalk, Visit: lillian-mae
274 Fans
 
02:43 PM on 12/05/2011
We don't believe you Dan!
Permalink  |
This user has chosen to opt out of the Badges program
photo
Eris23
Justice is in indefinite detention.
482 Fans
02:47 PM on 12/05/2011
Why?
Permalink  |
photo
LightShadow62
The answers are not found in the extremes
750 Fans
03:56 PM on 12/05/2011
Why would you believe Eckhart over Rosenberg?

Eckhart showed a diagnostic tool that display ALL internal communication on the device and claimed that was what IQ was recording.

Rosenberg actually looked at the IQ software and the files it created. His research should that Eckhart's claims were at best misguided and at worst purposely misleading.
Permalink  |
HUFFPOST SUPER USER
HeliosOne
99 Fans
02:59 PM on 12/14/2011
So, you are saying that the following line has nothing to do with Carrier IQ? Note that Eckhart claims that this is a keystroke log. Also note the "iqagent."

Action[730]:com.htc.android.iqagent.action.ui01
actionUI01:27,0
(0) convert01:27,0
Permalink  |
HUFFPOST SUPER USER
Bascoda
Illigitimati non carborundum
235 Fans
02:36 PM on 12/05/2011
Orwell is being proved more and more prescient with every passing year; the only thing he had wrong was the date.
Permalink  |
photo
HUFFPOST SUPER USER
Yam716
For CurlTalk, Visit: lillian-mae
274 Fans
 
02:43 PM on 12/05/2011
YAY! Fave is working!
Permalink  |
photo
HUFFPOST SUPER USER
Tulka2
Solidarity. Courage. Humor.
2105 Fans
03:57 PM on 12/05/2011
If you were a dissenting minority member in the U.S., the date and time were correct.  The folks at the top of the pile are just getting the news and it's happening to us now b/c we allowed it to happen to minorities in 1984...well... long before that, really.
Permalink  |
MtnGeek
Partisan thinking is an oxymoron
323 Fans
02:28 PM on 12/05/2011
Defending this is an example of how out of touch with people's desire for personal privacy these developers and companies are. They deserve to go out of business for abusing the trust of their customers.
Permalink  |
johnpet
129 Fans
02:22 PM on 12/05/2011
I think history will show that nothing legit has to be hidden. By the mere fact that this sofware is running, but hiding on smartphone tells us everything that we need to know:

"Yes, son, we rifle through all of your private things when you're not around about it's in your best interest."
Permalink  |
photo
HUFFPOST SUPER USER
Tulka2
Solidarity. Courage. Humor.
2105 Fans
03:59 PM on 12/05/2011
Yikes.  Just don't think you are in line with the Founding Fathers' thoughts on expectation of privacy.  Just don't think you are a conservative.  This is a radical far-right view.
Permalink  |
pbr56
220 Fans
09:00 AM on 12/07/2011
It seems that you agree with him. He is saying that they are watching what you do in the background and that is bad.
Permalink  |
jo smith456
238 Fans
01:55 PM on 12/05/2011
Rosenberg is missing a critical point.
Yes, it's nice to a have a software tool that can possibly help improve phone service or customer experience. But the controversy is beyond this.

It's not the features of the tracking software that are of primary issue. It's that the phone owner 1) does NOT have the ability the option to enable/disable those questionable features; 2) is not fully informed of such type of phone/software features.
Permalink  |
This user has chosen to opt out of the Badges program
photo
Eris23
Justice is in indefinite detention.
482 Fans
01:57 PM on 12/05/2011
That's not what caused the alarm.
Permalink  |
MtnGeek
Partisan thinking is an oxymoron
323 Fans
02:29 PM on 12/05/2011
Yes it is. Collecting this data without the user's consent is the issue. It is not a technology problem, it is a privacy one.
Permalink  |
photo
LightShadow62
The answers are not found in the extremes
750 Fans
04:00 PM on 12/05/2011
The user agreements for all of the major carriers include a statement that says that information will be collected on usage patterns for use by the company. Now most of these agreements are only a couple of pages long and are not written in heavy legalize which means the average person could easily take the time to read the document and understand it BEFORE they sign on the dotted line.
The reality is that nearly no one bothered to look because they just wanted to get out the door with their new toy.
Permalink  |
 
Page: 1 2  Next ›  Last »  (2 total)