September 30, 2016

Proof Published that Carrier IQ is Recording Key Presses and Location Data

(LiveHacking.Com) – Trevor Eckhart has posted a YouTube video showing what could be conclusive proof that Carrier IQ are monitoring the key presses and location information of millions of smartphones.

Using a stock HTC EVO handset reset to its factory settings, Eckhart shows how each numeric tap and every received text message is logged by the Carrier IQ software.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” said Trevor in the video.

This is the latest revelation in a series of discoveries which Eckhart has been posting about the Carrier IQ “app” that resides in a number of HTC Android smartphones. In his original findings, which were published on November 14th, Eckhart analysed in great detail what Carrier IQ does, how it does it, and why it is a bad thing.

In response Carrier IQ threatened legal action and sent a cease-and-desist letter and asked Eckhart to issue a press release admitting “inaccuracies” and to “apologize to Carrier IQ, Inc. for misrepresenting the capabilities of their products and for distributing copyrighted content without permission.”

The Electronic Frontier Foundation (EFF) then got involved. Finally Carrier IQ posted a PDF to clarify how their product is used and the information that is gathered from smartphones and mobile devices. They also apologized to Eckhart and the EFF saying “Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF’s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.”

The question is now what will Carrier IQ’s response be to this latest video. Trevor’s video ends with some important questions, “Why does SMSNotify get called and show to be dispatching text messages to [Carrier IQ]?” and “Why is my browser data being read, especially HTTPS on my Wi-Fi?”

Trevor and the rest of the information security fraternity are awaiting their reply.