December 6, 2016

Carrier IQ Fights Back – Says it isn’t Snooping

(LiveHacking.Com) – Carrier IQ hit back at allegations made by security researcher Trevor Eckhart that their Android app is recording and forwarding all kinds of personal information. The company has issued another press release to “clarify” what its app does and one of the company’s VPs has been speaking to AllThingsD.

In the press release Carrier IQ states that its app:

  • Measures and summarizes performance of a device to assist Operators in delivering better service.
  • Does not record, store or transmit the contents of SMS messages, email, photographs, audio or video.
  • Operates exclusively within that framework and under the laws of the applicable jurisdiction. Any data gathered is transmitted over an encrypted channel.
In the interview with AllThingD, Andrew Coward, Carrier IQ’s VP of marketing, says that the app receives a huge amount of information from the operating system. But just because it receives it doesn’t mean that it’s being used to gather intelligence about the user or is passed along to the carrier:
  • “What the Eckhart video demonstrates is that there’s a great deal of information available on a handset,” says Coward. “What it doesn’t show is that all information is processed, stored, or forwarded out of the device.”
  • “If there’s a dropped call, the carriers want to know about it,” says Coward. “So we record where you were when the call dropped, and the location of the tower being used. … Similarly, if you send an SMS to me and it doesn’t go through, the carriers want to know that, too. And they want to know why — if it’s a problem with your handset or the network.”
  • “We don’t read SMS messages. We see them come in. We see the phone numbers attached to them. But we are not storing, analyzing or otherwise processing the contents of those messages.”
  • “It’s the operator that determines what data is collected,” says Carrier IQ CEO Larry Lenhart. “They make that decision based on their privacy standards and their agreement with their users, and we implement it.”
  • “What’s actually gathered, stored and transmitted to the carrier is determined by its end-user agreement,” he says. “And, as I’m sure you’re aware, the carriers are highly sensitive about what data they’re allowed to capture and what they’re not allowed to capture.”

 

Proof Published that Carrier IQ is Recording Key Presses and Location Data

(LiveHacking.Com) – Trevor Eckhart has posted a YouTube video showing what could be conclusive proof that Carrier IQ are monitoring the key presses and location information of millions of smartphones.

Using a stock HTC EVO handset reset to its factory settings, Eckhart shows how each numeric tap and every received text message is logged by the Carrier IQ software.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” said Trevor in the video.

This is the latest revelation in a series of discoveries which Eckhart has been posting about the Carrier IQ “app” that resides in a number of HTC Android smartphones. In his original findings, which were published on November 14th, Eckhart analysed in great detail what Carrier IQ does, how it does it, and why it is a bad thing.

In response Carrier IQ threatened legal action and sent a cease-and-desist letter and asked Eckhart to issue a press release admitting “inaccuracies” and to “apologize to Carrier IQ, Inc. for misrepresenting the capabilities of their products and for distributing copyrighted content without permission.”

The Electronic Frontier Foundation (EFF) then got involved. Finally Carrier IQ posted a PDF to clarify how their product is used and the information that is gathered from smartphones and mobile devices. They also apologized to Eckhart and the EFF saying “Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF’s work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.”

The question is now what will Carrier IQ’s response be to this latest video. Trevor’s video ends with some important questions, “Why does SMSNotify get called and show to be dispatching text messages to [Carrier IQ]?” and “Why is my browser data being read, especially HTTPS on my Wi-Fi?”

Trevor and the rest of the information security fraternity are awaiting their reply.

WiMAX / 4G Information Leak Discovered on HTC Phones

(LiveHacking.Com) – It was just under a month ago that Trevor Eckhart (AKA TrevE) discovered that HTC preinstalled an application known as HtcLoggers on its phones. This logging program collected all kinds of data and then acted as a server to any connection that opens the right port.

TrevE hasn’t been sitting on his laurels and has now discovered that HTC preinstall a WiMAX monitoring system on its 4G enabled phones. An attacker who gains control over this can potentially manipulate data connectivity and to go even as far as being able to completely reprogram a device’s CDMA parameters remotely.

The WiMAX monitoring system exposes two open ports (7773/7774) to the outside world with no authentication. The only thing required for a malicious app to do anything is the INTERNET permission, which most Android apps request as a matter of course.

It is also possible to send commands to the WiMAX chipset via these ports, but sending a single comma can create an crashes the phone with an “out of bounds range exception.”

TrevE has posted a proof of concept app and a list of commands that can be sent to this monitoring system here.

Security Problems with HTC’s Android Phones

(LiveHacking.Com) – HTC recently updated the software on some of its Android based phones which introduced a suite of logging tools that collect information from the device including locations data and SMS usage. This software has been rolling out for popular phones like the EVO 4G, the EVO 3D and the Thunderbolt. According to a new report this log data is available to any application installed on the phone that is granted ‘Internet’ permission (which is just about every app).

Once an app with ‘Internet’ permission is installed it can access HTC’s logging data and read:

  • the list of user accounts.
  • the last known network and GPS locations along with a short history of previous locations.
  • phone numbers from the phone log
  • SMS data

The problem is with a preinstalled app called HtcLoggers.apk that collects all kinds of data and then acts as a server to any connection that opens the right port. Once connected the app serves up data via a command line interface that even has a handy ‘help’ command.

The vulnerability was found by Trevor Eckhart (AKA TrevE) who has created a proof of concept app and has released a YouTube video walkthrough.

According to the Android Police report:

After finding the vulnerability, Trevor contacted HTC on September 24th and received no real response for five business days, after which he released this information to the public.