Your Smartphone -IS- Spying On You!

I think it's worth readin' this.
Erwin

Taken from: <http://www.wservernews.com/&gt; http://www.wservernews.com/

Your Smartphone -IS- Spying On You!

There is a process installed on most recent smart phones called Carrier
IQ. You cannot stop this process. It looks at what is happening on the
phone and sends every button you press to the IQ app. From there, the
data - including the content of text messages - is sent to Carrier IQ's
servers, in secret. I checked it out on my own HTC Android phone from
Sprint and sure enough, it's there.

It cannot be turned off without rooting the phone and then replacing the
whole OS. Moreover, even if you stop paying for service from your
carrier and just use Wi-Fi, your phone still reports to Carrier IQ.
Dang! Worse, if you use Google search, and type in a search term, this
is supposed to be https, so it should be encrypted. However, the Carrier
IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.

This particular software is installed on hundreds of millions of
handsets, including modern BlackBerry and Nokia phones, and early
versions of Apple's iOS, but no one knew about it until Android
developer Trevor Eckhart analyzed how it works. Carrier IQ's software is
even running on every iOS version dating back to iOS 3, well-known
iPhone hacker "Chpwn" said in a blog post. (Apple seem to have woken up
with iOS5 where you can turn off Diagnostics and Usage in Settings.)
Link to Chpwn here: <http://www.wservernews.com/go/1322990280328&gt;
http://www.wservernews.com/go/1322990280328

The software secretly logs pretty much anything that happens on a phone,
supposedly for the reason that carriers and phone manufacturers 'can do
quality control'. Yeah right, maybe so, but Carrier IQ can be served
with subpoenas as well, and then all traffic is right there for Big
Brother to be perused. Me no like. And think about compliance for a
moment! This thing has a bunch of legal and ethical angles that the
lawyers are just going to LOVE. I'm pretty sure the first class action
lawsuits are being filed are you read this.

I would not be surprised if this will go all the way up to the Supreme
Court, it is related to the the Fourth Amendment of the U.S.
Constitution: "The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no Warrants shall issue, but upon probable
cause, supported by Oath or affirmation, and particularly describing the
place to be searched, and the persons or things to be seized."

Wow, what a privacy and security hole, unbelievable. Below is the 17-min
video where he clearly shows what is going on. Eckhart calls it a
rootkit, but that is a bit much, though it clearly qualifies as a
Backdoor Trojan in my book.

Probably CIQ started out with the laudable idea to measure carrier and
handset performance. But that is where it went off the rails in a hurry.
Using code that acts like a backdoor Trojan is totally the wrong way to
do that. I wonder if they heard of the Sony rootkit debacle of 2005?

The carriers (and Carrier IQ) have access to Android source code, and
apparently they do what they want with it, without Google being able to
object. Apple seems to have taken action, caused by user backlash.
Google, I suggest you have a look into this... remember 'do no evil'?

Ben Scott remarked: "A while ago some people said, "Glad I'm on
Verizon!". Then the apparent Verizon reporting was discovered. Other
people were saying, "Glad I don't use Android!". Then Symbian and RIM
reporting was discovered. Other people said, "Hah hah! Apple would
*never* let this happen!" Then the iOS reporting was discovered. There
appears to be a trend here." I wonder if the Carriers are in bed with
the Feds,and that Law Enforcement is using this. Talk about privacy
violations.

You can see the video where Eckhart demos what happens on Android. Not
that I have anything to hide, but I'm going to root my phone now, or
look for some app that rips out CIQ.
Video on WIRED:
<http://www.wservernews.com/go/1322990470171&gt;
http://www.wservernews.com/go/1322990470171

Update: Looks like Eckhart -has- some code that checks for CIQ and
disables it. Less time than rooting a phone. Start here:
<http://www.wservernews.com/go/1322990482187&gt;
http://www.wservernews.com/go/1322990482187

attachment.htm (5.79 KB)

Hallo,

Artikel dazu auf heise

http://heise.de/-1389048

Bruno

Bruno Cadonna <b(a)cadonna.it> ha scritto:

Hallo,

Artikel dazu auf heise

http://heise.de/-1389048

Bruno

I think it's worth readin' this.
Erwin
Taken from: http://www.wservernews.com/

      Your Smartphone -IS- Spying On You!

There is a process installed on most recent smart phones called

Carrier

IQ. You cannot stop this process. It looks at what is happening on

the

phone and sends every button you press to the IQ app. From there, the
data — including the content of text messages — is sent to Carrier

IQ’s

servers, in secret. I checked it out on my own HTC Android phone from
Sprint and sure enough, it's there.

It cannot be turned off without rooting the phone and then replacing

the

whole OS. Moreover, even if you stop paying for service from your
carrier and just use Wi-Fi, your phone still reports to Carrier IQ.
Dang! Worse, if you use Google search, and type in a search term,

this

is supposed to be https, so it should be encrypted. However, the

Carrier

IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.

This particular software is installed on hundreds of millions of
handsets, including modern BlackBerry and Nokia phones, and early
versions of Apple's iOS, but no one knew about it until Android
developer Trevor Eckhart analyzed how it works. Carrier IQ's software

is

even running on every iOS version dating back to iOS 3, well-known
iPhone hacker "Chpwn" said in a blog post. (Apple seem to have woken

up

with iOS5 where you can turn off Diagnostics and Usage in Settings.)
Link to Chpwn here: http://www.wservernews.com/go/1322990280328

The software secretly logs pretty much anything that happens on a

phone,

supposedly for the reason that carriers and phone manufacturers 'can

do

quality control'. Yeah right, maybe so, but Carrier IQ can be served
with subpoenas as well, and then all traffic is right there for Big
Brother to be perused. Me no like. And think about compliance for a
moment! This thing has a bunch of legal and ethical angles that the
lawyers are just going to LOVE. I'm pretty sure the first class

action

lawsuits are being filed are you read this.

I would not be surprised if this will go all the way up to the

Supreme

Court, it is related to the the Fourth Amendment of the U.S.
Constitution: "The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches and

seizures,

shall not be violated, and no Warrants shall issue, but upon probable
cause, supported by Oath or affirmation, and particularly describing

the

place to be searched, and the persons or things to be seized."

Wow, what a privacy and security hole, unbelievable. Below is the

17-min

video where he clearly shows what is going on. Eckhart calls it a
rootkit, but that is a bit much, though it clearly qualifies as a
Backdoor Trojan in my book.

Probably CIQ started out with the laudable idea to measure carrier

and

handset performance. But that is where it went off the rails in a

hurry.

Using code that acts like a backdoor Trojan is totally the wrong way

to

do that. I wonder if they heard of the Sony rootkit debacle of 2005?

The carriers (and Carrier IQ) have access to Android source code, and
apparently they do what they want with it, without Google being able

to

object. Apple seems to have taken action, caused by user backlash.
Google, I suggest you have a look into this... remember 'do no evil'?

Ben Scott remarked: "A while ago some people said, "Glad I'm on
Verizon!". Then the apparent Verizon reporting was discovered. Other
people were saying, "Glad I don't use Android!". Then Symbian and RIM
reporting was discovered. Other people said, "Hah hah! Apple would
*never* let this happen!" Then the iOS reporting was discovered.

There

appears to be a trend here." I wonder if the Carriers are in bed with
the Feds,and that Law Enforcement is using this. Talk about privacy
violations.

You can see the video where Eckhart demos what happens on Android.

Not

that I have anything to hide, but I'm going to root my phone now, or
look for some app that rips out CIQ.
Video on WIRED:
http://www.wservernews.com/go/1322990470171

Update: Looks like Eckhart -has- some code that checks for CIQ and
disables it. Less time than rooting a phone. Start here:
http://www.wservernews.com/go/1322990482187

_______________________________________________
http://lists.lugbz.org/cgi-bin/mailman/listinfo/lugbz-list

_______________________________________________
http://lists.lugbz.org/cgi-bin/mailman/listinfo/lugbz-list

Questa di carrierIQ è davvero una brutta storia, che no fa che peggiorare col passare dei giorni.

Vogliamo fare un piccolo workshop: "libera il tuo smarphone (android)" dove mostrare come si installa una versione free(compilata dai sorgenti) di android?

Ci sarebbero persone interessate a partecipare?

Daniele
-- Inviato con un client di posta free ed open source

Ciao Daniele,

io sarei molto interessato...

Saluti
Marco

Anche io confermo!!!!

attachment.htm (8.32 KB)

Anche io sarei interessato e mi piacerebbe coinvolgere anche le persone del
jug

attachment.htm (8.35 KB)

Salve,

faccio un piccolino thread hijacking:

Che cosa si e svilluppato riguardando la liberazione del smartphone. Sto
giocando con il pensiero di prendermi und samsung galaxy s2 dell' A1 in
Austria e volevo usarlo anche in italia.

Avete dell'esperienza in questa direzione? Avete gia fatto il workshop?

grüsse

ando

    > Bruno Cadonna <b(a)cadonna.it <mailto:b(a)cadonna.it>> ha scritto:

...