On Tue, Dec 6, 2011 at 6:40 PM, Daniele Gobbetti <
daniele@gobbetti.name> wrote:
> Bruno Cadonna <
b@cadonna.it> ha scritto:
>
>>Hallo,
>>
>>Artikel dazu auf heise
>>
>>
http://heise.de/-1389048
>>
>>Bruno
>>
>>On 12/6/11 11:33 AM, Pfeifer, Erwin wrote:
>>> I think it's worth readin' this.
>>> Erwin
>>> Taken from:
http://www.wservernews.com/
>>>
>>>
>>> Your Smartphone -IS- Spying On You!
>>>
>>> There is a process installed on most recent smart phones called
>>Carrier
>>> IQ. You cannot stop this process. It looks at what is happening on
>>the
>>> phone and sends every button you press to the IQ app. From there, the
>>> data — including the content of text messages — is sent to Carrier
>>IQ’s
>>> servers, in secret. I checked it out on my own HTC Android phone from
>>> Sprint and sure enough, it's there.
>>>
>>> It cannot be turned off without rooting the phone and then replacing
>>the
>>> whole OS. Moreover, even if you stop paying for service from your
>>> carrier and just use Wi-Fi, your phone still reports to Carrier IQ.
>>> Dang! Worse, if you use Google search, and type in a search term,
>>this
>>> is supposed to be https, so it should be encrypted. However, the
>>Carrier
>>> IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.
>>>
>>> This particular software is installed on hundreds of millions of
>>> handsets, including modern BlackBerry and Nokia phones, and early
>>> versions of Apple's iOS, but no one knew about it until Android
>>> developer Trevor Eckhart analyzed how it works. Carrier IQ's software
>>is
>>> even running on every iOS version dating back to iOS 3, well-known
>>> iPhone hacker "Chpwn" said in a blog post. (Apple seem to have woken
>>up
>>> with iOS5 where you can turn off Diagnostics and Usage in Settings.)
>>> Link to Chpwn here:
http://www.wservernews.com/go/1322990280328
>>>
>>> The software secretly logs pretty much anything that happens on a
>>phone,
>>> supposedly for the reason that carriers and phone manufacturers 'can
>>do
>>> quality control'. Yeah right, maybe so, but Carrier IQ can be served
>>> with subpoenas as well, and then all traffic is right there for Big
>>> Brother to be perused. Me no like. And think about compliance for a
>>> moment! This thing has a bunch of legal and ethical angles that the
>>> lawyers are just going to LOVE. I'm pretty sure the first class
>>action
>>> lawsuits are being filed are you read this.
>>>
>>> I would not be surprised if this will go all the way up to the
>>Supreme
>>> Court, it is related to the the Fourth Amendment of the U.S.
>>> Constitution: "The right of the people to be secure in their persons,
>>> houses, papers, and effects, against unreasonable searches and
>>seizures,
>>> shall not be violated, and no Warrants shall issue, but upon probable
>>> cause, supported by Oath or affirmation, and particularly describing
>>the
>>> place to be searched, and the persons or things to be seized."
>>>
>>> Wow, what a privacy and security hole, unbelievable. Below is the
>>17-min
>>> video where he clearly shows what is going on. Eckhart calls it a
>>> rootkit, but that is a bit much, though it clearly qualifies as a
>>> Backdoor Trojan in my book.
>>>
>>> Probably CIQ started out with the laudable idea to measure carrier
>>and
>>> handset performance. But that is where it went off the rails in a
>>hurry.
>>> Using code that acts like a backdoor Trojan is totally the wrong way
>>to
>>> do that. I wonder if they heard of the Sony rootkit debacle of 2005?
>>>
>>> The carriers (and Carrier IQ) have access to Android source code, and
>>> apparently they do what they want with it, without Google being able
>>to
>>> object. Apple seems to have taken action, caused by user backlash.
>>> Google, I suggest you have a look into this... remember 'do no evil'?
>>>
>>> Ben Scott remarked: "A while ago some people said, "Glad I'm on
>>> Verizon!". Then the apparent Verizon reporting was discovered. Other
>>> people were saying, "Glad I don't use Android!". Then Symbian and RIM
>>> reporting was discovered. Other people said, "Hah hah! Apple would
>>> *never* let this happen!" Then the iOS reporting was discovered.
>>There
>>> appears to be a trend here." I wonder if the Carriers are in bed with
>>> the Feds,and that Law Enforcement is using this. Talk about privacy
>>> violations.
>>>
>>> You can see the video where Eckhart demos what happens on Android.
>>Not
>>> that I have anything to hide, but I'm going to root my phone now, or
>>> look for some app that rips out CIQ.
>>> Video on WIRED:
>>>
http://www.wservernews.com/go/1322990470171
>>>
>>> Update: Looks like Eckhart -has- some code that checks for CIQ and
>>> disables it. Less time than rooting a phone. Start here:
>>>
http://www.wservernews.com/go/1322990482187
>>>
>>>
>>>
>>> _______________________________________________
>>>
http://lists.lugbz.org/cgi-bin/mailman/listinfo/lugbz-list
>>_______________________________________________
>>
http://lists.lugbz.org/cgi-bin/mailman/listinfo/lugbz-list
>
> Questa di carrierIQ è davvero una brutta storia, che no fa che peggiorare col passare dei giorni.
>
> Vogliamo fare un piccolo workshop: "libera il tuo smarphone (android)" dove mostrare come si installa una versione free(compilata dai sorgenti) di android?
>
> Ci sarebbero persone interessate a partecipare?
>
> Daniele
> -- Inviato con un client di posta free ed open source
> _______________________________________________
>
http://lists.lugbz.org/cgi-bin/mailman/listinfo/lugbz-list