Skip Links

AT&T, Sprint confirm use of Carrier IQ rootkit software on handsets

Verizon, RIM, Nokia insist their handsets don't support the software

By Jaikumar Vijayan, Computerworld
December 01, 2011 02:50 PM ET

Computerworld - Amid what's snowballing into a major privacy controversy, AT&T, Sprint, HTC and Samsung today confirmed that their mobile phones integrate a controversial piece of tracking software from a company called Carrier IQ.

Both wireless carriers AT&T and Sprint insisted that the software is being used solely to improve wireless network performance while phone makers HTC and Samsung said they were integrating the software into their handsets only because their carrier customers were asking for it.

BACKGROUND: Mobile privacy debate reignites over hidden smartphone app

Meanwhile, several large carriers and handset makers, including Verizon, Research In Motion and Nokia, distanced themselves from the software and insisted that reports about their devices integrating the tool are false.

The controversy began last week when independent security researcher Trevor Eckhart published a report disclosing how Carrier IQ's software could be used by carriers and device makers to conduct surreptitious and highly intrusive tracking of Android and other smartphone users.

Eckhart described the software as a hard-to-detect and equally hard-to-remove rootkit that could be used by carriers and phone makers to collect almost any kind of data from a mobile phone without the user's knowledge. Eckhart said his research showed that Carrier IQ's software was often enabled to run by default on several mobile devices including those from Samsung, HTC, RIM and others.

A lot of the information collected by Carrier IQ is designed to enable mobile operators and device vendors to quickly identify and address quality and service-related issues. But the software can be tweaked to gather more intrusive data about a user's location, the software and applications on the device, which keys are being pressed and what applications are in use, Eckhart said in his analysis.

Earlier this week, Eckhart posted a video clip on YouTube showing how Carrier IQ's software recorded all of the keystrokes he made on his handset, even when the phone was reset to factory setting and put into airplane safe mode, at which time it was no longer part of the carrier's network. In his research, Eckhart said that phone carriers could program the software to send user data whenever certain triggers or actions were completed.

Carrier IQ maintains that its software does not do all of the things claimed by Eckhart. In a statement posted on its website Nov. 23 (.pdf format), the company claimed that its software does not record keystrokes, provide tracking tools, inspect the content on a phone or provide any real-time data reporting to its customers.

"Our software is designed to help mobile network providers diagnose critical issues that lead to problems such as dropped calls and battery drain," the statement said. The company also its software is installed on more than 150 million devices worldwide.

Carrier IQ initially threatened to sue Eckhart for publishing the research and tried to force him to withdraw his findings. The company quickly withdrew the threat and its CEO personally apologized to Eckhart after the privacy rights group the Electronic Frontier Foundation rallied behind Eckhart and said the company's threats were baseless and a violation of the researcher's right to free speech.

Originally published on www.computerworld.com. Click here to read the original story.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News