Skip Links

Cornell Prof: Carrier IQ affair 'my worst nightmare'

Engineering professor calls smartphone software 'appalling invasion of privacy'

By , Network World
December 02, 2011 10:40 AM ET

Network World - A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster.

"This is my worst nightmare," says Stephen Wicker, a professor of electrical and computer engineering at Cornell. "As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.

"Carrier IQ claims that the collected data is 'anonymized.' Let's give this a moment's thought -- about all that it deserves. How hard would it be to 'de-anonymize' a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords?"

A controversy over smartphone privacy has reignited this week following a coder's recent post detailing how a hidden software application on Android-based HTC phones can collect a range of information about the user's activities. The client program is from a venture-funded company called Carrier IQ out of Mountain View, Calif. It created software, dubbed by one security researcher as a classic rootkit, to collect a variety of "operational" data about the phone's usage, ostensibly to let carriers identify radio, performance and usage problems and correct them. Carrier IQ yesterday again denied that its embedded smartphone application records, stores or transmits personal user information such as SMS messages, email and the like. 

FAQ: Behind the Carrier IQ rootkit controversy

Throughout the week carriers and phone makers have acknowledged their use of Carrier IQ software or distanced themselves from it. Apple said it no longer uses the software in its devices, as of its delivery of iOS 5. AT&T, Sprint, HTC and Samsung have confirmed their use of the software, while Verizon, Nokia and RIM have said they do not use it. 

Wicker, who is the author of the book "Cellular Convergence and the Death of Privacy," to be published by Oxford University Press at the end of 2012, warns, "Since Carrier IQ tracks keystrokes, it has the potential to capture passwords and banking data that are normally encrypted prior to transmission through the cellular network. From a privacy perspective, what's appalling is Carrier IQ runs in the background -- most users will not know it's there -- and if those users do manage to detect the program, they cannot opt out.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News