David Frederick's | iAIR BLOG

Consulting, Innovation, Strategy, Vision, Education, & Ideation

Mobile Spyware And Why You Should Be Concerned

Technology is truly a marvel, and like many “marvels” it can be used for good and evil. Apparently, the good folks at our mobile carriers are very interested in what you do with your mobile/smart phone. Consensual Data Capture is one thing, spying…. yes spying is another. No this isn’t a three-letter government agency doing this, but our mobile carriers or literally anyone else who happens to buy the right software to access the embedded spyware.

It was bad enough that “certain” organizations were tracking Black Friday shoppers without their knowledge in malls via their mobile/smart phones, but now we are learning about a new and very disturbing revelation around the amount of data, communication, and PII (Personally Identifiable Information) mobile carriers are collecting, whose using it, and how they are collecting it.

Don’t get me wrong, I am all for ways in which to drive and capture consensual consumer behavior, KPI’s, market metrics, and behavior to help drive more effective solutions, services, usage, and strategies, but the consumer should be informed AND give their consent to allow the capture and usage of this information. Apparently, this is not the case here.

Remember when Apple was tracking people’s location movements via their iPhone’s and cataloging the data? This is way worse. Of course, Apple was forced to stop that practice. But this new embedded spyware? If you own a non-Apple smart phone you should check out this disturbing article. So far, it effects 100 million of you. Even you do own an Apple iPhone, you should still check it out. This could still be happening with your iPhone.We just don’t know yet.

-DF

Tens of Millions of Smartphones Come With Spyware pre-installed, Security Analyst Says

Over 100 million smartphones are tracking their owners’ every step, Android developer Trevor Eckhart claimed, thanks to software that comes pre-installed on phones from most major carriers.

During a security demonstration revealed on Monday, Eckhart showed how software developed by Carrier IQ tracks virtually everything a user does — going as far as logging individual keystrokes and button presses. The company claims it helps its customers improve quality and performance “by counting and measuring operational information in mobile devices.” Security experts call it spyware.

“I assume that when I SMS my wife on the phone, no one is intercepting that message,” Chet Wisniewski of security firm Sophos told FoxNews.com. He called the whole ordeal is a “serious invasion of privacy.”

“Why do they need to know when I’m logging into Bank of America, when I’m accessing my password? It’s a different level of snooping,” he said.

Developed as a mobile analytics platform, Carrier IQ’s software can be found on most Android, BlackBerry and Nokia phones — over 140 million phones in total, the company’s website boasts. Some reports suggest Apple iPhones may carry the software as well.

The company has flat out denied that its software records keystrokes, a claim Eckhart’s latest video seems to refute.

“Every button you press in the dialer before you call,” Eckhart says in his latest video, “it already gets sent off to the IQ application.”

Eckhart did not return FoxNews.com phone calls, and Carrier IQ declined to comment on his claims. A statement on the company’s website reiterates the company’s claims that its software does not track customers or record keystrokes.

“This information is used by our customers as a mission critical tool to improve the quality of the network, understand device uses and ultimately improve the user experience,” the company said. By evaluating these metrics, Carrier IQ aims to help with issues such as “dropped calls and battery drain.”

In videos showing Carrier IQ at work, Eckhart showed it going beyond such utilitarian monitoring. He showed Carrier IQ’s software monitoring entire text messages, a Google search, and his location, even during sessions protected by HTTPS, a security protocol that encrypts communications for sensitive transactions like online banking.

Sprint has acknowledged using Carrier IQ’s software, but denies having access to personal data.

“Carrier IQ provides information that allows Sprint, and other carriers that use it, to analyze our network performance and identify where we should be improving service,” Sprint told CNET earlier this month. “We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool,” Sprint continued.

While Wisniewski understands the needs for data and metrics, he believes carriers must be more forthcoming about how they are monitoring their users, what data they are collecting, and how they are protecting that data.

“If you’re going to collect that kind of information from people, you have to meet a different standard,” Wisniewski told FoxNews.com.

But for now, most users are stuck, unable to even turn off or uninstall the program.

“The Carrier IQ application is embedded so deeply in the device that it can’t be fully removed without rebuilding the phone from source code,” Eckhart wrote on his website.

“Even where a device is out of contract, there is no off switch to stop the application from gathering data.”

Read more: http://www.foxnews.com/scitech/2011/12/01/is-your-smartphone-secretly-spying-on/#ixzz1fJJ3Zfhk

Advertisements

Written by David Frederick

December 1, 2011 at 2:58 PM

%d bloggers like this: