Sunday, December 4, 2011

Carrier IQ Update

Carrier IQ’s secret mobile phone tracking software is headed to court. Three separate class-action lawsuits have been filed against the company and some of its business partners as of Friday, including mobile giants Samsung and HTC.

  TPM
Totally expected.
Mobile phone intelligence company Carrier IQ’s self-named tracking software doesn’t record the contents of a user’s data and is being unfairly targeted by the media and hysterical users, according to several security researchers who have conducted further analysis on the software.

“It records the fact that a keystroke occurs, not the specific key the user entered,” Becky Bace, a former National Security Agency computer engineer and founder and CEO of security consulting firm Infidel, Inc., told TPM via email. “Any keystrokes monitored are limited to the user interactions with the numeric keypad, not the alphanumeric keyboard, and are filtered on input for specific sequences that trigger specific diagnostic actions.”

  TPM
Sounds kinda fishy to me.
“The Carrier IQ app simply doesn’t meet the requirements in terms of functionality or intent to be classified as a ‘keylogger,’” Jon Oberheide, a co-founder of Ann Arbor, Mich.-based Duo Security, said in an e-mail to CRN News.

“The application does not record and transmit keystroke data back to carriers,” Dan Rosenberg, a security consultant at Virtual Security Research, told CNET on Friday. “They’re not recording keystroke information, they’re using keystroke events as part of the application.”
Am I supposed to understand that?
“After reverse engineering CarrierIQ myself, I have seen no evidence that they are collecting anything more than what they’ve publicly claimed: anonymized metrics data,” Rosenberg wrote in a post on Pastebin on Wednesday.
Or that?
That said, Rosenberg also added that “the fact that there are hooks in these events suggests that future versions may abuse this type of functionality, and CIQ should be held accountable and be under close scrutiny so that this type of privacy invasion does not occur.”
Now that, I understand.

...but hey, do what you want...you will anyway.

No comments: