HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Hey, remember that whole Carrier IQ keylogging thing? Looks like they might have been wrongly accused. Whoops.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How Carrier IQ Was Wrongly Accused of Keylogging
- Thread starter HardOCP News
- Start date
Yakk
Supreme [H]ardness
- Joined
- Nov 5, 2010
- Messages
- 5,810
A public lynching wrong?
I smell a witch.
I smell a witch.
DarkStar02
2[H]4U
- Joined
- Mar 1, 2006
- Messages
- 2,144
Seems like bs to me.
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
Clearly sorcery was at hand, clouding good men's minds! (slowly edges rope under the table with foot...)
nobody_here
[H]F Junkie
- Joined
- Feb 1, 2006
- Messages
- 8,878
i think there's more to it.....the software is clearly collecting wiretap style. There is nothing ok about copying my text messages verbatim
Oh I don't think they are off the hook yet. According to their own documentation:
http://www.carrieriq.com/overview/IQInsightExperienceManager/ExperienceManager.datasheet.pdf
Pretty damning that they claim that CarrierIQ doesn't capture button presses, but their own data sheet says otherwise.
http://www.carrieriq.com/overview/IQInsightExperienceManager/ExperienceManager.datasheet.pdf
Pretty damning that they claim that CarrierIQ doesn't capture button presses, but their own data sheet says otherwise.
sounds like an attempt at damage control.
even if it's not sent off of the phone, the data is still set by the operating system (phone) to their app on the phone; even more so since even when the option to "tell HTC" is turned off, it's still being sent to the app, a hidden app at that.
shoot...it's analogous to some unknown dude off the street walks into the CIA HQ, gets access to national secrets but doesn't walk out with it.
Or to use a wiretapping analogy, some guy puts a bug in your house that sees/hears everything but forgets to turn on the transmitter.
dunno, still creepy as hell to me and this whole "it's false acusation" stuff seems too fishy...I'll went when real experts (EPIC, Bruce Schneider, etc.) take a gander at it.
even if it's not sent off of the phone, the data is still set by the operating system (phone) to their app on the phone; even more so since even when the option to "tell HTC" is turned off, it's still being sent to the app, a hidden app at that.
shoot...it's analogous to some unknown dude off the street walks into the CIA HQ, gets access to national secrets but doesn't walk out with it.
Or to use a wiretapping analogy, some guy puts a bug in your house that sees/hears everything but forgets to turn on the transmitter.
dunno, still creepy as hell to me and this whole "it's false acusation" stuff seems too fishy...I'll went when real experts (EPIC, Bruce Schneider, etc.) take a gander at it.
They claim the software can do all that, then they say it isn't, then they say but it's the carriers that control what parts of the software get used.
It's akin to somebody you know with physical access to your computer installing a trojan keylogger one day. You find it, confront him about it, and he says 'Sure, I did that. I did it so that in the future should you have a problem I can see everything that you did to lead up to that point. See? Totally innocent move on my part installing that on there.' Do you at that point go "Oh, that's ok" or do you say "You should have told me you put that there, heck, you should have asked me before even enabling that at all!'
lilbabycat
2[H]4U
- Joined
- Jun 21, 2011
- Messages
- 3,810
well put.
Trepidati0n
[H]F Junkie
- Joined
- Oct 26, 2004
- Messages
- 9,269
Lets throw this right into soapbox shall we. So gun manufactuers are liable when idiots kill other people? Carrier IQ made a prodcut companies use. It does exactly what it is supposed to do. If the carriers choose to use it in such a way that is not in line with consumer protections or ideals...then don't blame them.
The company made it clear what intentions they had for such products when they immediately attempted to silence the first security researcher that stumbled upon the application. They are equally complicit in these actions. Also I don’t see why my post prompted such a volatile response? My opinion is just that, an opinion. The ignore button is always handy in case you don’t like what I have to say. Go ahead, I don’t mind if you use it
It’s just one less friend BoogerBomb
Supreme [H]ardness
- Joined
- Jan 10, 2003
- Messages
- 6,470
The video clearly shpowed that the software does WAY more than the few things they mentioned in the article. The guy even proved they can read the text messages when CarrierIQ siad it is not possible.
undercoverDrunk
Limp Gawd
- Joined
- Oct 20, 2004
- Messages
- 158
cleartexting https is all I needed to see to know this is indeed a rootkit. If I want to access a log without gaining full access things just got easier.
Its good to know ppl can uninstall and opt out of running software they we
Its good to know ppl can uninstall and opt out of running software they we
How much did cnet pay [H] to link to that article?
It is clearly a root kit. CIQ didn't offer any counter other than to say that Trevor's work was wrong. I need proof he was wrong. And as pointed out above their own documentation says that they can do what was exposed.
It is clearly a root kit. CIQ didn't offer any counter other than to say that Trevor's work was wrong. I need proof he was wrong. And as pointed out above their own documentation says that they can do what was exposed.
Better get a duck.
I work in the wireless industry with a background in Computer science. This whole debacle has really pissed me off. The biggest problem was when it aired on the national news.
I just sat there telling everyone around me it was a hoax. the video it showed was just the android OS responding to keystrokes. Of course when you press a number on the keypad, you're going to get a line of code come up! You are doing something! If anyone bothered reading the code in the background, it was just the android system saying a key had been pressed!
the worst part is that people are going to do the same thing they did when the national news aired bits about viruses on smartphones. they are going to freak out and believe every word they say. then they are going to come into the store knowing half truths and being angry and paranoid.
Im still doing damage control from the whole virus debacle. the chances are extremely low unless you go to bad sites. if you do get an app with a virus...guess what? google or apple will take it off the phone FOR you!
sorry for the rant, it just makes me angry when the media goes to the story without complete proof, especially basing "proof" on a poorly made youtube video.
I just sat there telling everyone around me it was a hoax. the video it showed was just the android OS responding to keystrokes. Of course when you press a number on the keypad, you're going to get a line of code come up! You are doing something! If anyone bothered reading the code in the background, it was just the android system saying a key had been pressed!
the worst part is that people are going to do the same thing they did when the national news aired bits about viruses on smartphones. they are going to freak out and believe every word they say. then they are going to come into the store knowing half truths and being angry and paranoid.
Im still doing damage control from the whole virus debacle. the chances are extremely low unless you go to bad sites. if you do get an app with a virus...guess what? google or apple will take it off the phone FOR you!
sorry for the rant, it just makes me angry when the media goes to the story without complete proof, especially basing "proof" on a poorly made youtube video.
^Welcome to the media!
But I totally get what you are saying... someone saying it on a youtube video is ignore-able, but when it's on national tv, it seems more serious. I rarely watch news and know to take news with a grain of salt still get the feeling of impending doom when I see something on a news channel when compared to an online video from someone random.
Not that it matters to me most of the time, since it's usually not something that affects me directly and so I tend not to care too much about it.
But I totally get what you are saying... someone saying it on a youtube video is ignore-able, but when it's on national tv, it seems more serious. I rarely watch news and know to take news with a grain of salt still get the feeling of impending doom when I see something on a news channel when compared to an online video from someone random.
Not that it matters to me most of the time, since it's usually not something that affects me directly and so I tend not to care too much about it.
Their own datasheet says the software is capable of recording keystrokes, have you looked at this?
Unlike an app market virus, users have no choice about whether this software is installed and users cannot turn it off. I think it's unfair to classify this as the same level of hoax as an android os virus.
You miss the point. If you log any sort of user activity you should have informed the user and they should be able to opt out.
deadcrickets
n00b
- Joined
- Feb 23, 2008
- Messages
- 25
Still a wiretap as they didn't inform the users in any way, shape, or form that they were doing this.
Well, as others have pointed out CarrierIQ themselves have advertised it as 'Able to capture screen transitions, button presses, and service interactions'. On a touch screen device being able to log where people touch the screen is the same thing as a key logger.
Plus, if you watch the video (the full 17 minute one) it clearly shows that the Android OS is responding to the button presses with ucFocusEvents, then a background service, iqAgent, is also capturing exactly what you press. When you receive a text message the video clearly shows the iqAgent service pops up again with the call to 'getSMS'. Again, completely separate from the Android OS actually processing the SMS which is done as android.provider.Telephony.SMS. (under the SMSReceiverService)
BoogerBomb
Supreme [H]ardness
- Joined
- Jan 10, 2003
- Messages
- 6,470
I dont think anyone has attacked you in this thread and most of us agree that this software can do what the video on youtube showed it doing.
Ok attack was an overreaction on my part. I just cannot find the right word in my vocabulary arsenal.
I think most of the [H] understands CIQ and why it was and still is a problem for us consumers.
As if the contract we have to sign wasnt bad enough..
I think most of the [H] understands CIQ and why it was and still is a problem for us consumers.
As if the contract we have to sign wasnt bad enough..
undercoverDrunk
Limp Gawd
- Joined
- Oct 20, 2004
- Messages
- 158
I want to see the expert comment on the rootkit. Since your making an appeal to authority by working at a Mall Kiosk Wireless and have a 1 year DeVry degree under your belt you are obvious some CIQ warlock genius who can explain how recording every fucking thing I do is in my best interests. We can add camera's in your colon to check your shit smell are for your health!
I agree about your position about the media but it's that way about everything. Politics, medicine, psychological study, and crime. This is what gets you upset about the media?
Can't tell if shill for CIQ or troll...
Oh well, at least we can still worry about smart meters.
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,830
This is why its generally just a bad idea to pay any attention to anything that gains traction on Twitter.
Buch of twat's, they are.
Buch of twat's, they are.
Uh, no, it isn't. Even if it is guilty of every single charge the community has laid against it (which tbh is highly unlikely), it still wouldn't be a rootkit. I suggest you go look up the actual definition of rootkit.
rat
Supreme [H]ardness
- Joined
- Apr 16, 2008
- Messages
- 4,915
Article is bullshit. It's already been confirmed that CIQ is keylogging. There's no wrongful accusations here unless you're part of the team trying to do damage control before they're sued out of existence.
It actually hasn't, though. So far the only thing that has been shown is that CIQ, or something with "iq" in the name, logs to the *internal* log about a whole bunch of events. It might not actually be CIQ doing the logging but whatever hooks HTC added to support CIQ that is logging. Even if it is CIQ, it doesn't mean at all that it is actually keeping an internal log or using that information in any way. I could easily write an app that logs every SMS message in plain text to logcat without ever keeping a copy of it internally or sending it anywhere else.
What data it *actually* sends is far, far more important (right after they make a patch that at least disables the logging to logcat, though, as that is a pretty big leak as 3rd party apps can pick that up easily)
So let's do the Carrier IQ <--> gun analogy here:
I don't want a gun in my phone pointing at me, ok?
So, is it my constitutional right to have Carrier IQ? Can I use it myself? Get it the F#@K off my phone, if I don't know it's there, that makes it worse.