HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
If you own an Android phone, you really need to watch this video. It is a bit boring to watch but trust me, it is worth watching.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
The title here is a bit misleading since this isn't something that is ubiquitous among Android phones, but rather something that is specific to some ROMs provided by phone manufacturers.
If this was an iPhone this would be a 10 page thread by now with nothing but vitriol directed at Apple.
Equally important is that it does not indicate whether or not the data is actually sent anywhere. The author seems a bit unclear as to how logcat works. For example when talking about the HTTPS stuff he says it is supposed to be encrypted. However, the logs he points out would happen *before* it hits the network stack. Also, any site that puts your username or password as a GET parameter is absolutely doing it wrong, encryption or not.
With that said, fuck CarrierIQ, and fuck HTC (and other OEMs) for logging all this junk in the first place. Even if it isn't sent anywhere and is just local to the phone's logcat, that still makes logcat nearly useless, which sucks for developers. Also logcat is open to 3rd party apps to sniff, so personal information should never end up there anyway.
oh my. this could be really bad. As I am smart enough not to have a smart phone, can anyone else confirm this?
If this was an iPhone this would be a 10 page thread by now with nothing but vitriol directed at Apple.
according to a quick google, there are 10 million galaxy s alone.
who gives a shit if it logs a button press? how would anyone go through the billions of lines to get anything? sms history? i send at least 1000 a month. 1000 x 10 million? yeah, im not overly worried.
With SSL, the URLs requested are never encrypted, it's the post information that's encrypted. The URL variables are passed to the web server in plain text, event for "secure" sites.
Otherwise, this is seriously disturbing and in Canada would constitute illegal wiretapping (I don't know about US laws). This is extremely worrying, it made me check out my own phone (HTC HD7) for this sort of dangerous malware.
Did anyone actually watch the video?I've tried looking everywhere (apps running, all apps/services etc) and couldn't find anything regarding CIQ etc.. DroidX.
LOL. No world government gives a shit about our privacy. Privacy is an illusion everywhere.
Did anyone actually watch the video?
It does not matter if you are rooted. It does not matter if you can not see this in the OS. This program is not specific to Android. This program is rooted and has its own access. It works without a mobile connection.
Read more:
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/
Forbes is picking this up. This is the real deal.
The title here is a bit misleading since this isn't something that is ubiquitous among Android phones, but rather something that is specific to some ROMs provided by phone manufacturers.
I just love how CarrierIQ (the company) threatened this guy with a huge lawsuit if he didn't shut up about their rootkit. Then the EFF steps in and CarrierIQ backs off their threats. Yes! Bring it on, wiretapping fuckers! You thought you could just scare this guy away? I ♥ the Electronic Frontier Foundation.