How Carrier IQ Was Wrongly Accused of Keylogging

Ualdayan said:
Well, as others have pointed out CarrierIQ themselves have advertised it as 'Able to capture screen transitions, button presses, and service interactions'. On a touch screen device being able to log where people touch the screen is the same thing as a key logger.
Click to expand...

http://latimesblogs.latimes.com/technology/2011/12/carrier-iq-privacy.html

Last week, 25-year-old system administrator named Trevor Eckhart released a video (above) purporting to show Carrier IQ's app recording smartphone users' every keypress, and implying that the company was therefore able to intercept users' private communications.

But security researchers have disagreed with conclusions drawn from Eckhart's analysis.

"It's not true," said Dan Rosenberg, a senior consultant at Virtual Security Research, who said the video shows only diagnostic information and at no point provides evidence the data is stored or sent back to Carrier IQ.

"I've reverse engineered the software myself at a fairly good level of detail," Rosenberg said. "They're not recording keystroke information, they're using keystroke events as part of the application."

The difference is subtle but important. To perform commands, applications need to know which buttons a user has pushed: Your email app needs to know when you tap the reply button, and your phone app needs to know which numbers you press in order to dial. Applications therefore pay attention to which buttons a user is pressing.

But listening for a button press does not mean an application is therefore sending a record of those button presses back to the company, researchers said.

............

But Rosenberg said his look at the Carrier IQ program revealed "a complete absence of code" that would indicate key presses were being tracked and recorded or sent over the Internet by the phone.

Instead, the readouts on Eckhart's video that occur when he presses keys are "debugging messages" -- informational feedback meant to help smartphone programmers verify that their applications are working correctly. In this case, Carrier IQ's developers appear to have set up the program to display a diagnostic message when a key is pressed or when a text message is sent.

"It's just spitting debug messages to the internal Android log service," sad Jon Oberheide, a co-founder of Duo Security. "It appears that Carrier IQ is indeed collecting some metrics, but I have not seen any evidence that keystrokes, SMS messages or Web browsing session content are being transferred off the device."
Click to expand...
 
Direct from the VP of Marketing for CarrierIQ, Mr. Coward:
'So what information gets gathered?

We have profiles and the profiles are designed by the operator, and that actually defines what is or is not gathered. We have customers who just collect failed calls with an upload that takes place once a week. We have others where they get an upload once a day that will contain information about what applications you've been using.'

Seems like they're trying to shift it back to the carriers again. 'Whatever is collected it isn't us, it's the carrier.' basically seems to be the repeated message.
 
"How Carrier IQ Was Wrongly Accused of Keylogging"

I had always thought that the [H] was better than to post such a tripe news post like this and to defend Carrier IQ.

[H] you are better than that and there is no way in hell that you can be so dumb and blind. You are way smarter than that to try to help in this cover up by Carrier IQ.
 
And yes I will say it.

I just wonder on how much Carrier IQ paid CNET and the others to disprove what the video clearly shows the key logging. Yes I do say and do believe that Carrier IQ paid off some nunch of bought off asshats in the media biz to try to cover this up. Sorry but I have seen enough to see what this Carrier IQ is doing on the phone and yes its all there by the Carrier IQ agent in plain text.

You people who come in here to defend what Carrier IQ is doing is the reason on why this country is so fucked up. Seriously
 
Wizard220 said:
"How Carrier IQ Was Wrongly Accused of Keylogging"

I had always thought that the [H] was better than to post such a tripe news post like this and to defend Carrier IQ.

[H] you are better than that and there is no way in hell that you can be so dumb and blind. You are way smarter than that to try to help in this cover up by Carrier IQ.
Click to expand...

Thanks for calling us DUMB for posting a news item that is a direct response to the original news item we posted. We posted two stories relating to the discovery and then THIS story. And, by the way, we don't write the headlines and we don't change them either. The "wrongly accused" is the actual headline of the news item we linked.

We present both sides of a discussion when we can so that we can have an intelligent debate on the topic.

Well, an intelligent debate most of the time...you know...unless we are DUMB and BLIND.

Maybe just posting one side of the story and ignoring the response is the way to go, right? :rolleyes:
 
Imaulle said:
yeah didn't the FBI say they've been using the carrier IQ software???
Click to expand...

What's interesting is that they are using it and won't release any further information on it, even under pressure from Freedom of Information Act requests. They are saying ongoing investigations could be jeopardized. The extent of this breech of personal privacy is pretty insane nvm the unlawful search implications.
 
as long as they don't use it to catch pirates it doesn't bother me too much.... i guess if it drains my phones battery that will erk me a bit lol
 
Imaulle said:
as long as they don't use it to catch pirates it doesn't bother me too much.... i guess if it drains my phones battery that will erk me a bit lol
Click to expand...

and this is what's fucking wrong with the US nowadays. "Well if it doesn't affect me, I don't care" isn't going to cut it. You might want to read the "First they came…" statement attributed to pastor Martin Niemöller so time..
 
Could you tell the family of a 10 year old that was just kidnapped 'Well, we could find the guy anal raping your 10 year old daughter right now but it would require us to turn on a software service that has zero impact on anyone. We will just have to wait until we find her decapitated head to return her to you"

I mean seriously how does this software effect you?
 
Imaulle said:
Could you tell the family of a 10 year old that was just kidnapped 'Well, we could find the guy anal raping your 10 year old daughter right now but it would require us to turn on a software service that has zero impact on anyone. We will just have to wait until we find her decapitated head to return her to you"

I mean seriously how does this software effect you?
Click to expand...

Classic "ends justify the means" argument is still #failsauce no matter how you're trying to tug at heart strings.
 
TheWeazmeister said:
Classic "ends justify the means" argument is still #failsauce no matter how you're trying to tug at heart strings.
Click to expand...

Agreed. Emotional, non-logical arguments reeks of a political agenda hehe. It's a classic tactic used on talk radio and seeing it used among, what I believe are the more technically inclined is a bit disappointing.
 
TheWeazmeister said:
Classic "ends justify the means" argument is still #failsauce no matter how you're trying to tug at heart strings.
Click to expand...

exactly...
4th Amendment:
“ The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Click to expand...

what most fail to understand.. is that It is God Given Right to Privacy...and the Protection of that God Given Right.. is charged to the Government I empower with my vote

when we look the other way..and allow this sort of blind search / discovery...we open the door to tyranny...
 
I see a lot of people here jumping on to hate CIQ... they want to trust a handful of community researchers but not others...

Perhaps people should demonstrate why Rosenberg is a liar?

From an industry perspective, a security researcher's reputation and integrity is far more valuable than what CIQ could offer to "pay him off".
As a professional researcher, when your results are disproven (which should be trivial in this case, Mr. Eckhart?) you lose a lot of credibility and thus your marketability to high-value clients.

CNET can be bought, sure... but I highly doubt the industry researcher is for, what would seem like, almost no value.
 
Zangmonkey said:
I see a lot of people here jumping on to hate CIQ... they want to trust a handful of community researchers but not others...

Perhaps people should demonstrate why Rosenberg is a liar?

From an industry perspective, a security researcher's reputation and integrity is far more valuable than what CIQ could offer to "pay him off".
As a professional researcher, when your results are disproven (which should be trivial in this case, Mr. Eckhart?) you lose a lot of credibility and thus your marketability to high-value clients.

CNET can be bought, sure... but I highly doubt the industry researcher is for, what would seem like, almost no value.
Click to expand...

Your argument is fair however it is faulty. The FBI has acknowledged they use it. /debate
The implications of that statement are mind blowing. T
 
You must log in or register to reply here.
Back
Top