SAN FRANCISCO – Technology bloggers are asking if our cellphones are spying on us after a security researcher said a piece of software hidden on millions of phones was recording virtually everything people do with them.
Amid a broad outcry, Sen. Al Franken (D- Minn.) is calling for an investigation. A class-action lawsuit has been filed against the software’s maker, Carrier IQ Inc. of Mountain View, Calif.
The software, which Carrier IQ says is used on some 150 million mobile devices, appears relatively innocuous. It does watch what owners of Sprint Nextel Corp. and ATT Inc. smartphones do with them, including what people type and the numbers they dial. But it doesn’t seem to transmit every keystroke to the company. Instead, it kicks into action when there’s a problem, like a call that doesn’t go through, and it lets the phone company know.
“It is software that is developed in partnership with carriers with the intent to improve network performance. As far as we can tell, it meets this description in execution,” said Tim Wyatt, principal engineer at Lookout, a cellphone security company.
Carrier IQ says the data its software gathers is stored by the phone companies or at Carrier IQ’s facilities. It doesn’t sell the data to third parties. Phone companies, of course, already are custodians of a wealth of private information, including whom you call, where you surf and what your text messages say.
The brouhaha started a few weeks ago, when a programmer named Trevor Eckhart documented Carrier IQ’s workings with videos on his blog. The software company threatened him with a lawsuit if he didn’t take the information down. The Electronic Frontier Foundation took on Eckhart’s case, and the company backed down.
Eckhart posted another video this week, showing Carrier IQ’s software logging keystrokes on an HTC EVO 3D from Sprint.
A central privacy worry is what kind of data Carrier IQ is retaining.
Andrew Coward, a Carrier IQ vice president, said the software doesn’t record every keystroke or send information about all of them back to the company. The only keystrokes it cares about are specific administrative commands, including those instructing the software to phone “home.” The rest it discards, Coward said.
“We never expected to need the content of SMS messages, so we didn’t code for it,” Coward told The Associated Press in an interview.
Apple Inc. has said it has stopped supporting Carrier IQ in most of its products. Separately, the company came under fire last year over location-tracking features of the iPhone and made a software change to keep data on users’ movements for less time.
For now, there’s no easy way to uninstall the Carrier IQ software without unsanctioned third-party software.
Recent stories in Business
- Week Ahead December 4, 2011
- Hanford safety reports offer contradictory views December 4, 2011
- Here’s the Dirt: Oral surgery center back in business December 4, 2011
- Giving a gift card? Don’t add fees under the tree December 4, 2011
- There’s no ‘Plan B’ if mortgage interest deduction goes away December 4, 2011
View full post on National Cyber Security