An Apple hacker has discovered that Carrier IQ, the shady smartphone software recently found to be logging keystrokes on Android and BlackBerry devices, is also installed on the iPhone. Don’t worry, fanboys. It’s off by default — probably.
Related: iPhone Location Tracking Gets Worse: Apple Saves the Data
As on other smartphones, the presence of Carrier IQ in Apple’s iOS firmware is difficult to detect. Prominent iPhone jailbreaker “chpwn” discovered traces of the code on Thursday, after Android security researcher Trevor Eckhart dug into the code of his Google-made operating system to discover that Carrier IQ was recording tons of user data, even the contents of text messages. Hacker blogs are referring to Carrier IQ as a “rootkit,” a type of virtually undetectable software that provides privileged access to your data. In 2007, CNET reported that rootkits were “tops on the criminal hackers’ To Do lists,” though Carrier IQ markets its services to mobile carriers like ATT and Sprint, as the name suggests. It’s also not a new service, as chpwn explains in a blog post (emphasis his):
In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off ”Diagnostics and Usage” in Settings appears to be enough.
Let’s reiterate chpwn’s point that the existence of the Carrier IQ code does not necessarily mean that your iPhone is sending your deepest darkest secrets back to some database in Apple’s Cupertino headquarters. Following a detailed, developer-oriented explanation of the code, chpwn goes on to defend the device manufacturers:
However, I think the blame here really belongs with the US carriers who obviously demanded this: personally, I am completely fine with this data being sent off (especially if it helps ATT’s network improve), but I would definitely prefer if it was more transparent — even if you can disable it with that toggle, Apple only explains that it “might contain location data”.
So far, Sprint has defended Carrier IQ’s aggressive data-collection practices, explaining that it was used “to understand the customer experience.” That was two months ago, however, when the controversy first started, but it’s exploded into a national news story since Eckhart’s painstakingly illustrated just how much data Carrier IQ was collecting from Android devices in a YouTube video this week.
Related: Android’s Browser Leaves the iPhone’s in the Dust
Now, folks are starting to wonder if Carrier IQ is in violation of federal wire-tapping laws. Andy Greenberg, a reporter on information security and privacy for Forbes, asked former Justice Department prosecutor Paul Ohn just that. “If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap,” Ohn said. “And that gives the people wiretapped the right to sue and provides for significant monetary damages.”
Related: Comment of the Day: Of Course Apple and Google Track Us
We made a tongue-in-cheek comment about Google in our first post about Carrier IQ being found on Android devices, but it now appears that the mobile carriers could be in the crosshairs. Both device manufacturers and mobile carriers are starting to push back against reports that they collect data through Carrier IQ, who says their software is installed on over 140 million devices, but we’re guessing the scandal is just beginning. The issue of smartphone tracking is not a new one either. Apple and Google have already had their day on Capitol Hill, where they faced a grilling from Senators about their GPS-tracking practices and we’re guessing that folks like Sen. Chuck Schumer, who stood up for Americans’ privacy after malls started using cell phone data to track shoppers, will not be pleased to learn about Carrier IQ. This story is developing quickly, and we’re doing our best to get in touch all parties involved. Until then, you might want to study Wired‘s reasons to wear a tinfoil hat.
Article source: http://news.yahoo.com/yes-even-iphones-spy-too-145504393.html
View full post on National Cyber Security » Computer Hacking