dagblog - Comments for "Irresponsible speculation in Carrier IQ "spyware" case."

One other point. While I'm

kgb999 — Mon, 05 Dec 2011 18:01:39 +0000

In reply to KGB wrote: "I suspect they

One other point.

While I'm certainly not in a position to give them a "clean bill of health" ... superficially, it really looks like HTC has been using the software responsibly: alerting users that it's there, making data collection *opt in* and providing an easy way for the user to disable the reporting functions.

OTOH, it looks like Samsung is *not* even telling users they are collecting it. In the case of the Evo, it really looks like Sprint did the implementation that Eckhart was dissecting.

Now, Verizon is doing *something* that collects a bunch of this data ... but they say they aren't using Carrier IQ to do it. They don't appear to be building an opt-in/opt-out feature into their devices at all. The Verizon policy appears to be collecting data from all devices no matter what ... and agreeing not to sell/leverage the information if a user contacts their corporate web site and directs them not to.

My point is that HTC's use of Carrier IQ is far less troubling than Verizon's use of whatever it is they have implemented with a different name. This is a carrier policy/behavior issue, not a "spyware" one.

Eckhart's demonstration is

kgb999 — Mon, 05 Dec 2011 17:36:01 +0000

In reply to KGB wrote: "I suspect they

Eckhart's demonstration is somewhat misleading (not intentionally) ... it showed what was possible, not necessarily what was actually being logged. Ultimately the companies will be on the hook for what they have collected and transmitted; not what events the software latches at the OS level ... if we can ever get a straight answer.

Currently (IMO) they are milking a lack of public understanding of the way the software works to leave Carrier IQ answering all questions about how the software functions. Carrier IQ is able to speak honestly about how the "stock" software works; but this version of the software is not actually implemented on any devices. People by inference are assuming their explanations also apply to the highly-customized implementations that are actually on devices. So carriers/device makers are pretty much avoiding any responsibility or questions about their own role in *making* their custom implementation or specific questions about how their implementations actually function and deviate from the Carrier IQ "stock" software being described.

In short, Carrier IQ is totally shielding their customers and making a real explanation about what has actually been happening on people's active devices far less likely.

What I wonder how many companies are quietly preparing and pushing updated "Metrics Packages" to change how the software works and reduce the opportunity for researchers to really break down what they have been up to.

KGB wrote: "I suspect they

nothere — Mon, 05 Dec 2011 14:36:19 +0000

In reply to Some relevant stuff to this

KGB wrote:

"I suspect they may have a "hot coffee" problem."

I wonder how long before one of the actors in this (CIQ and/or the carriers) offer an explanation along the lines of "....we're sorry; this was a mistake..."

Thanks for the followup info;

nothere — Mon, 05 Dec 2011 14:33:46 +0000

In reply to it does not mount the SD

Thanks for the followup info; it's useful and informative.

You've got this a bit wrong.

kgb999 — Mon, 05 Dec 2011 08:46:38 +0000

In reply to Carrier IQ's VP of marketing,

You've got this a bit wrong. Carrier IQ doesn't modify the software ... they sell a codebase that allows the manufacturer/carrier to customize the software to do anything they want it to.

I am assuming Coward is speaking to the "stock" implementation when he describes what they see. If so, it is somewhat misleading to not add that every implementation is (or can be) different. To my knowledge there is not a "stock" version of Carrier IQ implemented on any consumer device.

It is unclear if this is easy for others to exploit.

I'm also interested in where the Franken investigation goes. I'm a bit concerned that it's frame was somewhat fatally flawed by adopting Eckhart's assertions about what was being demonstrated - which turned out to be a bit off-base. That would be unfortunate because the nature of QA software and it's interaction with private data is an important issue that needs airing. Hopefully we get to the stage where questions are actually asked at all.

Some relevant stuff to this

kgb999 — Mon, 05 Dec 2011 08:35:29 +0000

In reply to Getting back to the Carrier

Some relevant stuff to this line of thought came up when I was discussing this with Obey over on kgblogz (how I perceive the dev cycle, way Android works a bit, etc.). I did a few detailed comments that you might find interesting.

Here's one point (quoting me).

During the later R&D phases, they take the phones out into the wild (that's how Gizmodo, et. al get pictures and the occasional misplaced prototype). During that phase I can see how it is amazingly useful to be able to report all sorts of shit back to the server ... kind of like the debugging console, but the devices are spitting out information the the server instead of apps spitting it out to the console. That could save a TON of time and money. Looking at it, they really do seem to have a pretty kick-butt product ... if used responsibly.

Thing is, what makes sense in development is NOT NECESSARILY COOL in deployment.

Everyone *has* to be doing something like this - at least in R&D - or they would never be able to get a device to market. Those not using systems with the name "CarrierIQ" are just falling back on denials about not using that one bit of software. It is a really good question to what extent the stuff they put in to debug the devices gets taken out before release to consumers. I suspect they may have a "hot coffee" problem.

why the need to bury the software so deeply, so invisibly, and deny the customer any way to disable it?

Two issues here. It seems as if there are varying degrees of ability to disable and being hidden ... this is completely decided by the carrier/device maker. Some device makers/carriers seem to have done a pretty good job alerting the user and giving them the ability to opt-out ... others don't even mention it is there. There have been some accusations that the system keeps logging even after being told not to ... I'm not sure that is accurate. But as I noted upthread ... as far as operation goes, you want something like this to be as invisible during operation as possible to minimize information leaks.

Two points on above-board uses. There should ABSOLUTELY be an easy way to users stop the software from logging if desired. And there should be a clearly published statement of the precise information being collected from users devices and transmitted.

As for the NSA stuff. The carriers can still monitor voice (and data) across their networks in the traditional way without needing to go through all this trouble. The bigger issue here is the whole business records thing IMO.

So in theory couldn't the carrier update a particular subscriber's phone with a tweaked version? Say, one that reports back when he/she dials a particular number? Or punches in a specific URL?

Absolutely. The training materials appeared to show one phone that had been given a unique "Metrics Package" seemingly to demonstrate this. To quote myself in the first CarrierIQ post ...

Take for example this trigger:

[AL35: loading started in a browser frame – data receive begin and end, page render begin and end.]

This one hook potentially gives complete stateful control of the HTTP request, data processing and render pipeline. For one example, the ability to assert between the data receive and the page render operations gives an ability to implement advanced filtering rules on any web content handled by the device. It would be trivial to write a "Metrics Package" to eliminate a list of prohibited links ... inject a branded graphic on any page ... or perform any other imaginable operation on every web request a device handles. It is not an exaggeration to say that every aspect of a device's operation and information/data security can potentially be fully compromised and modified ... without the user's knowledge or consent.

I got in to a bit more of why this software should be a huge security concern in that first post ... was going to do a followup of potential security risks and nefarious applications if I get a chance (and also address the way mobile advertisers grab much of this information also).

I just wanted to get it out there that CarrierIQ - the company - probably aren't the ones to be focused on; it's really the carriers and device makers who determine exactly what the software will do or not do. Additionally, focusing on Carrier IQ distracts from the fact that everyone is doing this in some fashion or another ... just because their software isn't called carrier IQ shouldn't protect from facing questions about whatever QA solutions *are* currently implemented.

it does not mount the SD

kgb999 — Mon, 05 Dec 2011 07:35:50 +0000

In reply to It's called Smiley; it's a

it does not mount the SD card; it prepares it for use.

That is a difference without distinction ... stock Android says "Preparing ...." FWIW.

It's not so much that the UI has "improved" ... it's just that damn near every carrier and manufacturer decided to make up their own obnoxious UI overlays. For a while there they were really getting pretty shitty. Seems to have mellowed out quite a lot recently.

Your phone uses a proprietary OS. Developers write software for it in Java. Probably is less susceptible to external hacks ... still fully enables every aspect of the phone at the OS layer though.

As for installing an OS on the phone ... the fuckers are just a little computer with a bunch of cool hardware all crammed in there. I'm not running stock Android, I'm currently running a custom-brew Android-based OS called Cyanogyn. There are a bunch of different Android flavors tweaked for various purposes (speed, security, etc.) and folks have installed everything from Ubuntu Linux to WindowsXP on their phones. You can even do it with the iPhones and newer Blackberries. Between bluetooth and USB, they are pretty dam expandable too.

It really depends on what you want though. For me, I liked being able to do the computing stuff without having to carry a laptop (for instance, VNC on my phone is very helpful). Feature phones work great for a lot of people still ... and there seems to be a market for phone-like smartphones appearing too; so you probably aren't alone.

As for the snoopware ... there are just so damn many now. The stuff they built into WindowsXP is brutal too.

I'm not sanguine about

Donal — Sun, 04 Dec 2011 21:44:38 +0000

In reply to Irresponsible speculation in Carrier IQ "spyware" case.

I'm not sanguine about installing apps, but Gizmodo discusses one that checks for Carrier IQ: How To Check If You Have Carrier IQ, Without Rooting Your Handset

It's called Smiley; it's a

nothere — Sun, 04 Dec 2011 00:33:23 +0000

In reply to My guess is your problem was

It's called Smiley; it's a basic texting slide, with a few features tacked on: camera, browser, etcetera. It is some sort of proprietary platform; which seems to me to be more of a firmware rather than an OS. For instance: it does not mount the SD card; it prepares it for use.

I am not sure if there is a real distinction between what is happening in an Android and a Smiley WRT the SD card. I do know that unix-workalikes always(?) mount drives.

I can believe that the UI has improved; but so far, I don't see (for myself) a reason to have an OS (like Linux or some other) on a phone. As far as I know, I can do anything I need to do with what I hope is a phone version of MS-DOS. Which means that I don't know the Samsung has no similar issues; it's more that I think it's less likely (being dumber, I think) to be hijackable or rootable by some hostile entity.

Now, if I could install an OS on a phone in the same way I put one on an i386 workalike; then maybe I'd see the light. But that would require the ability to swap out parts and use GNU software like I do in my mini-atx case. And I don't see that happening; but I could be wrong.

WRT rootkits and other forms of snoopware (governmental, as well as corporate) at the i386 BIOS chip level, see also:

http://www.fsf.org/campaigns/free-bios.html

Carrier IQ's VP of marketing,

acanuck — Sat, 03 Dec 2011 18:57:00 +0000

In reply to Getting back to the Carrier

Carrier IQ's VP of marketing, Andrew Coward, told AllThingsD this week that "We don't read SMS messages. We see them come in. We see the phone numbers attached to them. But we are not storing, analyzing or otherwise processing the contents of those messages."

But the point -- unless Coward has since retracted that statement as he has so many others -- is they could if they decided to. Ostensibly on the orders of big carriers (AT&T, Sprint and T-Mobile) they have surreptitiously designed and installed a security vulnerability that sounds easy for others to exploit.

As for whether the government has a finger or two in all this, I'm keen to see whether the congressional investigation Franken has tentatively begun even goes there. If it does not, that in itself virtually answers the question.