Tuesday, December 6, 2011

Carrier IQ Spyware

In a way this is a follow-up to yesterdays post.

Bruce Schneier's recent blog is about the latest in the Carrier IQ rootkit saga. This malware is installed on people's smart phones either by the phone company or by the phone manufacturers on their behalf and can report back all activity on the phone, including encrypted https sessions to other sites.

Bruce's blog:
Spyware on many smart phones monitors your every action, including collecting individual keystrokes. The company that makes and runs this software[...], Carrier IQ, freaked when a security researcher outed them. It initially claimed it didn't monitor keystrokes -- an easily refuted lie -- and threatened to sue the researcher. [...]

Carrier IQ is reacting really badly here. Threatening the researcher was a panic reaction, but I think it's still clinging to the notion that it can keep the details of what it does secret, or hide behind such statements such as:

"Our customers select which metrics they need to gather based on their business need--such as network planning, customer care, device performance--within the bounds of the agreement they form with their end users."

More at Schneier on Security: Carrier IQ Spyware

No comments:


[get this widget]