Rich Fiscus
16 Nov 2011 9:48
A security researcher has identified a rootkit present on smartphones manufactured for two of the biggest US carriers. Both Verizon and Sprint are selling phones which come preinstalled with CarrierIQ, which is intended to be used for analyzing network and connection problems.
However, as Trevor Eckhart points out, it can be used for much more than that. More importantly, its very existence is hidden from the user, making it difficult to detect and even harder to remove.
So what exactly can CarrierIQ do? According to Eckhart it can gather all kinds of data you may not wish to share with your carrier (via AndroidSecurityTest):
Carrier IQ is able to query any metric from a device. A metric can be a dropped call because of lack of service. The scope of the word metric is very broad though, including device type, such as manufacturer and model, available memory and battery life, the type of applications resident on the device, the geographical location of the device, the end user?s pressing of keys on the device, usage history of the device, including those that characterize a user?s interaction with a device.
Devices are automatically entered into using Carrier IQ. Samsung android devices have an on off switch, but it is not easily accessible or made known to users that it?s even there. HTC android devices have no such off switch. Even if you purchase a phone on eBay completely off of sprint, use it on wifi only, Sprint will still be enabled to task your device with metrics because of no available off switch and Carrier IQs aggressive reporting nature across multiple protocols.