Jump to content


Photo
- - - - -

Carrier IQ


  • Please log in to reply
19 replies to this topic

#1 resistor X

resistor X

    Mack Daddy 31337

  • Members
  • 214 posts
  • Gender:Not Telling
  • Location:Linux Heaven

Posted 15 December 2011 - 10:42 AM

Here's something I ran into from Bruce Scneier..............




Carrier IQ Spyware



Spyware on many smart phones monitors your every action, including collecting individual keystrokes. The company that makes and runs this software on behalf of different carriers, Carrier IQ, freaked when a security researcher outed them. It initially claimed it didn't monitor keystrokes -- an easily refuted lie -- and threatened to sue the researcher. It took EFF getting involved to get the company to back down. (A good summary of the details is here. This is pretty good, too.)

Carrier IQ is reacting really badly here. Threatening the researcher was a panic reaction, but I think it's still clinging to the notion that it can keep the details of what it does secret, or hide behind marketing statements and hair-splitting denials.

Several things matter here: 1) what data the Carrier IQ app collects on the handset, 2) what data the Carrier IQ app routinely transmits to the carriers, and 3) what data can the Carrier IQ app transmit to the carrier if asked. Can the carrier enable the logging of everything in response to a request from the FBI? We have no idea.

Expect this story to unfold considerably in the coming weeks. Everyone is pointing fingers of blame at everyone else, and Sen. Franken has asked the various companies involved for details.

One more detail is worth mentioning. Apple announced it no longer uses Carrier IQ in iOS5. I'm sure this means that they have their own surveillance software running, not that they're no longer conducting surveillance on their users.


http://www.theregist...one_spying_app/
http://www.informati...obile/231903096
http://www.wired.com...-logging-video/ or http://tinyurl.com/7udl8mb
https://www.eff.org/...vor-eckhart-eff or http://tinyurl.com/77dtlpa
http://www.engadget....at-you-need-to/ or http://tinyurl.com/6u68ljm
http://www.geek.com/...yours-20111115/ or http://tinyurl.com/dxf8d3c
http://www.informati...obile/231903096
http://www.pcmag.com...,2397156,00.asp

Apple and Carrier IQ:
http://allthingsd.co...riq-with-ios-5/ or http://tinyurl.com/bomsqcl

Excellent roundup of everything that's known about Carrier IQ:
http://security.stac....com/q/9416/971

#2 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 15 December 2011 - 02:52 PM

technical information on carrier iq via cryptome

http://cryptome.org/...ier-iq-spy1.pdf
http://cryptome.org/...ier-iq-spy2.pdf

#3 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 15 December 2011 - 08:27 PM

the feds are now investigating the company responsible for carrier IQ - not sure that that will result in anything as it was probably either used by the feds, or possibly this could even be a black ops project??

#4 Powermaniac7

Powermaniac7

    mad 1337

  • Members
  • 138 posts
  • Country:
  • Gender:Male

Posted 17 December 2011 - 06:07 AM

Possibly a BlackOps project okay this just got very interesting.

Silly company panicking should have just claimed the photos were doctored and they were false accusations thus making them look more professional and not completely suss. And should have also claimed the guy was a paranoid conspiracy theorist and you have the right to freedom of speech seeing as this in based in America no considering the FBI is involved...

That makes me wonder who is using the information in Australia >.> <.< >.> oh well go through my texts and browsing history and phone calls isn't going to bother me any.

#5 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 17 December 2011 - 01:51 PM

I dont think it was a black ops project.

I think its a typical case of the carriers contracting out to a third party to build a piece of spyware/rootkit so they can:

a) make it easier to diagnose network issues with phones
B) sell all collected data to marketing firms for profit
and
c) make it really easy to collect data for "lawful interception" for law enforcement


but because a security researcher found out about cIQ it kind of blew up in their faces. Now that the public knows there is quite a bit of pressure from the public, the EFF and that US senator for answers. Because of that pressure we now see the FBI doing its own investigation into the software and CIQ.

If the public were not informed of the issue Im sure the FBI wouldn't have investigated and would have been very happy that they have root access to the majority of android phones in the united states.

#6 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 20 December 2011 - 10:40 PM

Possibly a BlackOps project okay this just got very interesting.

Silly company panicking should have just claimed the photos were doctored and they were false accusations thus making them look more professional and not completely suss. And should have also claimed the guy was a paranoid conspiracy theorist and you have the right to freedom of speech seeing as this in based in America no considering the FBI is involved...

That makes me wonder who is using the information in Australia >.> <.< >.> oh well go through my texts and browsing history and phone calls isn't going to bother me any.

you think that different countries are run by different governments or groups? how cute :)
they are pretty much all run by the same corporate interests...

regardless of if it was black ops or a private company - ultamately the same results...

sorry for any typos or grammer errors this keyboard that i am using is very sticky...

#7 Powermaniac7

Powermaniac7

    mad 1337

  • Members
  • 138 posts
  • Country:
  • Gender:Male

Posted 21 December 2011 - 05:12 AM


Possibly a BlackOps project okay this just got very interesting.

Silly company panicking should have just claimed the photos were doctored and they were false accusations thus making them look more professional and not completely suss. And should have also claimed the guy was a paranoid conspiracy theorist and you have the right to freedom of speech seeing as this in based in America no considering the FBI is involved...

That makes me wonder who is using the information in Australia >.> <.< >.> oh well go through my texts and browsing history and phone calls isn't going to bother me any.

you think that different countries are run by different governments or groups? how cute :)
they are pretty much all run by the same corporate interests...

regardless of if it was black ops or a private company - ultamately the same results...

sorry for any typos or grammer errors this keyboard that i am using is very sticky...



Anyway for you to verify this claim countries are all run by the same cooperate enterprise? I'm just interested to see what proves this considering governments are constantly doing things another country would not do and would frown upon constantly.

It also brings the question to mind that you therefore think Iran, Iraq etc are ran by the same people even China is?

I understand most countries are a part of the U.N. and in a sense you could claim it controls all the countries apart of that but most of them don't really adhere to the ideas introduced by the U.N. examples of this are the recent fallout with Canada from the Stop Global Warming scheme(whatever it was called).

Edited by Powermaniac7, 21 December 2011 - 05:23 AM.


#8 Powermaniac7

Powermaniac7

    mad 1337

  • Members
  • 138 posts
  • Country:
  • Gender:Male

Posted 21 December 2011 - 05:18 AM

Double Post...

Edited by Powermaniac7, 21 December 2011 - 05:22 AM.


#9 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 21 December 2011 - 07:05 PM

It is true that the corporations own the world.

Where do you think the Democrats and The Republicans get all their donations for their campaigns from? It's not from individuals.

Besides, The federal reserve is its own corporation. All of the banks in the world are their own corporations, and they all have more power than the governments.

#10 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 21 December 2011 - 10:40 PM



Possibly a BlackOps project okay this just got very interesting.

Silly company panicking should have just claimed the photos were doctored and they were false accusations thus making them look more professional and not completely suss. And should have also claimed the guy was a paranoid conspiracy theorist and you have the right to freedom of speech seeing as this in based in America no considering the FBI is involved...

That makes me wonder who is using the information in Australia >.> <.< >.> oh well go through my texts and browsing history and phone calls isn't going to bother me any.

you think that different countries are run by different governments or groups? how cute :)
they are pretty much all run by the same corporate interests...

regardless of if it was black ops or a private company - ultamately the same results...

sorry for any typos or grammer errors this keyboard that i am using is very sticky...



Anyway for you to verify this claim countries are all run by the same cooperate enterprise? I'm just interested to see what proves this considering governments are constantly doing things another country would not do and would frown upon constantly.

It also brings the question to mind that you therefore think Iran, Iraq etc are ran by the same people even China is?

I understand most countries are a part of the U.N. and in a sense you could claim it controls all the countries apart of that but most of them don't really adhere to the ideas introduced by the U.N. examples of this are the recent fallout with Canada from the Stop Global Warming scheme(whatever it was called).


just because there is an outward appearance of differences and conflicts between how different nations go about things does not mean that the same people are not pulling the strings..

when ever a country does not play along then they get embargos and trade sanctions blocking import/export to the uncooperative country... if they get really defiant, we all go in and blow the shit out of their country and bring "democracy" to that country...

#11 dinscurge

dinscurge

    "I Hack, therefore, I am"

  • Members
  • 941 posts
  • Country:
  • Gender:Male
  • Location:the bunker

Posted 26 December 2011 - 04:19 PM

yep yep for the republic, accept its not palpatine pulling the strings, random companies with all the money are pulling the strings of the whole senate.

#12 Powermaniac7

Powermaniac7

    mad 1337

  • Members
  • 138 posts
  • Country:
  • Gender:Male

Posted 27 December 2011 - 08:04 AM

I know the majority of the world is run by 147 tight knit corporations, they discovered this and made it public information. There was a study on it involving analysts since the Occupy Wall Street event...

Source:http://www.newscient...-the-world.html

I'm still not into the whole idea we blow up the people who are defiant there is a lot of technology being developed in Universities over here co-joined with some Asian countries that will soon destroy some of the other major companies if they do not use it and adopt that technology because it is so much better and the future. Although I have heard theories about perpetual motion and the fact Tesla may have discovered something but the documents about it may have been destroyed by the government(oil companies paying them). So...There are some questionable things going on.

#13 Pan

Pan

    Gibson Hacker

  • Members
  • 94 posts
  • Location:Detroit

Posted 15 January 2012 - 10:36 PM

Adaptive systems (whether phone, internet, electricity) require back-and-forth communication, often with information that is identifying in one way or another. As a systems person, I'm not so concerned with this concept over all. We do need to have clear guidelines and laws on the use of this type of software, and stiff penalties for its misuse.

#14 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 19 January 2012 - 07:51 PM

Adaptive systems (whether phone, internet, electricity) require back-and-forth communication, often with information that is identifying in one way or another. As a systems person, I'm not so concerned with this concept over all. We do need to have clear guidelines and laws on the use of this type of software, and stiff penalties for its misuse.


im sure consumers wave all rights as detailed in the ToS of the carrier.

#15 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 20 January 2012 - 08:35 PM


Adaptive systems (whether phone, internet, electricity) require back-and-forth communication, often with information that is identifying in one way or another. As a systems person, I'm not so concerned with this concept over all. We do need to have clear guidelines and laws on the use of this type of software, and stiff penalties for its misuse.


im sure consumers wave all rights as detailed in the ToS of the carrier.



i seem to have a problem with that fact, since i never actually signed any form of contract allowing this intrusion since i only use prepaid cell phones...

#16 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 21 January 2012 - 01:06 PM

pre-paid cellphones are good as long as you can get them without giving them your name.

#17 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 21 January 2012 - 05:32 PM

pre-paid cellphones are good as long as you can get them without giving them your name.


yes, unfortunately for convince of me being able to pay my bill by debit or credit card my regular cell phone(s) are under my real name...

the disposable ones that i get from time to time have such random information that i can never remember any of it if/when i need to call the phone provider.. it is not good to develop patterns that might be able to be linked back to you if you are trying to remain anonymous... so i can never remember any of the info that i provide...

wow - you know that actually gave me a fairly decent idea... setting up a forum, or website that will provide you with a user name, birth date and pin - if hundreds or thousands of people activate anonymous cell phones with the same credentials every week or month, it would be nearly impossible to link a phone back to an individual, while still allowing someone to have the information available if they need to contact the carrier for anything.. the information could be changed at random intervals so to not create any identifiable patterns...

are there any legal issues with not providing a prepaid cell phone company with the proper information?

#18 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 21 January 2012 - 05:46 PM

are there any legal issues with not providing a prepaid cell phone company with the proper information?


I think only if it states so in the ToS

#19 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 23 January 2012 - 06:33 PM

wow - you know that actually gave me a fairly decent idea... setting up a forum, or website that will provide you with a user name, birth date and pin - if hundreds or thousands of people activate anonymous cell phones with the same credentials every week or month, it would be nearly impossible to link a phone back to an individual, while still allowing someone to have the information available if they need to contact the carrier for anything.. the information could be changed at random intervals so to not create any identifiable patterns...

Apart from a multitude prepay phones, each with the same pseudo random user which changes in sync each month, which seem to be linked to a disproportionate amount of abuse and crime. Piquing the crap out of the feds who investigate it deeply for the bizarreness of it. I'm sure that wont attract any attention ;)

Why not just write the info down in a note on your pc, or in a password storage safe, or on a post it backwards or something random, and dont share it with anyone? let them get their own random made up data, its far less suspicious for all.

#20 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 23 January 2012 - 10:47 PM



wow - you know that actually gave me a fairly decent idea... setting up a forum, or website that will provide you with a user name, birth date and pin - if hundreds or thousands of people activate anonymous cell phones with the same credentials every week or month, it would be nearly impossible to link a phone back to an individual, while still allowing someone to have the information available if they need to contact the carrier for anything.. the information could be changed at random intervals so to not create any identifiable patterns...

Apart from a multitude prepay phones, each with the same pseudo random user which changes in sync each month, which seem to be linked to a disproportionate amount of abuse and crime. Piquing the crap out of the feds who investigate it deeply for the bizarreness of it. I'm sure that wont attract any attention ;)

Why not just write the info down in a note on your pc, or in a password storage safe, or on a post it backwards or something random, and dont share it with anyone? let them get their own random made up data, its far less suspicious for all.

i was thinking that something like that could draw some suspicion... but if it was changed at a random interval less people would have the same pseudo identity...

with the disposables, i would not want to write down any of the information for it anywhere as that information could always be recovered some how and tied back to the "owner" of that phone..

in the same sense that i wanted to write a guide on disposable prepaid cell phones and how to remain completely anonymous - but i felt that creating such a guide would only provide further assistance for someone attempting to track down or locate the real identity of someone who would use my techniques...




BinRev is hosted by the great people at Lunarpages!