Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Carrier IQ Vs. Wiretap Laws
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
RichF
RichF,
 User Rank: Apprentice
12/2/2011 | 8:01:37 PM
re: Carrier IQ Vs. Wiretap Laws
I think that there is some confusion here. If you watch the video that Eckhart has released, on his HTC phone, the software was hidden under a filename starting with a letter H. So everyone out there has been looking for software with CIQ in the executeable name. I looked on my Verizon Smartphone, which is a Motorola Android 2 Global and it has no CIQ software on it. And Verizon swears that there is no CIQ malware on their phones, So is my phone clean? I don't think so. Looking carefully, I found a hidden app running un-noticed called KPI Logger. If you look at the information this application accesses, it appears to perform the same functions as the CIQ software. That KPI Logger app is branded Motorola, but on Eckharts demo, his CIQ software might have been branded HTC.

This isn't just an Apple problem, or an HTC Sprint problem. I suspect that all the carriers are using either licensed versions of the CIQ software or software witten by or for them by another company that accomplishes the same nastiness.
majenkins
majenkins,
 User Rank: Apprentice
12/2/2011 | 1:28:46 PM
re: Carrier IQ Vs. Wiretap Laws
I don't think the data was ever being sent to Carrier IQ, at the most it was being sent to your carrier.

This is a terrible situation but you don't need to make to seem worse than it is.
majenkins
majenkins,
 User Rank: Apprentice
12/2/2011 | 1:27:15 PM
re: Carrier IQ Vs. Wiretap Laws
When you say your personal computers do mean computers you owned or computers they owned? And please tell us what you were doing on company time that caused being monitored at work to ruin your life.
majenkins
majenkins,
 User Rank: Apprentice
12/2/2011 | 1:22:23 PM
re: Carrier IQ Vs. Wiretap Laws
This sounds a lot like the Sony root-kit on music CDs issue from a few years ago and I suspect that in the end the carriers and Carrier IQ are going to have a lot of egg on their faces and are going to take a big public relations hit, if not something worse.
GCE
GCE,
 User Rank: Apprentice
12/2/2011 | 12:17:05 AM
re: Carrier IQ Vs. Wiretap Laws
Why does SPRINT in my case need to know and log my personal financial information? Why does SPRINT need to log all of my keystrokes on my HTC EVO 3D smartphone? Why was I not told about this when I purchased the product? Why am I not allowed to turn Carrier IQ IQRD application off? What does SPRINT and Carrier IQ do with my personal text messages? When I contacted SPRINT Customer and Technical Support they told me there was nothing they could do to stop the application.
Number 6
Number 6,
 User Rank: Apprentice
12/1/2011 | 11:10:31 PM
re: Carrier IQ Vs. Wiretap Laws
Look up Legal Intercept and CALEA. Governments often require backdoors.
japura941
japura941,
 User Rank: Apprentice
12/1/2011 | 9:38:16 PM
re: Carrier IQ Vs. Wiretap Laws
Carrier IQ isn't just illegal spyware, it's a threat to the safety and security of our spouses and children. It opens the potential for Carrier IQ to sell all of our GPS coordinates and system authentication credentials to anyone or group who has the interest and the financial capacity.

With millions of these infected mobile devices in the hands of thousands of government workers, it then becomes a serious threat to our National Security! Password credentials to government systems and real-time GPS whereabouts of government workers can be very valuable and can easily fall into the hands of the wrong and malicious groups or enemies.
JZHOU000
JZHOU000,
 User Rank: Apprentice
12/1/2011 | 9:09:34 PM
re: Carrier IQ Vs. Wiretap Laws
Omg, I hope they will pay for it, I worked for Verizon for a short time, the managers there song Lin, bilal wahid,... Installed spyware on all my personal computers, spy on my computer, spy on my PHONE, listen in my personal calls for 3 years now!!!!!!! I really hope they will get what they deserve, they destroyed my life.
dgilmore14601
dgilmore14601,
 User Rank: Apprentice
12/1/2011 | 8:26:42 PM
re: Carrier IQ Vs. Wiretap Laws
As data (in this case voice data via a celluar phone) traverses the network from point A to B a myriad of carriers networks are touched. This is the world we live in. The concept of "privacy" exists only between the ears and I'm not so sure about that with the last developments in MRI technology. As long as we leverage the concept of static legal rights into dynamic technologies we will continue to "disappoint" someone.
oink444
oink444,
 User Rank: Apprentice
12/1/2011 | 7:53:54 PM
re: Carrier IQ Vs. Wiretap Laws
While privacy is a huge issue in this case so is data billing we the customer is paying them to transfer your stuff which making our bills higher I want to know how offen and how much data is being transfered and be refunded back since the very start of this spy ring that everyone in the cell business knew of this . This has nothing to do with testing the network , a persons keystroke, text message and passwords dosn;t help them build a better network its all bull. Class action suit sign me up.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file