Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Carrier IQ Vs. Wiretap Laws
Threaded  |  Newest First  |  Oldest First
Psyanomaly
Psyanomaly,
 User Rank: Apprentice
12/1/2011 | 6:27:59 PM
re: Carrier IQ Vs. Wiretap Laws
Just a thought.... I wonder if the data collected, in its transmission is also counting against the users data plan.
DHOOVER079
DHOOVER079,
 User Rank: Apprentice
12/1/2011 | 7:27:07 PM
re: Carrier IQ Vs. Wiretap Laws
if
skyhawk83
skyhawk83,
 User Rank: Apprentice
12/1/2011 | 6:47:13 PM
re: Carrier IQ Vs. Wiretap Laws
Well...I guess the hackers are going to have fun with this one.
KPICKERING000
KPICKERING000,
 User Rank: Apprentice
12/1/2011 | 6:51:29 PM
re: Carrier IQ Vs. Wiretap Laws
It's worth noting that Eckhart discovered that CarrierIQ tracks and captures data travelling over Wi-Fi, i.e., data not part of any carrier network. It even captures data when the phone isn't connected to any network at all. If that's not a violation of the law, then the law is written too narrowly.
fredaevans
fredaevans,
 User Rank: Apprentice
12/1/2011 | 7:28:03 PM
re: Carrier IQ Vs. Wiretap Laws
True to a degree. If you have your phone turned on the nearest cell phone tower is tracking its location. It's not so much that it's 'gathering' information, but knowing where you are for incoming calls.
nightmage80
nightmage80,
 User Rank: Apprentice
12/1/2011 | 7:04:42 PM
re: Carrier IQ Vs. Wiretap Laws
Also... why is the phone company allowed to spy on us? Does the wiretapping law really extend to data usage as well or is that just implied and untested?
fredaevans
fredaevans,
 User Rank: Apprentice
12/1/2011 | 7:21:41 PM
re: Carrier IQ Vs. Wiretap Laws
I'm not too sure if there really is any violation of 'wire tapping' here. This system operates off of cell phones and the like (millions in use at any given time). Once you hit 'send' on a cell phone it becomes a 'radio transmitter' to a cell phone tower (then into a land line?) There was a big stink years back as you could easily build a set that would intercept any call being made in close proximity. Also (as I understand same) the 'wire tap' laws for land lines vs cell phone numbers is not the same; in one case a specific phone number. The other 'any number' an individual may use.

One way or the other this will get interesting.
fae
Freedom Fighter
Freedom Fighter,
 User Rank: Apprentice
12/1/2011 | 7:31:01 PM
re: Carrier IQ Vs. Wiretap Laws
"The law gives carriers a lot of leeway in capturing data traveling over their networks, for specifically this reason--quality control--going back to the days of copper wires. So the wiretap laws create exceptions," he said.

But what their software is doing is recording my keystrokes in my phone that may or may not be sent over their network, then covertly sending it to them... even over Wi-fi connections that are NOT THEIR NETWORK. They are recording my notepad entries, calender entries, grocery lists.

Paint is grey if you wish, but it is still black and white.
oink444
oink444,
 User Rank: Apprentice
12/1/2011 | 7:53:54 PM
re: Carrier IQ Vs. Wiretap Laws
While privacy is a huge issue in this case so is data billing we the customer is paying them to transfer your stuff which making our bills higher I want to know how offen and how much data is being transfered and be refunded back since the very start of this spy ring that everyone in the cell business knew of this . This has nothing to do with testing the network , a persons keystroke, text message and passwords dosn;t help them build a better network its all bull. Class action suit sign me up.
dgilmore14601
dgilmore14601,
 User Rank: Apprentice
12/1/2011 | 8:26:42 PM
re: Carrier IQ Vs. Wiretap Laws
As data (in this case voice data via a celluar phone) traverses the network from point A to B a myriad of carriers networks are touched. This is the world we live in. The concept of "privacy" exists only between the ears and I'm not so sure about that with the last developments in MRI technology. As long as we leverage the concept of static legal rights into dynamic technologies we will continue to "disappoint" someone.
JZHOU000
JZHOU000,
 User Rank: Apprentice
12/1/2011 | 9:09:34 PM
re: Carrier IQ Vs. Wiretap Laws
Omg, I hope they will pay for it, I worked for Verizon for a short time, the managers there song Lin, bilal wahid,... Installed spyware on all my personal computers, spy on my computer, spy on my PHONE, listen in my personal calls for 3 years now!!!!!!! I really hope they will get what they deserve, they destroyed my life.
majenkins
majenkins,
 User Rank: Apprentice
12/2/2011 | 1:27:15 PM
re: Carrier IQ Vs. Wiretap Laws
When you say your personal computers do mean computers you owned or computers they owned? And please tell us what you were doing on company time that caused being monitored at work to ruin your life.
japura941
japura941,
 User Rank: Apprentice
12/1/2011 | 9:38:16 PM
re: Carrier IQ Vs. Wiretap Laws
Carrier IQ isn't just illegal spyware, it's a threat to the safety and security of our spouses and children. It opens the potential for Carrier IQ to sell all of our GPS coordinates and system authentication credentials to anyone or group who has the interest and the financial capacity.

With millions of these infected mobile devices in the hands of thousands of government workers, it then becomes a serious threat to our National Security! Password credentials to government systems and real-time GPS whereabouts of government workers can be very valuable and can easily fall into the hands of the wrong and malicious groups or enemies.
majenkins
majenkins,
 User Rank: Apprentice
12/2/2011 | 1:28:46 PM
re: Carrier IQ Vs. Wiretap Laws
I don't think the data was ever being sent to Carrier IQ, at the most it was being sent to your carrier.

This is a terrible situation but you don't need to make to seem worse than it is.
Number 6
Number 6,
 User Rank: Apprentice
12/1/2011 | 11:10:31 PM
re: Carrier IQ Vs. Wiretap Laws
Look up Legal Intercept and CALEA. Governments often require backdoors.
GCE
GCE,
 User Rank: Apprentice
12/2/2011 | 12:17:05 AM
re: Carrier IQ Vs. Wiretap Laws
Why does SPRINT in my case need to know and log my personal financial information? Why does SPRINT need to log all of my keystrokes on my HTC EVO 3D smartphone? Why was I not told about this when I purchased the product? Why am I not allowed to turn Carrier IQ IQRD application off? What does SPRINT and Carrier IQ do with my personal text messages? When I contacted SPRINT Customer and Technical Support they told me there was nothing they could do to stop the application.
majenkins
majenkins,
 User Rank: Apprentice
12/2/2011 | 1:22:23 PM
re: Carrier IQ Vs. Wiretap Laws
This sounds a lot like the Sony root-kit on music CDs issue from a few years ago and I suspect that in the end the carriers and Carrier IQ are going to have a lot of egg on their faces and are going to take a big public relations hit, if not something worse.
RichF
RichF,
 User Rank: Apprentice
12/2/2011 | 8:01:37 PM
re: Carrier IQ Vs. Wiretap Laws
I think that there is some confusion here. If you watch the video that Eckhart has released, on his HTC phone, the software was hidden under a filename starting with a letter H. So everyone out there has been looking for software with CIQ in the executeable name. I looked on my Verizon Smartphone, which is a Motorola Android 2 Global and it has no CIQ software on it. And Verizon swears that there is no CIQ malware on their phones, So is my phone clean? I don't think so. Looking carefully, I found a hidden app running un-noticed called KPI Logger. If you look at the information this application accesses, it appears to perform the same functions as the CIQ software. That KPI Logger app is branded Motorola, but on Eckharts demo, his CIQ software might have been branded HTC.

This isn't just an Apple problem, or an HTC Sprint problem. I suspect that all the carriers are using either licensed versions of the CIQ software or software witten by or for them by another company that accomplishes the same nastiness.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file