Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Carrier IQ Vs. Wiretap Laws
Threaded  |  Newest First  |  Oldest First
Psyanomaly
50%
50%
Psyanomaly,
User Rank: Apprentice
12/1/2011 | 6:27:59 PM
re: Carrier IQ Vs. Wiretap Laws
Just a thought.... I wonder if the data collected, in its transmission is also counting against the users data plan.
DHOOVER079
50%
50%
DHOOVER079,
User Rank: Apprentice
12/1/2011 | 7:27:07 PM
re: Carrier IQ Vs. Wiretap Laws
if
skyhawk83
50%
50%
skyhawk83,
User Rank: Apprentice
12/1/2011 | 6:47:13 PM
re: Carrier IQ Vs. Wiretap Laws
Well...I guess the hackers are going to have fun with this one.
KPICKERING000
50%
50%
KPICKERING000,
User Rank: Apprentice
12/1/2011 | 6:51:29 PM
re: Carrier IQ Vs. Wiretap Laws
It's worth noting that Eckhart discovered that CarrierIQ tracks and captures data travelling over Wi-Fi, i.e., data not part of any carrier network. It even captures data when the phone isn't connected to any network at all. If that's not a violation of the law, then the law is written too narrowly.
fredaevans
50%
50%
fredaevans,
User Rank: Apprentice
12/1/2011 | 7:28:03 PM
re: Carrier IQ Vs. Wiretap Laws
True to a degree. If you have your phone turned on the nearest cell phone tower is tracking its location. It's not so much that it's 'gathering' information, but knowing where you are for incoming calls.
nightmage80
50%
50%
nightmage80,
User Rank: Apprentice
12/1/2011 | 7:04:42 PM
re: Carrier IQ Vs. Wiretap Laws
Also... why is the phone company allowed to spy on us? Does the wiretapping law really extend to data usage as well or is that just implied and untested?
fredaevans
50%
50%
fredaevans,
User Rank: Apprentice
12/1/2011 | 7:21:41 PM
re: Carrier IQ Vs. Wiretap Laws
I'm not too sure if there really is any violation of 'wire tapping' here. This system operates off of cell phones and the like (millions in use at any given time). Once you hit 'send' on a cell phone it becomes a 'radio transmitter' to a cell phone tower (then into a land line?) There was a big stink years back as you could easily build a set that would intercept any call being made in close proximity. Also (as I understand same) the 'wire tap' laws for land lines vs cell phone numbers is not the same; in one case a specific phone number. The other 'any number' an individual may use.

One way or the other this will get interesting.
fae
Freedom Fighter
50%
50%
Freedom Fighter,
User Rank: Apprentice
12/1/2011 | 7:31:01 PM
re: Carrier IQ Vs. Wiretap Laws
"The law gives carriers a lot of leeway in capturing data traveling over their networks, for specifically this reason--quality control--going back to the days of copper wires. So the wiretap laws create exceptions," he said.

But what their software is doing is recording my keystrokes in my phone that may or may not be sent over their network, then covertly sending it to them... even over Wi-fi connections that are NOT THEIR NETWORK. They are recording my notepad entries, calender entries, grocery lists.

Paint is grey if you wish, but it is still black and white.
oink444
50%
50%
oink444,
User Rank: Apprentice
12/1/2011 | 7:53:54 PM
re: Carrier IQ Vs. Wiretap Laws
While privacy is a huge issue in this case so is data billing we the customer is paying them to transfer your stuff which making our bills higher I want to know how offen and how much data is being transfered and be refunded back since the very start of this spy ring that everyone in the cell business knew of this . This has nothing to do with testing the network , a persons keystroke, text message and passwords dosn;t help them build a better network its all bull. Class action suit sign me up.
dgilmore14601
50%
50%
dgilmore14601,
User Rank: Apprentice
12/1/2011 | 8:26:42 PM
re: Carrier IQ Vs. Wiretap Laws
As data (in this case voice data via a celluar phone) traverses the network from point A to B a myriad of carriers networks are touched. This is the world we live in. The concept of "privacy" exists only between the ears and I'm not so sure about that with the last developments in MRI technology. As long as we leverage the concept of static legal rights into dynamic technologies we will continue to "disappoint" someone.
JZHOU000
50%
50%
JZHOU000,
User Rank: Apprentice
12/1/2011 | 9:09:34 PM
re: Carrier IQ Vs. Wiretap Laws
Omg, I hope they will pay for it, I worked for Verizon for a short time, the managers there song Lin, bilal wahid,... Installed spyware on all my personal computers, spy on my computer, spy on my PHONE, listen in my personal calls for 3 years now!!!!!!! I really hope they will get what they deserve, they destroyed my life.
majenkins
50%
50%
majenkins,
User Rank: Apprentice
12/2/2011 | 1:27:15 PM
re: Carrier IQ Vs. Wiretap Laws
When you say your personal computers do mean computers you owned or computers they owned? And please tell us what you were doing on company time that caused being monitored at work to ruin your life.
japura941
50%
50%
japura941,
User Rank: Apprentice
12/1/2011 | 9:38:16 PM
re: Carrier IQ Vs. Wiretap Laws
Carrier IQ isn't just illegal spyware, it's a threat to the safety and security of our spouses and children. It opens the potential for Carrier IQ to sell all of our GPS coordinates and system authentication credentials to anyone or group who has the interest and the financial capacity.

With millions of these infected mobile devices in the hands of thousands of government workers, it then becomes a serious threat to our National Security! Password credentials to government systems and real-time GPS whereabouts of government workers can be very valuable and can easily fall into the hands of the wrong and malicious groups or enemies.
majenkins
50%
50%
majenkins,
User Rank: Apprentice
12/2/2011 | 1:28:46 PM
re: Carrier IQ Vs. Wiretap Laws
I don't think the data was ever being sent to Carrier IQ, at the most it was being sent to your carrier.

This is a terrible situation but you don't need to make to seem worse than it is.
Number 6
50%
50%
Number 6,
User Rank: Apprentice
12/1/2011 | 11:10:31 PM
re: Carrier IQ Vs. Wiretap Laws
Look up Legal Intercept and CALEA. Governments often require backdoors.
GCE
50%
50%
GCE,
User Rank: Apprentice
12/2/2011 | 12:17:05 AM
re: Carrier IQ Vs. Wiretap Laws
Why does SPRINT in my case need to know and log my personal financial information? Why does SPRINT need to log all of my keystrokes on my HTC EVO 3D smartphone? Why was I not told about this when I purchased the product? Why am I not allowed to turn Carrier IQ IQRD application off? What does SPRINT and Carrier IQ do with my personal text messages? When I contacted SPRINT Customer and Technical Support they told me there was nothing they could do to stop the application.
majenkins
50%
50%
majenkins,
User Rank: Apprentice
12/2/2011 | 1:22:23 PM
re: Carrier IQ Vs. Wiretap Laws
This sounds a lot like the Sony root-kit on music CDs issue from a few years ago and I suspect that in the end the carriers and Carrier IQ are going to have a lot of egg on their faces and are going to take a big public relations hit, if not something worse.
RichF
50%
50%
RichF,
User Rank: Apprentice
12/2/2011 | 8:01:37 PM
re: Carrier IQ Vs. Wiretap Laws
I think that there is some confusion here. If you watch the video that Eckhart has released, on his HTC phone, the software was hidden under a filename starting with a letter H. So everyone out there has been looking for software with CIQ in the executeable name. I looked on my Verizon Smartphone, which is a Motorola Android 2 Global and it has no CIQ software on it. And Verizon swears that there is no CIQ malware on their phones, So is my phone clean? I don't think so. Looking carefully, I found a hidden app running un-noticed called KPI Logger. If you look at the information this application accesses, it appears to perform the same functions as the CIQ software. That KPI Logger app is branded Motorola, but on Eckharts demo, his CIQ software might have been branded HTC.

This isn't just an Apple problem, or an HTC Sprint problem. I suspect that all the carriers are using either licensed versions of the CIQ software or software witten by or for them by another company that accomplishes the same nastiness.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37443
PUBLISHED: 2021-07-25
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
CVE-2021-37444
PUBLISHED: 2021-07-25
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Au...
CVE-2021-37445
PUBLISHED: 2021-07-25
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
CVE-2021-37446
PUBLISHED: 2021-07-25
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
CVE-2021-37447
PUBLISHED: 2021-07-25
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.