Some smartphone users plus myself are horrifying that there is a rootkit software known as Carrier IQ being installed on many phones. OK, if you don’t already know what is Carrier IQ, let me tell you so far what I have heard about this software. Carrier IQ is acting like a rootkit, because users cannot force disable it or stop it from running. Whenever a program or software is categorized as rootkit, it means such a program or software is hiding itself from users’ knowledge, consequently allowing itself to do various things behind the scene without users’ consents. Many hackers have known for installing rootkits onto users’ operating systems so they can manipulate the operating systems to their advantages. Carrier IQ is categorized as rootkit since it does not clearly make itself known to smartphone users; Carrier IQ is able to record unique keycodes and logging normal and encrypted browser data (i.e., HTTPS).
Since the discover of Carrier IQ presence and capabilities, some wireless carriers are denying that they have approved Carrier IQ to be installed on smartphones. AT&T and Sprint have confirmed to the mass that they use Carrier IQ to diagnose and improve their wireless networks. HTC and Samsung, the two popular smartphone makers, are somewhat unclear on their parts with Carrier IQ, but they acknowledge of knowing Carrier IQ is required to be installed on their handsets by various wireless carriers. Apple confirms that the company once too had used Carrier IQ on their handsets. Apple says the company has stopped supporting Carrier IQ on iOS 5, and future updates will have Carrier IQ to be removed completely from Apple products. Microsoft assures customers that Windows Phone operating system does not use Carrier IQ. RIM and Nokia deny to have supported or installed Carrier IQ on their handsets.
Check out the YouTube video right after the break to see Carrier IQ in action on a HTC smartphone. In the YouTube video, Android security researcher and developer, Trevor Eckhart, demonstrated that Carrier IQ was able to record his keystrokes by assigning unique key codes to the keystrokes. Furthermore, he showed that Carrier IQ was able to log his normal and encrypted browser data. Even scarier, Trevor Eckhart showed that he could not disable Carrier IQ on his HTC device.
I have an iPhone which runs iOS 5, and according to Apple that if I had turned on Diagnostic & Usage feature, it means that my iPhone is probably allowing Carrier IQ to do its things. Luckily, with iPhones that run iOS 5, users can turn off the Diagnostic & Usage feature to turn off Carrier IQ. According to Computerworld, to turn off Carrier IQ on iPhones that run iOS 5, users need to follow the steps below:
- Open up Settings app
- Access Location Services
- Scroll all the way down and access System Services
- Switch Diagnostics & Usage from ON to OFF
I’m not sure if Diagnostics & Usage feature is an opt-in feature or not, because I don’t remember that I had opted in with such a feature. Nonetheless, I’m glad Apple allows users to turn off this feature so Carrier IQ won’t be able to do its nasty things.
Sources: http://www.zdnet.com/blog/btl/which-phones-networks-run-carrier-iq-mobile-tracking-software/64500,
http://www.computerworld.com/s/article/9222336/
How_to_turn_off_Carrier_IQ_on_your_iPhone?taxonomyId=84, http://technolog.msnbc.msn.com/_news/2011/11/30/9122334-researcher-secret-software-tracks-phone-users
Vinh Nguyen
