Sorry!! The article you are trying to read is not available now.

iPhone, Android Devices Riddled With Carrier IQ's Keylogger

Print comment Post Comments

Remember earlier this year when iPhone, Android, and Windows Phone users were incensed to discover that their locations were being tracked via cell tower data?

Well, imagine that -- only much, much worse.

Trevor Eckhart, a 25-year-old Connecticut systems administrator, recently found a piece of software present on hundreds of millions of smartphones which logs and uploads every keystroke made on your device to carriers and manufacturers. That means your emails, your texts, all your online activity is recorded -- no exceptions.

Eckhart posted a video which shows the software in action:

As you can see, using his HTC Evo, the rootkit software logs every keystroke and action, adding location data to boot -- just in case the software wasn't malicious enough.

The company behind this is Carrier IQ, which has this software installed on over 140 million handsets. After Eckhart posted his discovery, Carrier IQ tried to bury the findings by issuing a Cease and Desist letter. Armed with cold, hard evidence, Eckhart teamed up with attorneys from the Electronic Frontier Foundation and Carrier IQ immediately balked. CEO Larry Lenhart said, "We are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart, and in retrospect we realize that we would have been better served by reaching out to Mr. Eckhart to establish a dialogue in the first instance."

But Lenhart's troubles are far from over.

Former Justice Department prosecutor Paul Ohm expects Carrier IQ to face a class action suit based on federal wiretapping law. Speaking with Forbes, Ohm said, "If Carrier IQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap." Adding, "And that gives the people wiretapped the right to sue and provides for significant monetary damages."

"Because this happens with text messages as they're being sent, a quintessentially streaming form of communication, it seems like exactly the kind of thing the wiretap act is meant to prevent," Ohm continues. "When I was at the Justice Department, we definitely prosecuted people for installing software with these kinds of capabilities on personal computers."

But who's affected?

Initially, because of Eckhart's video, it was believed that only Android devices were affected, specifically those manufactured by Samsung and HTC. But further digging has revealed that Carrier IQ's software is present on BlackBerries and -- yes -- iPhones.

Since the story spread, however, carriers and manufacturers have come forth and denied having the rootkit installed on their devices. So far, these devices allegedly don't bear Carrier IQ's rootkit. (List courtesy of Gizmodo.)
  • All Verizon phones
  • All Nokia handsets
  • All Windows Phones
  • All Vodafone Phones
  • All O2 Phones
  • Google Nexus phones (Google Nexus One, Nexus S, Galaxy Nexus)
  • Original Xoom
  • Kindle Fire
  • Motorola Photon
  • HTC G2
  • Motorola Atrix 4G
But, of course, this list could potentially change -- given how desperate companies are to distance themselves from this scandal.

Here's hoping that the inevitable litigation is so huge, so costly, that carriers and manufacturers wouldn't dare to think of installing anything similar to Carrier IQ's rootkit in the future.

UPDATE (12:43PM): RIM has denied the presence of Carrier IQ software on its BlackBerry devices.

(See also: Apple Goofs, Allows Tethering App on iTunes Store and Google Engineer Calls Google+ a Complete Failure)

For an investment angle on these and many more tech stocks, take a FREE trial to the TechStrat Report by Sean Udall.
POSITION:  No positions in stocks mentioned.