Welcome Guest.   Make a donation to an author on the site April 17, 2014, 07:29:41 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2013! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Rootkits on mobile devices ...  (Read 3425 times)
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« on: December 01, 2011, 01:04:51 PM »

Not sure if this applies outside the US but in the US ...

http://www.zdnet.com/blog...lphones/16708?tag=nl.e539

Carrier IQ installed on numerous mobile devices includes a full keylogger!

This is somewhat worrying because even if your provider doesn't currently subscribe to this abomination how do you prevent carriers pushing this to your phone or tablet if/when they decide to use something similar?

Further information for the European members (in particular France and the UK)

Quote
A spokesperson for Vodafone has come back to us to say that it does not use Carrier IQ in any of its businesses, and does not use any other software like it, and it adheres strictly to privacy regulations in the jurisdictions where it operates.

France Telecom has also told us the same, noting that regardless of whether Carrier IQ has been loaded on to any of the devices on its network, Orange does not validate it, or any diagnostic services similar to it, so it and other related services do not work.

see: http://moconews.net/artic...e-o2-verizon-say-no-dice/
« Last Edit: December 01, 2011, 01:29:15 PM by Carol Haynes » Logged

Stoic Joker
Honorary Member
**
Posts: 4,869



View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: December 01, 2011, 02:59:21 PM »

No buggz on the Windows phones however... (hehe) ...Yeah us!
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: December 01, 2011, 03:01:57 PM »

No buggz on the Windows phones however... (hehe) ...Yeah us!

yet ...
Logged

JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,514



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: December 01, 2011, 05:36:16 PM »

Someone has already found evidence of it on iPhones, though it's unclear what, if anything, is being done with the data. I wouldn't be surprised to find out it's on WinMo too.

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #4 on: December 01, 2011, 06:14:02 PM »

And another article:

http://www.zdnet.com/blog...q-poison/1697?tag=nl.e589

It appears that only Windows Phones are immune at the moment but then there is MS Telemetry installed on those that do the same thing - but at least you can turn it off.
Logged

Stoic Joker
Honorary Member
**
Posts: 4,869



View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: December 01, 2011, 06:30:14 PM »

You're just not going to let me enjoy this are you..?

 cheesy
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: December 01, 2011, 07:00:22 PM »

 drinksmiley of course I am - have a drink on me and smile.

Actually one of the really scary things is that a lot of the banks are now making apps for accessing your accounts - what are the security implications if all your user names and passwords are being captured and sent to god knows who?

Oh well stress no tis only money ...  beerchug
Logged

rxantos
Supporting Member
**
Posts: 98


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #7 on: December 01, 2011, 07:05:30 PM »

Just saw this on CNN:
http://money.cnn.com/2011...er_iq/index.htm?hpt=hp_t2

Aparently is on all USA cell phones.
Logged
wreckedcarzz
Charter Member
***
Posts: 1,620



Happy wolfie ^_^

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: December 01, 2011, 07:07:04 PM »

<insert comment about rooting and installing custom ROMs on Android-based devices negating the entire problem here>
Logged

New website! With a fancy domain name and everything! *gasp*
http://www.wreckedcarzz.com/
Stoic Joker
Honorary Member
**
Posts: 4,869



View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: December 01, 2011, 07:34:55 PM »

what are the security implications if all your user names and passwords are being captured and sent to god knows who?

Funny you should mention banks... I was having big fun with one earlier this week. The accountant paged me because he'd had trouble logging into the banks website, and their support "tech" was wanting him to modify (read butcher) the browser security settings. Now the page came at one of those times where I was dancing on the edge of my interruptions limit, which set the stage nicely for a bit of a perfect storm. You see, while I'm obligated to be "kind" to clients and coworkers ... Brain dead script reading support drones are basically open season. And I was in just the right mood.

So when the drone starts trying to walk me through allowing any & all cookies from the bank, which has absolutely no reason to be using 3rd party cookies ... I snapped, and went after them with a vengeance. I am notoriously soft spoken IRL. But for once the entire office had absolutely no problem what-so-ever hearing me. At all. The customer service manager was laughing so hard she could hardly breath, and the accountant was speechless.

We got kicked up to an engineer, that thankfully didn't ask any stupid questions because he was bright enough to realize that an error message that clearly states that "your account password was correct but invalidated due to over use", meant that the problem was (Captain) Obviously on their end. That and the intermittent system wide outage they'd been dealing with all morning (he admitted to it) helped to make the necessary fix (on their end) much clearer (to a sentient being...).

So apparently the banks don't actually care much about (your) security...unless they happen to be on TV.
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: December 01, 2011, 07:59:38 PM »

Banks don't apparently care much about security at all - a couple of years ago my bank called me on a Saturday afternoon to query a potential fruadulant card transaction.

Fair enough you might say but the conversation went something like this:

Caller: Hello this is HSBC fraud team querying unusal activity on your account
Me: Really - OK
Caller: Can you please confirm your credit card number
Me: Why don't you know who you are calling?
Caller: You need to confirm you are the card holder. Please confirm your card number
Me: How do I know you are HSBC - you could be anyone

and so it went on for about 20 minutes.

In the end I hung up and called the fraud department directly and thoroughly enjoyed yelling at them about the warnings they constantly distribute about phishing scams!

I don't know whether I had anything to do with it but their whole approach is now different with this kind of call.
Logged

Renegade
Charter Member
***
Posts: 10,361



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: December 02, 2011, 12:11:31 AM »

Sigh...

Why am I unphased?

And in related news, apparently 1% of people are completely retarded, while 2% are partially, and somehow 1% have simply vanished from reality all together...



Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
nosh
Supporting Member
**
Posts: 1,372


View Profile Give some DonationCredits to this forum member
« Reply #12 on: December 02, 2011, 12:41:32 AM »

Quote
1% have simply vanished from reality all together...


The only way to be immune these days.  tongue
Logged
Stoic Joker
Honorary Member
**
Posts: 4,869



View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: December 02, 2011, 07:34:43 AM »

apparently 1% of people are completely retarded

Only 1%? That's either a vast improvement for society in general, or an obvious flaw in the test. The missing 1% is probably just the rage clickers that suffer from premature submission...before a choice is made.
Logged
Renegade
Charter Member
***
Posts: 10,361



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: December 02, 2011, 07:57:06 AM »

apparently 1% of people are completely retarded

Only 1%? That's either a vast improvement for society in general, or an obvious flaw in the test. The missing 1% is probably just the rage clickers that suffer from premature submission...before a choice is made.

Hahahah~!

Yeah, seemed a bit low to me too. Grin

Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
4wd
Supporting Member
**
Posts: 3,222



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: December 03, 2011, 12:29:04 AM »

.... and somehow 1% have simply vanished from reality all together...

That's me...this one sucks altogether too much.

Still, makes me glad I flashed the phone with a different ROM less than an hour after getting it.
Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
CWuestefeld
Supporting Member
**
Posts: 911



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #16 on: December 03, 2011, 02:51:25 PM »

Apparently this whole thing has been a witch hunt. It doesn't report any keylogger data back to the carriers. See http://news.cnet.com/8301...esearchers/?tag=cnetRiver
Logged



Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #17 on: December 03, 2011, 06:17:06 PM »

True - but the data is logged in full on the device - which is itself a security concern if the device is lost, stolen or hacked.

Plus no one knows which data or the extent of the data that is actually being transmitted!

The other question that arises is - if the information isn't being transmitted to someone what is the point of collecting and storing it?
Logged

Renegade
Charter Member
***
Posts: 10,361



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #18 on: December 03, 2011, 09:37:24 PM »

Get yer pitchforks and torches~! BURN THE WITCH~! tongue

Quote
In addition, carriers can configure Carrier IQ's software to record and transmit the URLs of Web pages visited, a privacy concern separate from keylogging.

Either way...

Why do carriers need to record URLs? They're completely irrelevant. The performance of any given server has no bearing on the carrier's network.

I dunno... I suppose you need URLs to know if its the server or your network that is the problem, but beyond that, I can't see any reason to store URLs that your customers are visiting.

Maybe someone here knows more about telco quality assurance and can shed some light on that.
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Stoic Joker
Honorary Member
**
Posts: 4,869



View Profile WWW Give some DonationCredits to this forum member
« Reply #19 on: December 04, 2011, 08:31:56 AM »

The other question that arises is - if the information isn't being transmitted to someone what is the point of collecting and storing it?

Why just in case the empire need to checkup on and verify your activities, proclivities, & whereabouts of course.
Logged
Renegade
Charter Member
***
Posts: 10,361



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #20 on: December 04, 2011, 12:52:56 PM »

The other question that arises is - if the information isn't being transmitted to someone what is the point of collecting and storing it?

Why just in case the empire need to checkup on and verify your activities, proclivities, & whereabouts of course.

And the correct answer is always...

"Yes, Lord Vader..."

But with a smile on your face. Grin
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.05s | Server load: 0.05 ]