DonationCoder.com Forum
Main Area and Open Discussion => Living Room => Topic started by: Carol Haynes on December 01, 2011, 01:04 PM
-
Not sure if this applies outside the US but in the US ...
http://www.zdnet.com/blog/hardware/so-theres-a-rootkit-hidden-in-millions-of-cellphones/16708?tag=nl.e539
Carrier IQ installed on numerous mobile devices includes a full keylogger!
This is somewhat worrying because even if your provider doesn't currently subscribe to this abomination how do you prevent carriers pushing this to your phone or tablet if/when they decide to use something similar?
Further information for the European members (in particular France and the UK)
A spokesperson for Vodafone has come back to us to say that it does not use Carrier IQ in any of its businesses, and does not use any other software like it, and it adheres strictly to privacy regulations in the jurisdictions where it operates.
France Telecom has also told us the same, noting that regardless of whether Carrier IQ has been loaded on to any of the devices on its network, Orange does not validate it, or any diagnostic services similar to it, so it and other related services do not work.
see: http://moconews.net/article/419-more-carrier-iq-details-nokia-google-o2-verizon-say-no-dice/
-
No buggz on the Windows phones however... (hehe) ...Yeah us!
-
No buggz on the Windows phones however... (hehe) ...Yeah us!
-Stoic Joker
yet ...
-
Someone has already found evidence of it on iPhones, though it's unclear what, if anything, is being done with the data. I wouldn't be surprised to find out it's on WinMo too.
- Oshyan
-
And another article:
http://www.zdnet.com/blog/networking/finding-and-cleaning-out-your-smartphones-carrier-iq-poison/1697?tag=nl.e589
It appears that only Windows Phones are immune at the moment but then there is MS Telemetry installed on those that do the same thing - but at least you can turn it off.
-
You're just not going to let me enjoy this are you..?
:D
-
:drinksmiley: of course I am - have a drink on me and smile.
Actually one of the really scary things is that a lot of the banks are now making apps for accessing your accounts - what are the security implications if all your user names and passwords are being captured and sent to god knows who?
Oh well stress no tis only money ... :beerchug:
-
Just saw this on CNN:
http://money.cnn.com/2011/12/01/technology/carrier_iq/index.htm?hpt=hp_t2
Aparently is on all USA cell phones.
-
<insert comment about rooting and installing custom ROMs on Android-based devices negating the entire problem here>
-
what are the security implications if all your user names and passwords are being captured and sent to god knows who?
-Carol Haynes
Funny you should mention banks... I was having big fun with one earlier this week. The accountant paged me because he'd had trouble logging into the banks website, and their support "tech" was wanting him to modify (read butcher) the browser security settings. Now the page came at one of those times where I was dancing on the edge of my interruptions limit, which set the stage nicely for a bit of a perfect storm. You see, while I'm obligated to be "kind" to clients and coworkers ... Brain dead script reading support drones are basically open season. And I was in just the right mood.
So when the drone starts trying to walk me through allowing any & all cookies from the bank, which has absolutely no reason to be using 3rd party cookies ... I snapped, and went after them with a vengeance. I am notoriously soft spoken IRL. But for once the entire office had absolutely no problem what-so-ever hearing me. At all. The customer service manager was laughing so hard she could hardly breath, and the accountant was speechless.
We got kicked up to an engineer, that thankfully didn't ask any stupid questions because he was bright enough to realize that an error message that clearly states that "your account password was correct but invalidated due to over use", meant that the problem was (Captain) Obviously on their end. That and the intermittent system wide outage they'd been dealing with all morning (he admitted to it) helped to make the necessary fix (on their end) much clearer (to a sentient being...).
So apparently the banks don't actually care much about (your) security...unless they happen to be on TV.
-
Banks don't apparently care much about security at all - a couple of years ago my bank called me on a Saturday afternoon to query a potential fruadulant card transaction.
Fair enough you might say but the conversation went something like this:
Caller: Hello this is HSBC fraud team querying unusal activity on your account
Me: Really - OK
Caller: Can you please confirm your credit card number
Me: Why don't you know who you are calling?
Caller: You need to confirm you are the card holder. Please confirm your card number
Me: How do I know you are HSBC - you could be anyone
and so it went on for about 20 minutes.
In the end I hung up and called the fraud department directly and thoroughly enjoyed yelling at them about the warnings they constantly distribute about phishing scams!
I don't know whether I had anything to do with it but their whole approach is now different with this kind of call.
-
Sigh...
Why am I unphased?
And in related news, apparently 1% of people are completely retarded, while 2% are partially, and somehow 1% have simply vanished from reality all together...
[ You are not allowed to view attachments ]
-
1% have simply vanished from reality all together...
The only way to be immune these days. :P
-
apparently 1% of people are completely retarded-Renegade
Only 1%? That's either a vast improvement for society in general, or an obvious flaw in the test. The missing 1% is probably just the rage clickers that suffer from premature submission...before a choice is made.
-
apparently 1% of people are completely retarded-Renegade
Only 1%? That's either a vast improvement for society in general, or an obvious flaw in the test. The missing 1% is probably just the rage clickers that suffer from premature submission...before a choice is made.
-Stoic Joker
Hahahah~!
Yeah, seemed a bit low to me too. ;D
-
.... and somehow 1% have simply vanished from reality all together...
-Renegade
That's me...this one sucks altogether too much.
Still, makes me glad I flashed the phone with a different ROM less than an hour after getting it.
-
Apparently this whole thing has been a witch hunt. It doesn't report any keylogger data back to the carriers. See http://news.cnet.com/8301-31921_3-57336064-281/carrier-iq-verbatim-answers-from-company-exec-researchers/?tag=cnetRiver
-
True - but the data is logged in full on the device - which is itself a security concern if the device is lost, stolen or hacked.
Plus no one knows which data or the extent of the data that is actually being transmitted!
The other question that arises is - if the information isn't being transmitted to someone what is the point of collecting and storing it?
-
Get yer pitchforks and torches~! BURN THE WITCH~! :P
In addition, carriers can configure Carrier IQ's software to record and transmit the URLs of Web pages visited, a privacy concern separate from keylogging.
Either way...
Why do carriers need to record URLs? They're completely irrelevant. The performance of any given server has no bearing on the carrier's network.
I dunno... I suppose you need URLs to know if its the server or your network that is the problem, but beyond that, I can't see any reason to store URLs that your customers are visiting.
Maybe someone here knows more about telco quality assurance and can shed some light on that.
-
The other question that arises is - if the information isn't being transmitted to someone what is the point of collecting and storing it?-Carol Haynes
Why just in case the empire need to checkup on and verify your activities, proclivities, & whereabouts of course.
-
The other question that arises is - if the information isn't being transmitted to someone what is the point of collecting and storing it?-Carol Haynes
Why just in case the empire need to checkup on and verify your activities, proclivities, & whereabouts of course.
-Stoic Joker
And the correct answer is always...
"Yes, Lord Vader..."
But with a smile on your face. ;D