14 December 2011

Your Android Phone is Spying On You

An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. Is it time to put on a tinfoil hat? That depends on how you feel about privacy. In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.

What is Carrier IQ, exactly?
The software is hidden inside phones there is little you can do to detect that it’s even installed, let alone remove it, and it tracks everything. Keystrokes, browsing and surfing habits, Google searches, and basically every single thing that you are doing on your phone and every button that you press is logged by this software. Jump to 9:00 in the YouTube video below for the proof this is basically a keylogger running on your phone that you didn’t know about.

The company that’s creating this software claims that the point of the software is to deliver “analytics” about devices to the carriers to help them provide better service to their users. But is recording every keystroke really necessary for that information? Does not telling the users about this and making it near-impossible to opt out seem a bit fishy to anybody else? This software is on almost all Android phones made by the big names (HTC, Samsung, Motorola), and is even on BlackBerries and Nokia devices, as well.

Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company said in response to the EFF's letter. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
But Eckhart's new video seems to refute at least some of those claims. In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS.

HTTPS? Nothing Is Safe From Carrier IQ
For those unaware, the S in HTTPS stands for secure. It's what keep your passwords and other sensitive data safe when sent across the web. It's provides encryption for said information, so whilst it's traveling through the airwaves, it's safe and snuggly, away from the awful people who want to steal your info.

Just because a website is using a secure connection doesn't mean it's one-hundred percent safe from end-to-end, though. You see, some information, including usernames and passwords, can still be sent plain text. For example, the username and password can be used in the address of the site, like www.mysite.com?username=MYNAME&password=MYPASS (Trev's example). Sure, it's encrypted while going down the tunnel, but guess who gets to see the raw link? Did you guess Carrier IQ? If so, go get yourself a cookie. You earned it. [Source View]

Carrier IQ says in this public statement that it is “not logging keystrokes or providing tracking tools” and that its software is used to track performance, but the video proves entirely otherwise: this app is sitting in between you and the Android OS and is making a note of everything you do. Secure websites don’t help. Even using Wi-Fi doesn’t help. Your phone use is being logged by this software, and there is no way to easily opt out.

Manny applications are developed to Detect the Carrer IQ rootkit phones
View this Article voodoo carrier IQ detector application

Have gr8 day!

AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date