Why Carrier IQ’s “Cell Phone Spying Rootkit Software” is a Bad Thing Contrary to Expert Analysis

One statement that is constantly thrown out there to make Carrier IQ’s software seem legitimate is this:

“Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows Operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps Operators’ customer service more quickly identify the specific issue with the phone.”

If it sounds useful to you, that’s because it is! Every device should have self check and correction mechanisms in place. We have these in software programming, they’re called error handlers. In other applications, we may just have to log some data to visualize trends over time for an accurate diagnosis of existing problems or potential points of optimization.

My problem is not whether Carrier IQ may be “snooping” on people. As with any communications/telephony issue, these are the real security implications that I can see:

  1. Data could possibly be intercepted at Point A while it is being gathered and prepared for transmission.
  2. Data could possibly be Intercepted during the entire transmission of data from Point A to Point B, including all hops in-between.
  3. Data could possibly be Intercepted at Point B after it has arrived, unless the data is discarded immediately.

So then we could argue that all data being transmitted is encrypted. Fine, it’s encrypted.

Now tell me what’s to keep a disgruntled employee from selling the encryption keys, creating a back door for unsupervised access, or divulging details about the inner workings of the software whereby someone else with malicious intent might pinpoint a flaw and exploit the system?

These reasons alone are why it’s not OK to gather this information from people without their knowledge or consent.

Ask 10 people: “If you discovered software on your phone that was secretly tracking your keystrokes and geographical location, and you noticed an easy way to turn it off, would you?”

Imagine our scenario with one disgruntled employee. This person has the ability to slip under the radar for years until someone else with more authority scrutinizes the system in place.

That authority is us, the millions of people who pay their salaries by using these products daily. It’s all over the news and tech blogs, so I’m pretty sure they already know how most people feel.

References & Related News



Leave a Reply

Your email address will not be published. Required fields are marked *