Appears Android devices run a super privileged unstoppable agent that logs everything (button presses, dialing, keystrokes, sms messages, unencrypted https traffic, location even if you have it turned off, etc). This is even done in Airplane mode. So when a good or bad guy uploads the log guess what’s going to happen to you. And you better not lose your phone or let it fall into the hands of our benevolent police force.
-
Reply
You must be logged in to post a comment.
Birra 8:33 pm on November 30, 2011 171 days ago Reply
This isn’t just some blogger, it comes with a video showing all of it. But, Google wants Android to be OPEN.
Birra 8:51 pm on November 30, 2011 171 days ago Reply
To put this in the holiday spirit!
It sees you when you’re sleeping
It knows when you’re awake
It knows if you’ve been bad or good
So be good for goodness sake!
Birra 2:40 am on December 1, 2011 171 days ago Reply
This is actually a totally new item from Ars. It’s regrettable that the two stories coincides. But this one indicates that Android does not properly enforce it’s own security policy allowing untrusted apps to do all sorts of nasty things.
Researchers find big leaks in pre-installed Android apps
http://arstechnica.com/tech-policy/news/2011/11/researchers-find-big-leaks-in-pre-installed-android-apps.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
Nicu 4:26 am on December 1, 2011 170 days ago Reply
Quoting Daring Fireball
“Imagine if it were Apple”, or RIM for that matter – Apple got crucified for cell tower index that got copied to your own machine. All the other opentards get a free pass on any shit, no mater how deep it is (stolen credit cards, virus, pay SMS sent in the background, complete logs etc.)
rastard 5:39 pm on December 2, 2011 169 days ago Reply
http://www.zdnet.com/blog/london/apple-questioned-by-german-authorities-over-carrier-iq-software/1250
Yeah, this makes sense. Ask Apple, not the other manufacturers whose phones (well, US phones at least) have already been demonstrated to have it.
rastard 7:17 pm on December 2, 2011 169 days ago Reply
http://news.cnet.com/8301-31921_3-57335715-281/how-carrier-iq-was-wrongly-accused-of-keylogging/
“The only problem, which is always a risk when a public lynching takes place, is that Carrier IQ appears to be not guilty of the charges lodged against it.
The most serious charge against Carrier IQ, a venture capital-funded startup in Mountain View, Calif. that makes diagnostic software for carriers, has been that it records keystrokes and transmits them to carriers. One article on a Mac Web site breathlessly reported that “Carrier IQ Probably Violated Federal Wiretap Laws In Millions Of Cases.”
Well, no. There’s zero evidence that Carrier IQ captured, recorded, or transmitted any keystrokes. But that didn’t stop the self-appointed lynch mob on blogs and on Twitter (#OccupyCarriers, that would be you).
Dan Rosenberg, an exceptionally talented security consultant who has discovered over 100 vulnerabilities in the Linux kernel, FreeBSD, and GNU utilities, extracted a copy of Carrier IQ’s software from his own Android phones. He then analyzed the assembly language code with a debugger that allowed him to look under the hood.
“The application does not record and transmit keystroke data back to carriers,” Rosenberg told CNET. His reverse-engineering showed that “there is no code in Carrier IQ that actually records keystrokes for data collection purposes.”"
rastard 6:30 pm on December 5, 2011 166 days ago Reply
http://www.bgr.com/2011/12/05/apple-samsung-and-six-more-companies-sued-over-carrier-iq-scandal/
“Apple, Samsung and six more companies sued over Carrier IQ scandal”
Heh – the feeding frenzy is actually becoming a bit entertaining.
Nicu 8:33 pm on December 5, 2011 166 days ago Reply
Yeah, especially for the sheep. Their smooth cortex does not allow for discrimination (tip: on iOS one has to explicitly enable stats to be shared, the kind of they send is explained etc. – compare that – if you can – with an invisible bot that comes installed with no way to check what is doing, if it is present and of course no way to turn it off).
Nicu 8:34 pm on December 5, 2011 166 days ago Reply
kind of data they send … but of course you got that by yourself