[olug] [OT]: Researcher’s Video Shows Secret Software on Millions of Phones Logging Everything

DYNATRON tech dynatron at gmail.com
Thu Dec 1 01:05:58 UTC 2011 

it wasn't on my droidx (verizon).

On Nov 30, 2011 6:59 PM, "Dave Rowe" <dave at roweware.com> wrote:
>
>
> Hopefully Verizon reads these keystrokes.
>
> -Dave

hopefully?

> On Nov 30, 2011 6:47 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:
>
> > http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110
> >
> > (page for tool)
> > On Nov 30, 2011 6:41 PM, "DYNATRON tech" <dynatron at gmail.com> wrote:
> >
> > > well, i feel violated.
> > > i use ssh on my phone to access several servers...carrierIQ has my
login
> > > credentials now.
> > >
> > > a keylogger falls under wiretap laws IMO
> > >
> > > androidsecuritytest.com seems to be the place to check out.
> > > On Nov 30, 2011 6:35 PM, "Christopher Cashell" <topher-olug at zyp.org>
> > > wrote:
> > >
> > >> On Wed, Nov 30, 2011 at 6:07 PM, Dan Linder <dan at linder.org> wrote:
> > >> > From what I understand, the "Carrier IQ" tool is the electronic
> > >> > version of the Verizion guy who says "Can you hear me now?"  Each
time
> > >> > your phone drops a call, gets a high rate of errors, etc, this tool
> > >> > logs that information and will upload it to the carrier as an
> > >> > additional datapoint for their coverage team to use.
> > >>
> > >> That was my original thought, and how I pretty much wrote off the
> > >> concerns, too.  Now, I'm not so sure.  Capturing the full content of
> > >> text messages, and web browser searches (performed with HTTPS, over
> > >> wifi, with all other radios disabled) by a third-party application
> > >> goes way beyond what I'd consider reasonable technical or service
> > >> quality data.  The fact that someone has verified that it is
capturing
> > >> this information, along with a lot more, is very disconcerting.
> > >>
> > >> > The conspiracy theory side of me says "Yeah, but what else?" and it
> > >> > may be true.  Sadly we might never know unless it was made FOSS.
> > >>
> > >> Not sure if you read the full article or watched the video, but Mr.
> > >> Trevor Eckhart has done a pretty thorough analysis of the software's
> > >> activity, showing an extent that seems to be very suspicious at best,
> > >> and very scary at worst.  If it's logging (and potentially sending) a
> > >> google search query performed over HTTPS, is it also logging (and
> > >> potentially sending) credit card numbers and other personal
> > >> information to them?
> > >>
> > >> At the very least, this needs further investigation, and should have
> > >> an option for disabling (and removing) it.
> > >>
> > >> > Dan
> > >>
> > >> --
> > >> Christopher
> > >> _______________________________________________
> > >> OLUG mailing list
> > >> OLUG at olug.org
> > >> https://lists.olug.org/mailman/listinfo/olug
> > >>
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list