| Welcome to Pumpitout. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Finding and cleaning out your smartphone’s Carrier IQ poison | |
|---|---|
| Tweet Topic Started: Dec 2 2011, 04:00 PM (490 Views) | |
| shure | Dec 2 2011, 04:00 PM Post #1 |
|
Administrator
|
Finding and cleaning out your smartphone’s Carrier IQ poison By Steven J. Vaughan-Nichols | December 1, 2011, 10:53am PST Summary: Millions of iPhones, Android and other smartphones have the Carrier IQ spyware rootkit in them. Here’s how to find it and try to zap it. continue reading here - http://www.zdnet.com/blog/networking/finding-and-cleaning-out-your-smartphones-carrier-iq-poison/1697 |
![]() |
|
| A Storm is Coming | Dec 6 2011, 02:35 AM Post #2 |
|
The author specified that Carrier IQ was not running on his Motorola Droid running Android 2.3 or on the Windows Phone To be clear, both of those systems are effectively "closed source" Although Andoid is an open source OS, google prevented the release of its source code untill version 4.01 (Ice Cream Sandwich) The reason given was that google wanted to prevent users from using andoid on Tablets untill a Tablet ready version was available to prevent users from having a bad experience with a non-tablet friendly version of the OS http://www.encyclocell.com/android/first-android-phone-can-run-android-4-0-1 Windows is also a closed source platform that can do anything Carrier IQ can do and more Carrier IQ does not retain user data but the carriers are required to do so for Gov't use As such, there are 3 methods in current use> 1. Carriers are "REQUIRED" to use a Gov't sponsored rootkit on open source platforms OR, 2. A closed source Gov't sponsored spyware OS such as Microsoft's Phone OS is used OR 3. A restricted network that monitors ALL encrypted traffic in the clear for specific Governments such as Blackberry Apple runs similar to future desktop OS's from Microsoft where the rootkit is baked into the chips and handled through the closed source portion of the OS over the network and hence can be classified under Method 2. This may change if the rootkits can be run entirely from the network so that the OS can be entirely open source without being found by end users There is NO OPTION for end user security with ANY current smartphone! PERIOD! End of Rant Edited by A Storm is Coming, Dec 6 2011, 02:59 AM.
|
![]() |
|
| shure | Dec 6 2011, 03:47 AM Post #3 |
|
Administrator
|
http://www.youtube.com/watch?v=B5cLqY6_2X8 |
![]() |
|
| A Storm is Coming | Dec 6 2011, 01:51 PM Post #4 |
|
Yeah, I just had a long drawn out debate as to whether Blackberry was a 3rd separate method or a subclass of how Apple does things I have concluded that my classification causes confusion as to how the spying is handled To simplify the classification, try this> 1. Spyware is either in a closed source OS or 2. Spyware in in the Firmware or 3. Spyware is baked into the chips Is a combination of any 2 classes a separate class in itself? I don't know how to answer that, but All 3 methods require a network connection to function as spyware but 2 or more of those elements can be combined in various ways which led to the debate I had this morning The fact is that ALL network attached devices must comply with Gov't regulations on data collection to operate or even be sold in your Country So, the real question is not "Are they Spying?" The real question is "How are they they doing it?" If anyone still doubts that this is actually happening, then go try to build your own network attached Operating System or Cell Phone or Cell Network without following the Gov't regulation on data collection currently in place Good Luck with THAT idea! Have you noticed over the past year how most pocket video camera's now have NON-Removable batteries and many are adding video software into flash memory that is not directly accessible to the user? When you plug a Kodak (ZX3 for example) video cam into your computer, the software prompts you to install it onto your computer The software is network accessible and works with the camera but you can only see and access "YOUR" half of the software Cameras are getting to be like Operating Systems, like, for example, by preventing the user from seeing what is in the 30 odd megabytes of built in flash memory that is not accessible to the user and not used for software or firmware If pocket cams saved 3 thumbnail images from every video you ever took, 1 thumbnail 10 seconds into the video, 1 thumbnail in the exact middle of the video and 1 thumbnail 10 seconds from the end of the video, then your camcorder could be used to spy on you If a thumbnail takes only 60KB of data and there is is 30 MB of non-usable memory that is not accounted for, it would be a simple procedure to get all your thumbnails into a Gov't or Corporate database either through the network attached software that cannot be removed from the camera, or by direct access when you send the camera in to have the non-removable battery replaced A Kodak ZX3 has a removable battery however and network access can be avoided by physically removing the memory card and sticking it into a card reader on the computer The newer ZX5 however has a non-removable battery and replacing it yourself will void the warranty Sending thumbnails to unknown Gov't or Corporate entities is a simple matter with newer cameras that are wi-fi enabled Even some memory cards are wi-fi enabled If you think that you are the only person who can access your wi-fi device because you entered a password for your device, you simply do not understand modern spyware platforms Edited by A Storm is Coming, Dec 6 2011, 02:29 PM.
|
![]() |
|
| A Storm is Coming | Dec 13 2011, 08:47 AM Post #5 |
|
FBI rejects FOIA request for Carrier IQ info http://www.computerworld.com/s/article/9222616/FBI_rejects_FOIA_request_for_Carrier_IQ_info_?taxonomyId=70 Edited by A Storm is Coming, Dec 13 2011, 08:48 AM.
|
![]() |
|
| A Storm is Coming | Dec 17 2011, 06:27 PM Post #6 |
|
Al Franken once again asking all the wrong questions to the wrong people to cover up anything and everything the Gov't thinks is none of your business http://m.engadget.com/nock/article.do?artUrl=http%3A%2F%2Fwww.engadget.com%2F2011%2F12%2F17%2Fsenator-al-franken-asks-about-carrier-iq-the-companies-answer%2F&category=classic&postPage=1 Franken only asked 3 relevant questions beginning on page 6 4. Does your company receive customer location data collected by CIQ? Most answered yes However, Location data is irrelevant since the carriers get this anyway without CIQ software and does not explain why CIQ was collecting "ALL" user data 5. What other data does "your company" receive that was collected by CIQ software? (Senator Franken specifies telephone numbers, contents of SMS and emails, URLs of websites users visit, contents of search queries, keystroke data and contact information from address books.) Number 1 answer was NONE Again irrelevant since CIQ was collecting ALL user data to comply with State, Federal and Int'l Law 7. Has your company disclosed this data to federal or state law enforcement? All answered NO Again irrelevant since CIQ collected the data but did not share this data with the handset manufacturers CIQ recently made news by saying that it was approached by the FBI to get access to CIQ data but they refused Again irrelevant since they are required to keep that type of information confidential persuant to Federal Law or under the assumption of National Security http://www.itworld.com/it-managementstrategy/232689/carrier-iq-cops-best-friend The real questions which Franken is unwilling to ask need to be directed at CIQ and the carriers Such as; If the FBI approached you (CIQ) for access to data you collect and you refused, then why are you collecting ALL user data? Is it for the NSA or some other agency or do you simply do it of your own accord? Why can't you (CIQ) send only location data and network reliability info to the carriers without sending ALL USER DATA? ...and stuff like that Edited by A Storm is Coming, Dec 17 2011, 07:04 PM.
|
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Lates News · Next Topic » |






9:41 AM Jul 11