d********y
发帖数: 137 | 1 All keypresses, SMS messages and even https communications are tracked and
sent up to servers that are run either by carriers or a Mt View company
called Carrier IQ!!!
http://www.forbes.com/sites/timworstall/2011/11/30/carrier-iq-t
http://www.wired.com/threatlevel/2011/11/secret-software-loggin
Carrier IQ: The Rootkit Keylogger on Most US Smartphones
But not it appears on Apple‘s iPhones.
Carrier IQ is a piece of software which certain US cellphone networks (
Sprint for example) load onto their contract phones before they are released
to consumers. The basic stated idea is quite simple: if there are problems
then the software generates logs which the network can then analyse to see
what the problems are.
However, this seems to have the rather undesirable side effect of working as
a keylogger for everything that the consumer does with the phone:
“An Android app developer has published what he says is conclusive proof
that millions of smartphones are secretly monitoring the key presses,
geographic locations, and received messages of its users.
In a YouTube video posted on Monday, Trevor Eckhart showed how software from
a Silicon Valley company known as Carrier IQ recorded in real time the keys
he pressed into a stock EVO handset, which he had reset to factory settings
just prior to the demonstration. Using a packet sniffer while his device
was in airplane mode, he demonstrated how each numeric tap and every
received text message is logged by the software.
There are several different ways of looking at this and the comments
sections of the various places where the story has been repeated over the
past few weeks contain their fair share of all of them.
One is that it’s simply a handy diagnostic tool and therefore so what? I
think that’s a slightly difficult position to maintain given that what the
software records and then transmits to the network makes it almost certainly
illegal under EU data protection and privacy laws (please note, it’s only
been seen on US phones so far and not on anything from Apple. But it has
been seen on Nokias, Blackberries from RIM and various devices running
Google‘s Android).
At the other end there are the security implications (not to say the damned
impertinence) of a network having access to absolutely everything that you
do with your smartphone. Absolutely everything, from search habits through
website visits to the text of any messages.
But to be honest I think the part that worries me the most is, well, how
hard is it to hack into this? To access that information if you’re not in
fact the network? If it is possible to access this information (and I’d be
absolutely astonished if it were not) then this means that absolutely every
smartphone running it is vulnerable, to put it mildly, to data theft.
For yes, if you online bank from your phone then the application will be
logging that data, pins, ID codes and all.
That’s really not something you want, is it? An application sitting on your
phone that records all of these things specifically and exactly so as to
broadcast them to someone else?
I have a feeling that we’ve not heard the last of this little story. |
m*****d
发帖数: 13718 | 2 keypresses 这个太过分了,都是木马干的活
released
problems
【在 d********y 的大作中提到】
: All keypresses, SMS messages and even https communications are tracked and
: sent up to servers that are run either by carriers or a Mt View company
: called Carrier IQ!!!
: http://www.forbes.com/sites/timworstall/2011/11/30/carrier-iq-t
: http://www.wired.com/threatlevel/2011/11/secret-software-loggin
: Carrier IQ: The Rootkit Keylogger on Most US Smartphones
: But not it appears on Apple‘s iPhones.
: Carrier IQ is a piece of software which certain US cellphone networks (
: Sprint for example) load onto their contract phones before they are released
: to consumers. The basic stated idea is quite simple: if there are problems
|
c*******y
发帖数: 3529 | |
a******n
发帖数: 5925 | 4 不是所有android手机都有
from xda:
Originally Posted by Entropy512
Carrier IQ is spyware found on some Android phones. Nearly all Sprint models
, and newer AT&T models and updates.
The Captivate and Infuse Froyo don't currently have it.
Official Infuse Gingerbread will have it (Already does from Rogers, the AT&T
leaks do too).
The Shitrocket has it.
The I777 does NOT have it currently. A future update may have it. |
H********e
发帖数: 245 | 5 I just used Any Cut to check my old moto Droid on Verizon, it seems not have
it.
Any more update? |
k*****e
发帖数: 22013 | 6 http://www.theverge.com/2011/11/30/2601875/carrier-iq-reference
released
problems
【在 d********y 的大作中提到】
: All keypresses, SMS messages and even https communications are tracked and
: sent up to servers that are run either by carriers or a Mt View company
: called Carrier IQ!!!
: http://www.forbes.com/sites/timworstall/2011/11/30/carrier-iq-t
: http://www.wired.com/threatlevel/2011/11/secret-software-loggin
: Carrier IQ: The Rootkit Keylogger on Most US Smartphones
: But not it appears on Apple‘s iPhones.
: Carrier IQ is a piece of software which certain US cellphone networks (
: Sprint for example) load onto their contract phones before they are released
: to consumers. The basic stated idea is quite simple: if there are problems
|
w******x
发帖数: 4396 | 7 按说这也算手机业界挺大一事儿,怎么这版上这么安静,就这么一帖? |
t********r
发帖数: 853 | |
r****t
发帖数: 10904 | 9 只有没刷过 aosp rom 的才有,没关系的。
released
problems
【在 d********y 的大作中提到】
: All keypresses, SMS messages and even https communications are tracked and
: sent up to servers that are run either by carriers or a Mt View company
: called Carrier IQ!!!
: http://www.forbes.com/sites/timworstall/2011/11/30/carrier-iq-t
: http://www.wired.com/threatlevel/2011/11/secret-software-loggin
: Carrier IQ: The Rootkit Keylogger on Most US Smartphones
: But not it appears on Apple‘s iPhones.
: Carrier IQ is a piece of software which certain US cellphone networks (
: Sprint for example) load onto their contract phones before they are released
: to consumers. The basic stated idea is quite simple: if there are problems
|
l**t
发帖数: 6971 | 10
Android粉丝们巴不得连这一帖也赶快沉下去。。。
【在 w******x 的大作中提到】
: 按说这也算手机业界挺大一事儿,怎么这版上这么安静,就这么一帖?
|
|
|
r****t
发帖数: 10904 | 11 刷机人多,没啥危险性。
【在 l**t 的大作中提到】
:
: Android粉丝们巴不得连这一帖也赶快沉下去。。。
|
r****t
发帖数: 10904 | 12 同一个事,一个贴盖楼就行了,你要是有新意可以挖新坑。
【在 w******x 的大作中提到】
: 按说这也算手机业界挺大一事儿,怎么这版上这么安静,就这么一帖?
|
l*****e
发帖数: 16384 | 13 看来我有必要root我的gs2了。唉,还是挺喜欢stock rom的。 |
t*****g
发帖数: 7455 | 14 Carrier IQ在安卓手机上安装监控软件的事情似乎刚要过去,另一位黑客的报告却再次
将Carrier IQ公司推到了风口浪尖。
知名黑客chpwn近日曝出,在iOS 3.1.3本中发现了Carrier IQ的踪影。Verge网站
立即对此事进行确认,果然在路径/usr/bin/IQAgent中找到了Carrier IQ。
随后,网名Intell的网友在iOS 4中发现了疑似Carrier IQ文件。
研究到最后,众人居然发现所有iSO系统里面均有Carrier IQ,包括最新的iOS 5。
而且除了之前的/usr/bin/IQAgent,这次在iOS 4和iOS 5更是发现了新的隐藏路径
,在 /usr/bin/awd_ice2里面找到了collector.sky.carrieriq.com的踪影。
后来chpwn在博客中说道,Carrier IQ在iOS 5中一般不被激活,但是只要手机诊断
模式开启过之后,Carrier IQ就开始监控用户。
不过,相比安卓手机,iPhone似乎客气多了,起码还没有把用户信息数据反馈出去
。来源2011-12-01) |
f*******5
发帖数: 10321 | 15 我在想这龌龊公司是不是就这么毁了,嗬嗬.昨天我查了我的atrix里没有,两个同事的
htc也没有.原文说nokia和黑莓的也有,看来是行业惯例.
如果为了保险起见,可以root了,改routing table
【在 w******x 的大作中提到】
: 按说这也算手机业界挺大一事儿,怎么这版上这么安静,就这么一帖?
|
i**z
发帖数: 1592 | 16 看了看,我的evo 3d 里面有。
有没有不root 就能删的办法? |
c********n
发帖数: 4762 | 17 这点破事能有啥响声, 打你用GOOGLE开始, 你就已经把你的肉体和心灵交给了GOOGLE
, 这次最多也不过是3P。 |
w******x
发帖数: 4396 | 18 看来和carrier customization有点关系
http://gizmodo.com/5864116/these-are-the-phones-were-pretty-sur
【在 f*******5 的大作中提到】
: 我在想这龌龊公司是不是就这么毁了,嗬嗬.昨天我查了我的atrix里没有,两个同事的
: htc也没有.原文说nokia和黑莓的也有,看来是行业惯例.
: 如果为了保险起见,可以root了,改routing table
|
d******c
发帖数: 2407 | 19 缺省不是打开的。
另外LG marquee上也没找到。 |
d*****0
发帖数: 68029 | |
|
|
l*******o
发帖数: 2795 | |
m*****d
发帖数: 13718 | 22 Nokia 出来否认了,不知真假
不过我怀疑如果在carrier买的就有可能被装
【在 f*******5 的大作中提到】
: 我在想这龌龊公司是不是就这么毁了,嗬嗬.昨天我查了我的atrix里没有,两个同事的
: htc也没有.原文说nokia和黑莓的也有,看来是行业惯例.
: 如果为了保险起见,可以root了,改routing table
|
f*******5
发帖数: 10321 | 23 你要是htc手机,看manage apps里running的里头有没有iqagent,iqrd。
我是usb连手机,adb shell登到手机里ps显示进程,找可疑程序名。
发现人也提供了一个app,不过需要root权限来运行
http://forum.xda-developers.com/showpost.php?p=17612559&postcou
【在 l*******o 的大作中提到】
: 怎么查有没有?
|
l*******o
发帖数: 2795 | |
H**r
发帖数: 10015 | 25
GOOGLE
【在 c********n 的大作中提到】
: 这点破事能有啥响声, 打你用GOOGLE开始, 你就已经把你的肉体和心灵交给了GOOGLE
: , 这次最多也不过是3P。
|
r*********n
发帖数: 4553 | 26 不要高兴得太早了
http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-i
"Carrier IQ claims its software is installed on over 140 million devices
with partners including Sprint, HTC and allegedly, Apple and Samsung."
这个和Android系统本身没有关系,是属于运营商,手机制造商狼狈为奸。要喷也要等
Google被卷入之后再喷。
【在 l**t 的大作中提到】
:
: Android粉丝们巴不得连这一帖也赶快沉下去。。。
|
d*********g
发帖数: 2906 | 27 Apple's affected too.
【在 l**t 的大作中提到】
:
: Android粉丝们巴不得连这一帖也赶快沉下去。。。
|
c*******y
发帖数: 3529 | 28 "随后,苹果也发布声明,称公司曾使用CarrierIQ网络诊断软件,最近已经停止支持,
并会在未来软件升级时删除软件。"
全文部分如下:
周四,RIM公司发表声明称,公司没有在黑莓智能手机中安装Carrier IQ监控软件,也
没有允许运营商合作伙伴安装。
昨天,有安全研究人员称,Carrier IQ被多个制造商的移动设备安装,而它们没有告知
用户。Carrier IQ可以监管用户的行为。
RIM在今天的声明中说:“RIM没有在黑莓智能手机中安装Carrier IQ,也没有授权运营
商合作伙伴在手机销售与分销前安装Carrier IQ。RIM自己没有、也没有请人开发
Carrier IQ程序,没有参与测试、促销或者分销。”
安全专家特雷弗-艾克哈特(Trevor Eckhart)通过在线视频,演示软件如何在Android平
台运行,他还提及其它系统,包括RIM黑莓和诺基亚Symbian,并说这些系统均安装了软
件。
诺基亚否认手机安装Carrier IQ,公司新闻发言人称:“在任何诺基亚出货设备中均无
Carrier IQ。”
而在Carrier IQ上个月的网站声明中说,它的软件被网络运营商选择,旨在提升网络质
量、寻找设备问题。Carrier IQ是一家位于加州山景城的公司,它在声明中说:“尽管
我们检查设备性能各方面,对性能进行统计和汇总,但没有记录击键次数、也没有提供
追踪工具。”
随后,苹果也发布声明,称公司曾使用CarrierIQ网络诊断软件,最近已经停止支持,
并会在未来软件升级时删除软件。
【在 d*********g 的大作中提到】
: Apple's affected too.
|
l**t
发帖数: 6971 | 29
我早就说过,谷轮的特点就是sneaky,sleazy。
iPhone上装了Carrier IQ,是一个diagnosis software。用户把它explicitly enable
,它才会上传数据。这是opt-in。而且在iOS上它不能access UI layer,所以不能记录
keystroke等等敏感信息。
在Android上,Carrier IQ是一个spy software。用户甚至不能把它turn off(别给我
说什么root啊)。也就是说不仅不是opt-in,连opt-out都不可能。而且Android给它
access everything。
谷轮们(还有各大媒体)都故意不提这个重要的区别。这就好比说人家夫妻做爱,你是
强奸。你非说大家都是XXOO,没什么不同。
更有趣的是,这事儿闹了一个多月了,媒体基本没有报道。前天终于有人发现iOS上也
有,昨天开始马上各大媒体全都是头版头条。中心思想就是大家都不干净,Google最干
净,没有主动安装这个软件,都是carriers干的坏事。
【在 d*********g 的大作中提到】
: Apple's affected too.
|
bz
发帖数: 1770 | 30 这个基本就是胡扯了。最早爆出来干这个的就是IPHONE,当时一堆的果轮说这个绝对是
划时代的进步,真正做到信息共享。
enable
【在 l**t 的大作中提到】
:
: 我早就说过,谷轮的特点就是sneaky,sleazy。
: iPhone上装了Carrier IQ,是一个diagnosis software。用户把它explicitly enable
: ,它才会上传数据。这是opt-in。而且在iOS上它不能access UI layer,所以不能记录
: keystroke等等敏感信息。
: 在Android上,Carrier IQ是一个spy software。用户甚至不能把它turn off(别给我
: 说什么root啊)。也就是说不仅不是opt-in,连opt-out都不可能。而且Android给它
: access everything。
: 谷轮们(还有各大媒体)都故意不提这个重要的区别。这就好比说人家夫妻做爱,你是
: 强奸。你非说大家都是XXOO,没什么不同。
|
|
|
l**t
发帖数: 6971 | 31
不带这么无耻的啊。我可是有道理讲道理。你要是有任务拿钱的主,拜托不要跟我的贴。
【在 bz 的大作中提到】
: 这个基本就是胡扯了。最早爆出来干这个的就是IPHONE,当时一堆的果轮说这个绝对是
: 划时代的进步,真正做到信息共享。
:
: enable
|
s*******a
发帖数: 8827 | 32 无所谓,我们这种一辈子清清白白的良民百姓,随便他们怎么监控。
released
problems
【在 d********y 的大作中提到】
: All keypresses, SMS messages and even https communications are tracked and
: sent up to servers that are run either by carriers or a Mt View company
: called Carrier IQ!!!
: http://www.forbes.com/sites/timworstall/2011/11/30/carrier-iq-t
: http://www.wired.com/threatlevel/2011/11/secret-software-loggin
: Carrier IQ: The Rootkit Keylogger on Most US Smartphones
: But not it appears on Apple‘s iPhones.
: Carrier IQ is a piece of software which certain US cellphone networks (
: Sprint for example) load onto their contract phones before they are released
: to consumers. The basic stated idea is quite simple: if there are problems
|
d*********g
发帖数: 2906 | 33 轮你个头啊。我家Apple和Android的东西都有,而且Apple产品可能比你用的还多,我
就是哪个好用用哪个。
什么叫“Android给它access everything”。有人在你家Toyota车上装了一个GPS跟踪
器就变成了Toyota允许它的车被跟踪?
enable
【在 l**t 的大作中提到】
:
: 不带这么无耻的啊。我可是有道理讲道理。你要是有任务拿钱的主,拜托不要跟我的贴。
|
