Android phones, or at least some of them, contain a serious glitch that an attacker could exploit to steal data, eavesdrop on your calls or even wipe your phone clean.
A team of computer science researchers from North Carolina State University discovered the flaw on eight smartphones from HTC, Motorola, Samsung and Google. In their paper, “Systematic Detection of Capability Leaks in Stock Android Smartphones,” the researchers explain that the issue stems from coding bugs, called “capability leaks,” within Android’s permission-based security system.
An attacker that exploits a capability leak on a targeted phone could also obtain a phone’s geo-location data and send premium-rate text messages, all without the victim’s knowledge.
“Several privileged (or dangerous) permissions that protect access to sensitive user data or phone features are unsafely exposed to other apps which do not need to request these permissions for the actual use,” the researchers wrote.
It only took a scolding letter from a Senator, a class action lawsuit and a few thousand news stories, but smartphone software makers Carrier IQ finally responded to allegations of logging keystrokes and spying on users on Thursday night. The company’s denying the most serious user-tracking allegations, a number of questions about exactly what the software does and how users can turn if off remain. Among them, how long has this been going on and what the heck was Carrier IQ (and its clients) thinking in the first place?
Related: Yes, Even iPhones Can Spy on You, Too
In case you haven’t kept up with the controversy, Carrier IQ’s software is deeply embedded in the software of about 150 million smartphones around the world, including Android, iPhone, BlackBerry and other devices. It logs a large amount of data, the company says in an updated press release, “to monitor and analyze the performance of [mobile operators’] services and mobile devices to ensure the system (network and handsets) works to optimal efficiency.” Carrier IQ describes itself as “the consumer advocate to the mobile operator, explaining what works and what does not work.” But over the past couple of months, escalating concerns from data security experts and hackers alike have questioned whether or not Carrier IQ is actually overdoing it, collecting so much data that it may be violating federal wiretapping laws. On Wednesday, Senator Al Franken raised this concern in a (very detailed) letter he sent to Carrier IQ’s CEO on Wednesday, commenting how recent revelations about Carrier IQ’s tracking practices were “deeply troubling.” On Thursday, a group of angry consumers sued Carrier IQ as well as device manufacturers HTC and Samsung for violating the Federal Wiretap Act, demanding hundreds of millions of dollars in damages — $100 per violation per day. Meanwhile, a collective protest against the company’s tracking practices is gaining steam. Not even Carrier IQ headquarters’ listing on Google Places is safe from scorn. (“Did I agree to be wiretapped? Hmmmm… let me think… HELL NO!” reads one review.)
Related: Your Smartphone Is Spying on You
As the mounting class action lawsuit would suggest, Carrier IQ’s clients — both device manufacturers and mobile carriers — are distancing themselves from the backlash. Apple said in a statement that it “stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update.” Both Samsung and HTC passed the buck, claiming that mobile carriers like ATT, Sprint and Verizon should shoulder the blame for installing the software. “Carrier IQ is required on devices by a number of U.S carriers so if consumers or media have any questions about the practices relating to, or data collected by, Carrier IQ we’d advise them to contact their carrier,” HTC said in a statement. Verizon denied using the software. ATT admitted to using it “to improve wireless network and service performance,” and Sprint similarly said it only collected “enough information to understand the customer experience with devices on our network.” The Huffington Post made a slideshow of all the various denials.
Related: Your Social Media Will Be Monitored
Like many of the great digital privacy scandals of our age, this all started with social media. Security researcher and Android developer Trevor Eckhart scared the hell out of everyone earlier this week when he posted a 17-minute-long YouTube video detailing how much data Carrier IQ actually collected, showing how it logged every keystroke, tracked your encrypted Google searches and even recorded the contents of your text messages. The company flat-out denies that last bit and “vigorously disagrees” with allegations that its software violates federal wiretapping laws. From its latest press release:
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
As paidContent’s Ingrid Lunden and Tom Krazit point out, this response leaves a lot of unanswered questions. “Is that the full list, or is there more?” they wonder. How long does the company store the data? What about the encrypted search data? When does Carrier IQ send information to carriers? And why, oh why, can’t the user simply opt-out of the service? As Eckhart made clear in his video and blog post, it takes an advanced mobile developer to find the Carrier IQ software deeply embedded in the phone’s firmware.
Related: A Smartphone Map of Our Nation
Which brings us to the big question: how do you get rid of it? Android users are in luck. A quick fix is the brand-spanking new, unapologetically named “Voodoo Carrier IQ detector,” but since it can’t remove the software, it’s not exactly a fix. For that we turn back to Eckhart, who Eckhart wrote a Logging Test app (currently in its seventh revision) that you can download and run to find out exactly what’s going on with your phone. Run the “CIQ Checks” once installed to see if you have Carrier IQ installed. If it is, you can pay $1 to upgrade to the Pro version of Eckhart’s software which will remove Carrier IQ from your phone. Folks with Apple, BlackBerry and other devices are less lucky as we haven’t identified an equivalent app-based solution, but TechCrunch has some good tips on what to do.
Related: Android’s Browser Leaves the iPhone’s in the Dust
We have to raise a cynical question here. Based on the stats in the Android app store, the sales of Echkart’s Andoird App have skyrocketed since this scandal blew up. Diagnostic software is also pretty standard across the software industry, but given how little everyone seems to know about how Carrier IQ specifically works — how much data it collects, who it sends it to, which privacy policy applies, how to opt out, etc. etc. — it would appear that a little bit of oversight is in order. But it’s a little shady that Eckhart’s whistleblower video has turned into a source of income. It will take some more time to learn the full truth behind Carrier IQ, and we wouldn’t be surprised if Franken’s inquiry turns into a full scale investigation. Until then, you might want to use a landline.
The scandal involving the wiretapping of several Slovak journalists by military intelligence agents has cost Defense Minister Ľubomír Galko his job.
But as more information behind the secret monitoring program of the Military Defense Intelligence (VOS) has unfolded, government officials have learned that one of the journalists monitored on Galko’s watch was also wiretapped when the ministry was controlled by a nominee of the Smer party in 2007.
It has also emerged that the recent VOS operation involved wiretapping the head of TV news channel TA3 and two senior Defense Ministry employees, according to leaked documents obtained by Slovak media outlets.
“The whole story of wiretapping which is being uncovered today was also going on under previous governments,” said Prime Minister Iveta Radičová, who Nov. 22 asked President Ivan Gašparovič to dismiss Galko. “It is high time to reach an agreement and [start] an initiative over control mechanisms for the intelligence services.”
The prime minister will serve as Galko’s replacement until new elections are held in March 2012.
Radičová in her response also said it is now obvious that the “intelligence services have been doing everything possible – except what they were originally supposed to do and what their main role should be.”
The Pravda and Nový Čas dailies reported Nov. 21 that three reporters from Pravda’s domestic political department – editor Patrícia Poprocká and reporters Peter Kováč and Vanda Vavrová – as well as the head of TV news channel TA3, Michal Gučík, had been wiretapped by the VOS. The alleged wiretapping ended after the fall of the government in October, according to Pravda.
Galko’s Freedom and Solidarity Party (SaS) has continued to back him. He argues that the wiretaps were performed legally and were intended to uncover criminal activity.
In Slovakia, military intelligence activities are performed by two organizations operating under the Defense Ministry: the Military Defense Intelligence (VOS), which conducts counterintelligence, and the Military Intelligence Service.
The request to apply what are known as “information technical devices” to bug journalists was signed by the head of the VOS, Pavol Brychta, and the wiretapping, which was reportedly intended to monitor the so-called “contact base” of three journalists, was approved by a judge. Brychta confirmed these details to the parliamentary committee for the oversight of military intelligence Nov. 22.
Brychta told the committee the journalists in question had participated in the leaking of sensitive information from the Defense Ministry, according to Peter Žiga, the Smer MP who leads the committee.
Opposition Smer party leader and former Prime Minister Robert Fico called the wiretapping program an assault on democracy and the foundations of the state, and suggested Galko had confirmed in live coverage that the information published by the media was genuine.
“It is one of the most serious abuses of power, to an extent that we don’t dare to dream of,” Fico told reporters Nov. 24.
It was later revealed that Smer-nominated former Defense Minister Jaroslav Baška admitted the VOS had also monitored at least one journalist during Fico’s government. In a media statement, Baška objected to comparisons made between the present affair and the wiretapping of Poprocká by the VOS in 2007, when the department was led by František Kašický, another Smer nominee, and Baška, who was deputy minister at the time. Poprocká, one of the Pravda reporters allegedly monitored by the VOS this year, was bugged in 2007 under Kašický when she worked as editor of the Žurnál weekly.
The VOS under Galko also used suspected leaks of classified information from the ministry as its justification for wiretapping journalists. Only a few days before the scandal broke, the Defense Ministry had filed a criminal complaint over suspicions that fraud had occurred during the government’s conclusion of a contract to buy a mobile communication system, MOKYS, which had cost Slovakia several billion Slovak crowns.
Just days after filing the complaint, Slovak newspaper editorial offices received anonymous information about the purchase of military trucks and military emergency vehicles. According to Galko, two of these newspapers, Pravda and Nový Čas, had “published stories about alleged illegal wiretapping of journalists by the military counterintelligence.”
Galko also said that on the one hand he understands the emotions and outrage of journalists, but “on the other hand, if there is suspicion that a crime has been committed, I am personally convinced there is no difference between a politician, or a minister for that matter, an employee, a businessman, a regular person or a journalist.”
Radičová said the Justice Ministry will review the decisions of the judges who approved the wiretaps, but added that the media did publish confidential information and violated the law by doing so.
Former general prosecutor Dobroslav Trnka has been tapped to lead the government probe into the affair.
Beata Balogová can be reached at news [at] praguepost [dot] com
North Carolina State University researchers have uncovered a malicious little flaw in the Android mobile OS, reports The Register. Turns out its pretty easy to build and distribute an app that can do all kinds of terrible things users won’t want it to – including call recording.
When you install a new Android app, you set its “permissions” — you get to tell it what it can and can’t do. Google Maps should be able to access your location, for example, but Angry Birds has no business recording your phone calls.
This backdoor works by skipping this essential step. Upon installation, an app can potentially not tell you what it’s actually doing.
To demonstrate the bug, researchers created an app that was successfully able to do all kinds of things you’d never want an app to do without your knowledge — record phone calls, send unauthorized text messages, and track the phone’s (your) location.
The EVO 4G proved most susceptible to the problem while the Nexus S and Nexus One proved most secure.
Manufacturers say they are aware of the problem and should be addressing it shortly. Until then, be extra careful while installing your Android apps!
A man accused of murdering two soldiers refused to answer detectives’ questions because his solicitor feared their consultations would be bugged, a court has heard.
Colin Duffy’s former lawyer Pat Vernon said Northern Ireland police refused to provide reassurances on his concerns over monitoring at Antrim custody suite.
Solicitor Manmohan Sandhu was imprisoned for unrelated offences after an earlier case where his conversations with a client were recorded at the same police station.
Duffy and co-accused Brian Shivers deny the murder of Sappers Mark Quinsey and Patrick Azimkar, who were shot outside their army base in Antrim.
Duffy’s then-solicitor Mr Vernon told Antrim Crown Court: “We were not in a position to answer any questions because of my inability to advise Mr Duffy, given the failure of the police to confirm that the interview was not being monitored.”
Sappers Quinsey, 23, and Azimkar, 21, were shot dead by the Real IRA as they collected pizzas with comrades outside Massereene Army base in Antrim town in March 2009.
Duffy, 44, from Forest Glade in Lurgan, Co Armagh, and Shivers, 46, from Sperrin Mews, in Magherafelt, Co Londonderry, deny two charges of murder and the attempted murder of six others – three soldiers, two pizza delivery drivers and a security guard.
Duffy was advised by his solicitor during days of police interviews about the attack. He was counselled to deny membership of any organisation or any involvement after he told his solicitor he was not guilty. His legal team at the trial want the interviews excluded and the judge to avoid drawing any adverse inference from Duffy’s non-cooperation.
Prosecution lawyer Paul Ramsey QC said Mr Vernon had reiterated several times that no evidence had been put to his client and asked why he had not similarly put his concerns about monitoring on the record during interviews.
Mr Vernon responded: “I had made it clear to them (police) that I was not happy with their assurances so they were aware of my concerns about the question of monitoring.” He said he was given a letter which neither confirmed nor denied the monitoring but linked any such move to the surveillance commissioner.
