Carrier IQ: Difference between revisions

Carrier IQ

Company type	Private
Industry	Mobile telecommunications
Founded	Mountain View, California, United States
Headquarters	United States
Website	carrieriq.com

Carrier IQ is a privately-owned mobile software company founded in 2005 and based in Mountain View, California. It provides mobile analytics services for smartphones to the Wireless industry. The company states that its software is deployed in over 150 million devices worldwide.^[1][2]

It also has offices in London and Malaysia.

The company was founded by Konstantin Othmer and is a spin-off from his Core Mobility company. Through its Mobile Service Intelligence Platform (MSIP) its software "aggregates, analyzes, and delivers data to wireless carriers and device manufacturers. This information proves a valuable resource for these businesses to understand the quality of service their customers experience."^[3]

The company notes:

Carrier IQ is unique in the wireless industry because we are the only company embedding diagnostic software in millions of subscribers’ phones. And, we are the only ones who add the "IQ" or smarts to the data. This is Actionable Intelligence – information and analysis you can use to identify problems and more importantly, solve them. And, we are a proven leader with millions of handsets deployed with Carrier IQ software inside.^[4]

Rootkit wiretapping controversy

In November 2011, researcher Trevor Eckhart claimed that Carrier IQ was logging information such as location without notifying users or allowing them to opt out,^[5] and that the information tracked included detailed keystroke logs,^[6] potentially violating US Federal law.^[7] Carrier IQ threatened the researcher with legal action via a cease and desist letter^[8] until he sought and received the backing of user rights advocacy group Electronic Frontier Foundation, whose involvement caused Carrier IQ to back down and apologize.^[9] In the statement of apology, Carrier IQ denied allegations of keystroke logging and other forms of tracking, and offered to work with the EFF.^[10] In response, Eckhart published a video that he claims shows Carrier IQ software in the act of logging, as plain text, a variety of keystrokes. Included in the demonstration were clear-text captures of passwords to otherwise secure websites, and activities performed when the cellular network was disabled.^[11] However, although the video shows capture of the keystrokes, the demonstration also shows that the data is being transmitted outside the device and directly to Carrier IQ. Carrier IQ responded with the statement, "The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."^[12][13] A datasheet for a product called Experience Manager on Carrier IQ's public website clearly states carriers can "Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies".^[14]

Additional Information on the Self Proclaimed Expert

Trevor Eckhart Worked in sales at Staples prior to moving to Intergis where he has held his only position. Based on his own website postings he holds no official certifications in security or wireless communications. His primary function is systems administrator. He is not a programer or even a application support specialist in the wireless industry. There were assumptions made by Eckhart as to what is actually transmitted which remains to be clarified. The company appears to be getting it's message out about what they do and how they do it. Here are some other articles. CNET carrier iq more privacy alarms more confusion All Things Digital Carrier IQ Responds There was some followup testing done by Dan Rosenberg who works full time as a security consultant. Please reference his twitter page user is djrbliss.

Distribution

On December 1, 2011, AT&T, Sprint and T-Mobile confirmed it was on their phones. Sprint said, "We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool...The information collected is not sold and we don't provide a direct feed of this data to anyone outside of Sprint." Verizon was the only of the four biggest U.S. firms to say it was not installed on their phones.^[15]

Apple Computer, HTC and Samsung said the software was installed on their phones. Apple said it had quit supporting the application in iOS 5. It said, "With any diagnostic data sent to Apple, customers must actively opt-in to share this information...We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so." It said it would scrub the software from phones in some future release.^[16] HTC (whose Android phone was the subject of Eckhart's video) said, it was required on its devices by a "number of U.S. carriers." It added "It is important to note that HTC is not a customer or partner of Carrier IQ and does not receive data from the application, the company, or carriers that partner with Carrier IQ."^[15]

Nokia and Research in Motion said it categorically was not authorized for their phones.^[15] However, this does not prevent mobile carriers from installing it after the phone is manufactured.

According to the company's website the software is also installed on NEC mobile devices.^[17] and the company has a partnership with Vodaphone Portugal.^[18]

Although the phone manufacturers and carriers by and large say the software is strictly used to monitor its phone systems and not to be used by third parties, a press release on October 19, 2011 touted a partnership with Nielsen Company. The press release said, "Together, they will deliver critical insights into the consumer experience of mobile phone and tablet users worldwide, which adhere to Nielsen’s measurement science and privacy standards. This alliance will leverage Carrier IQ's technology platform to gather actionable intelligence on the performance of mobile devices and networks."^[19]

Board of Directors

Its board of directors in November 2011 are:^[20]

• Larry Lenhart, president and CEO (previously with Mohr Davidow)
• Bruce Leak, co-founder of WebTV Networks
• Jon Feiber, Mohr Davidow Ventures
• Martin Gibson, Accel Partners
• Bruce Sachs, Charles River Ventures
• Dominic Endicott, Nauta Capital

References

1. http://www.carrieriq.com/company/PR.IDC_Names_Innovative_Companies_FINAL_10_27_11.led.pdf
2. Carrier IQ apologizes, drops threat to security researcher– CNET News.com
3. http://www.privco.com/private-company/carrier-iq-inc
4. "Overview". Carrier IQ. Retrieved 2011-12-02.
5. How much of your phone is yours? - Geek.com
6. Wired - video of claim that carrier IQ logs keystrokes
7. Andy Greenberg. "Phone 'Rootkit' Maker Carrier IQ May Have Violated Wiretap Law In Millions Of Cases". Forbes. Retrieved 2011-12-02.
8. Carrier IQ Tries to Censor Research With Baseless Legal Threat – EFF.org
9. Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher - EFF.org
10. Carrier IQ official response to incident
11. BUSTED! Secret app on millions of phones logs key taps - The Register
12. questions about transmission.
13. "'Secret' app installed on millions of Android phones reads your messages | Mail Online". Dailymail.co.uk. Retrieved 2011-12-02.
14. ExperienceManager.datasheet.pdf
15. Jaikumar Vijayan. "AT&T, Sprint confirm use of Carrier IQ software on handsets". Computerworld.com. Retrieved 2011-12-02.
16. "How to turn off Carrier IQ on your iPhone - iPad/iPhone - Macworld UK". Macworld.co.uk. 1911-12-02. Retrieved 2011-12-02.
17. http://www.carrieriq.com/company/PR.CIQ-NEC.2009-02-17.pdf
18. http://www.carrieriq.com/company/PR.CarrierIQandVodafonePortugal.20090730.pdf
19. http://www.carrieriq.com/company/PR.Nielsen_CIQ_News_Release_Oct_19_2011.pdf
20. "Board of Directors". Carrier IQ. Retrieved 2011-12-02.

External links

• Carrier IQ home page
• Security researcher responds to CarrierIQ with video proof of keylogging- Geek.com