Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Google, What Happened To 'Do No Evil'?

    CyberheistNews Vol 1, #23.5







    Editor's Corner



    KnowBe4


    [caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]



    Google: #FAIL!







    There is a process installed on most recent Android phones

    called Carrier IQ. You cannot stop this process. It looks at what is

    happening on the phone and sends every button you press to the IQ app.

    From there, the data — including the content of text messages — is sent

    to Carrier IQ’s servers, in secret. I checked it out on my own HTC

    Android phone from Sprint and sure enough, it's there.



    It cannot be turned off without rooting the phone and then replacing the

    whole OS. Moreover, even if you stop paying for service from your

    carrier and just use Wi-Fi, your phone still reports to Carrier IQ. Dang!



    Worse, if you use Google search, and type in a search term, this is

    supposed to be https, so it should be encrypted. However, the Carrier

    IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.



    This particular software is also installed on modern BlackBerry and Nokia

    phones, but no one knew about it until Eckhart analyzed how it works.

    The software secretly logs pretty much anything that happens on a phone,

    supposedly for the reason that carriers and phone manufacturers 'can do

    quality control'. Yeah right, maybe so, but Carrier IQ can be served with

    subpenas as well, and then all traffic is right there for Big Brother to

    be perused. Me no like.



    Wow, what a privacy and security hole, unbelievable. Here is the 17-min

    video where he clearly shows what is going on. Eckhart calls it a rootkit,

    but that is a bit much, though it clearly qualifies as a Backdoor Trojan

    in my book.



    It's not clear yet how this went down, did Google cave to the carriers'

    demands to have this running without being able to stop it, to get their

    contracts? Did the carriers put it on there without them knowing? Why did

    they not scream bloody murder when they found out? Who is behind this?



    I would have expected more from Google, and am disappointed. See the

    video for yourself. Not that I have anything to hide, but I'm going

    to root my phone now. Video on WIRED:


    http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/



    Warm regards,



    Stu Sjouwerman

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews