Google, What Happened To "Do No Evil?"



CyberheistNews Vol 1, #23.5

 

Editor's Corner



KnowBe4


Google: #FAIL!







There is a process installed on most recent Android phones

called Carrier IQ. You cannot stop this process. It looks at what is

happening on the phone and sends every button you press to the IQ app.

From there, the data — including the content of text messages — is sent

to Carrier IQ’s servers, in secret. I checked it out on my own HTC

Android phone from Sprint and sure enough, it's there.



It cannot be turned off without rooting the phone and then replacing the

whole OS. Moreover, even if you stop paying for service from your

carrier and just use Wi-Fi, your phone still reports to Carrier IQ. Dang!



Worse, if you use Google search, and type in a search term, this is

supposed to be https, so it should be encrypted. However, the Carrier

IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.



This particular software is also installed on modern BlackBerry and Nokia

phones, but no one knew about it until Eckhart analyzed how it works.

The software secretly logs pretty much anything that happens on a phone,

supposedly for the reason that carriers and phone manufacturers 'can do

quality control'. Yeah right, maybe so, but Carrier IQ can be served with

subpenas as well, and then all traffic is right there for Big Brother to

be perused. Me no like.



Wow, what a privacy and security hole, unbelievable. Here is the 17-min

video where he clearly shows what is going on. Eckhart calls it a rootkit,

but that is a bit much, though it clearly qualifies as a Backdoor Trojan

in my book.



It's not clear yet how this went down, did Google cave to the carriers'

demands to have this running without being able to stop it, to get their

contracts? Did the carriers put it on there without them knowing? Why did

they not scream bloody murder when they found out? Who is behind this?



I would have expected more from Google, and am disappointed. See the

video for yourself. Not that I have anything to hide, but I'm going

to root my phone now. Video on WIRED:


http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/



Warm regards,



Stu Sjouwerman

Topics: Cybercrime



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews