Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Google, What Happened To "Do No Evil?"

    Stu Sjouwerman | Nov 30, 2011

    CyberheistNews Vol 1, #23.5

     

    Editor's Corner



    KnowBe4


    Google: #FAIL!







    There is a process installed on most recent Android phones

    called Carrier IQ. You cannot stop this process. It looks at what is

    happening on the phone and sends every button you press to the IQ app.

    From there, the data — including the content of text messages — is sent

    to Carrier IQ’s servers, in secret. I checked it out on my own HTC

    Android phone from Sprint and sure enough, it's there.



    It cannot be turned off without rooting the phone and then replacing the

    whole OS. Moreover, even if you stop paying for service from your

    carrier and just use Wi-Fi, your phone still reports to Carrier IQ. Dang!



    Worse, if you use Google search, and type in a search term, this is

    supposed to be https, so it should be encrypted. However, the Carrier

    IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.



    This particular software is also installed on modern BlackBerry and Nokia

    phones, but no one knew about it until Eckhart analyzed how it works.

    The software secretly logs pretty much anything that happens on a phone,

    supposedly for the reason that carriers and phone manufacturers 'can do

    quality control'. Yeah right, maybe so, but Carrier IQ can be served with

    subpenas as well, and then all traffic is right there for Big Brother to

    be perused. Me no like.



    Wow, what a privacy and security hole, unbelievable. Here is the 17-min

    video where he clearly shows what is going on. Eckhart calls it a rootkit,

    but that is a bit much, though it clearly qualifies as a Backdoor Trojan

    in my book.



    It's not clear yet how this went down, did Google cave to the carriers'

    demands to have this running without being able to stop it, to get their

    contracts? Did the carriers put it on there without them knowing? Why did

    they not scream bloody murder when they found out? Who is behind this?



    I would have expected more from Google, and am disappointed. See the

    video for yourself. Not that I have anything to hide, but I'm going

    to root my phone now. Video on WIRED:


    http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/



    Warm regards,



    Stu Sjouwerman

    Topics: Cybercrime

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All