Trevor Eckhart Stories November 30, 2011


Last we checked in on the Carrier IQ situation, XDA-Developer member Trevor Eckhart, the researcher who exposed the tracking software being deployed on various Android devices from Sprint, was receiving legal threats from the company behind the software. Eckhart didn’t back down, however, with the Electronic Frontier Foundation issuing a response to Carrier IQ on his behalf. Now, to further solidify his claims that Carrier IQ described as “false allegations”, Eckhart has put together the video above (via TechCrunch) showing how the software could theoretically track, record, and transmit user input.

While the video in no way proves that Carrier IQ or Sprint is actually collecting and recording the data, it’s clear IQ does have access to log user keystrokes with unique identifiers, track phone numbers dialed, record unique codes for SMS messages, and log secure data over WiFi unencrypted. While Carrier IQ and Sprint both deny actually transmitting and recording this data, it doesn’t seem necessary that the software would have these capabilities for its intended purpose– to improve the quality of their customer’s (Sprint’s) network and “understand device issues”.

More troubling is the fact that users are not informed of the software at any time and, according to TechCrunch, some are even reporting increased battery life and improved overall performance when the software is removed. Eckhart’s video ends by posing four questions to Carrier IQ and Sprint: expand full story

Trevor Eckhart Stories November 23, 2011

Some pretty alarming news coming from the Android hacking community today. If you haven’t yet heard of Carrier IQ, it’s essentially tracking software that has been found loaded into the source code of several devices being shipped by Samsung, HTC, and other Android vendors. The software is said to track and log user activities. Now, this has been known for sometime and wouldn’t normally be newsworthy at this point, but the company behind Carrier IQ is now actively threatening XDA-Developers member Trevor Eckhart, a.k.a TrevE, the same dev who first discovered the software.

As part of Eckhart’s research to expose the software, he posted training material that the company had already made available publicly online. Following his analysis and criticism of the software, Carrier IQ  removed the training material from their own website and issued a cease-and-desist letter to Eckhart demanding that he remove the documents and replace his report with a statement written by Carrier IQ renouncing his research. They also want him to issue that statement as a press release.

Eckhart didn’t back down, fortunately. On his behalf, the Electronic Frontier Foundation has issued a response to Carrier IQ’s cease-and-desist letter. Here’s an excerpt: expand full story

Powered by WordPress VIP