Thursday, December 01, 2011

drag2share: Carrier IQ: How the Widespread Rootkit Can Track Everything on Your Phone, and How to Remove It [Video]

Source: http://lifehacker.com/5863895/carrier-iq-how-the-widespread-rootkit-can-track-everything-on-your-phone-and-how-to-remove-it

Android developer Trevor Eckhart last week discovered a widespread rootkit, called Carrier IQ, that's capable of logging everything you do and comes preinstalled on a ton of smartphones-including various Androids, Nokia phones, and BlackBerrys. Here's how it works and how you can get rid of it.

What Is Carrier IQ?

Last week, 25-year old Eckhart discovered a hidden application on some mobile phones that had the ability to log anything and everything on your device—from location to web searches to the content of your text messages. The program is called Carrier IQ, and unlike the Android malware that's been causing such a stir, it actually comes preinstalled by the manufacturer of your phone. In fact, you can find it on a bunch of different devices, including Android, Nokia, and BlackBerry phones. It's what's known as a rootkit—a program with massive amounts of privileges that hides its presence from the user. It was originally designed to log things like dropped calls and bad data connections for troubleshooting purposes, but manufacturers like HTC and Samsung have modified it to run in the background, completely undetectable, with no option to opt out of its "services". At best, it slows down your phone, and at worst, anyone on the other end of the application could, in theory, read your text messages, see what you search on the web, and much more.

Worst of all, after being confronted, phone manufacturers, wireless carriers, and Carrier IQ themselves have tossed around blame, saying they aren't doing anything wrong. Some have and their privacy policies aren't super specific on what they collect and use. Sprint claims they are "unable to look at the contents of messages, photos, or videos" using Carrier IQ, but Eckhart claims differently. I highly recommend reading Eckhart's article for a deeper look at how Carrier IQ works and how it's manifested itself on certain devices.

Update: Our original article stated that the software also came preinstalled on iPhones and dumphones, which has not been confirmed. That information came from this article at Geeks.com, and we actually believe that to be a typo. Considering it hasn't been mentioned in any other source, and that the iPhone isn't on Eckhart's list of affected devices, we're removing it until other sources say otherwise. Thanks to everyone who pointed this out.

Update #2: It looks like Carrier IQ does, in fact, run on iOS, but in a much more stripped down version that isn't so offensive to the privacy-conscious. It's also very easy to turn off. Check out this blog post for more information.

How to Tell If It's Running On Your Phone

Carrier IQ: How the Widespread Rootkit Can Track Everything on Your Phone, and How to Remove ItRight now, Android users are the only ones able to detect and remove the program (score one for openness). However, depending on your phone, you may have to be rooted to do so. Once rooted, running the "CIQ Checks" task in this app on XDA will tell you whether it's running on your system. On HTC phones, you can also search for the app in Settings > Applications as described in the video above, but using the Logging Checker app is the most reliable way to check.

Note also that if you're running an Android Open Source Project (AOSP) based ROM—like CyanogenMod—you do not have Carrier IQ installed on your system. These apps are based on the original, open source version of Android, and don't include any carrier or manufacturer additions like Carrier IQ. If you're using a modded version of your manufacturer's ROM, however—for example, a modded HTC Sense or Samsung TouchWiz ROM—you could still have it installed. To avoid this, either flash AOSP based ROMs, or flash ROMs with Carrier IQ specifically removed (many will say NOCIQ or something similar on their description pages).

How to Remove It From Your Device

Carrier IQ: How the Widespread Rootkit Can Track Everything on Your Phone, and How to Remove ItIf you want to remove it from your device, you have two choices. Either flash a custom ROM that doesn't contain Carrier IQ (as described above), or use Eckhart's Logging Test App to remove it. Both solutions require rooting your phone.

To remove it with the Logging Test App, download the original app and then buy the $1 pro license from the Android Market. Then, open it up, hit the Menu button, and tap "Remove CIQ". This will completely remove it from your device.

Further Reading

If you want more information on Carrier IQ, XDA Developers and a few other outlets has written a few great articles that give a bit more detail. Check out the following posts if you're curious:


You can contact Whitson Gordon, the author of this post, at whitson@lifehacker.com. You can also find him on Twitter, Facebook, and lurking around our #tips page.
 

---
drag2share - drag and drop RSS news items on your email contacts to share (click SEE DEMO)