On Tuesday of this week a systems administrator named Trevor Eckhart from Connecticut released a video demonstrating a piece of keystroke sniffing software called Carrier IQ that is embedded in millions of Nokia, HTC, Samsung, Android and Blackberry smartphones. According to Echkart’s analysis of the software’s operation on his own phone, Carrier IQ captures every keystroke on a device as well as location and other data, and sends it to a highly-obscured application on the phone before a call, text message, or Internet data packet is ever communicated beyond the phone. According to Carrier IQ’s own website, the company claims that it has installed the program on more than 140 million handsets.
The software has also been found on Apple devices, but on those devices the software only records location.
Carrier IQ has released statements claiming that the purpose of the software is only to monitor the devices so that the makers can improve performance and that they do not record the information or sell it to other customers.
Regardless of whether their claims prove to be true (which will certainly be tested in court as the company may be violating federal wiretapping laws), the fact that this is happening without the knowledge or consent of the user, and that the user does not have the option to opt out is very disturbing. And whether or not Carrier IQ uses or sells the information that their software is gathering, they have opened another door for hackers who definitely would use the information for nefarious purposes.
This revelation is a further demonstration of what a security risk these devices can be and a reminder that we should think carefully before sending or reading sensitive or confidential information using them.