BrainWave Consulting Company, LLC is a minority-owned, veteran-owned business that specializes in providing cybersecurity and other technology services to small and medium enterprises (SMB/SME).

If you haven’t already heard of Carrier IQ, you need to do some serious web searching, as they are swiftly becoming the new name in technology misuse on a massive scale.

Over 6 years ago, Sony installed a rootkit with their music software in the name of Digital Rights Management.  On some level, they have never recovered from the consumer backlash that followed, and many were supremely gratified to see them suffer one of the most extensive network break-ins on record earlier this year.

Well, the folks at Carrier IQ (CIQ) have greatly expanded on Sony’s misuse of technology, and the implications are only now being assessed.  It will be interesting to see how extensive the backlash becomes over the next few weeks and months, and if it has a chilling effect on the sale of smartphone – particularly Android-based phones.

The Story

The issue is essentially this:  Carrier IQ has created a special tracking application that is hidden on various phones – intentionally hidden.  Ostensibly, it can be used for diagnostics capabilities and to help carriers monitor network activity and issues.  However, when you read exactly what the software is configured to do, you will see that it goes WAY beyond any of these potentially noble or innocent goals, and heads right on into the land of breach of privacy.

Too bad for them, it’s easier to get exposed in the 21st century when you’re caught doing bad or dumb things…

Take a look at the following except from a recent CNET article.

In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ’s software recorded each number before the call was even made.

That’s right.   The software, which you cannot remove or uninstall without loading a custom ROM onto your phone – not a task for your average consumer – tracks all keystrokes, your location, and the contents of your messages and sends them to remote locations.  These remote locations are most likely Carrier IQ itself, since it bills itself as a service for providing diagnostics info for carriers like Sprint and others.

Check out the following links that detail the issue, including videos from the researcher that exposed the whole raw deal.


Ask Yourself the Following:

— It’s not so hard to see why they made such a vigorous effort to stop Timothy Eckhart from publishing his security research, now is it?

— Why is Carrier IQ capturing this level of data when it is not nearly necessary for diagnosing user problems on mobile networks?

— How long have they been storing this data, and who have they shared it with?

— How can we trust them (or the carriers) not to misuse this information for their own benefit (and our detriment)?

— Even if we believe that CIQ is as clean as the driven snow, given the poor security practices of so many organizations as exposed earlier this year, how can we be confident that some organization or organizations is not now attempting to break into their network in order to access this massive treasure trove of personal information?

For all we know, they’ve already been broken into, and 2012 will be the year of identity theft of a scale scarcely imaginable right now.


The Bottom Line

Be very, very careful… Your phone knows where you’ve been, who you’ve been talking to, and whether you’ve been naughty or nice. We are steadily throwing away our privacy and security through misuse of social networking and communications channels, and now throw apathy in technology usage.

As we become increasingly reliant on technology, we open up ourselves to these kinds of problems from capitalistic organizations.  Many are worried that their governments might do these types of things to track them, but in the Western Hemisphere, the government need not do anything but wait around and serve subpoenas to companies that have gone out and done all the heavy lifting for them.

Our desire for convenience and ease makes it very easy for us to be taken advantage of by any enterprising company.  And, worse yet, it’s not even a company that you have a direct relationship with – it is an organization that is working on behalf of your carrier and/or phone maker.

Don’t think that this is the only company doing something like this.  You’d better believe that there are others who have yet to get caught.  And they’re not going to stop until something significant is done to them legally or economically. 

I enjoy technology like the next person.  Actually, I probably enjoy it to a much greater degree than a large percentage of the populace, but I have found over the years that as time passes, we are experiencing far fewer of the much publicized benefits of technology, while suffering far more of its not-so-frequently-mentioned drawbacks and liabilities.

This is far more serious than most people realize.  I’ll bet we’ve only skimmed the surface of this issue, and that the ongoing fallout could have serious ramifications for the carriers, handset makers and even Google.  I wonder if this will result in far more people rooting their phones, or a slow but steady abandonment of the Android platform for something like Windows Phone 7, which does not have this particular issue.

In the meantime, I have some devices at home to check…