Carrier IQ and the Surveillance state
During a recent speech to delivered at the City University in London, Wikileaks founder Julian Assange said that most smartphones can be hacked remotely with ease. “Who here has an iPhone? Who here has a BlackBerry? Who here uses Gmail? Well, you’re all screwed,” Assange said during his talk, which followed the release of 287 documents related to mass surveillance. Assange explained to the crowd that more than 150 private organizations in 25 countries can easily track phones and intercept messages, browsing history, email accounts, phone calls and more remotely.
Carrier IQ refers to a suite of what can seemingly be described as spyware pre-installed on a wide range of devices by both carriers and vendors. Carrier IQ was conceptualized by Telecom carriers to understand what problems customers were having with networks or devices for action to improve service quality. It is used to collect information to understand the customer experience with devices on networks and to devise solutions to use and connection problems. The IQ tool was not allowed to look at the contents of messages, photos, videos, etc (as a moral responsibility). Carrier IQ is marketed as an analytics tool for mobile telcos, this software claims to exist to ensure good network performance.
However, a recent research published by security expert Trevor Eckhart pulled back the veil on Carrier IQ. Carrier IQ (CIQ) sells rootkit software included on many US handsets sold on Sprint, Verizon and more. Devices supported include Apple iOS devices, Androids, Blackberries, Nokias, Tablet devices and more. Rootkit is defined as software that enables access to a device unbeknown to the device’s owner. Carrier IQ defines its own solutions as “Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users.” Eckhart estimates that Carrier IQ’s software is currently installed on more than 141 million handsets, and that was before references were found in Apple’s iOS software
Shortly after, Wikipedia in its report “the reality of the international surveillance industry” elaborated CIQ technology to spy mobile users across US, Canada, UK, Australia and several of the regimes in North Africa and the Middle East. The Carrier IQ technology has been used in Bahrain to track human rights activists. The malware reportedly can “record every use, movement and even sights and sounds of the room [a phone] is in.” The Wikileaks documents are particularly compelling given the recent revelation that millions of smartphones have spyware called Carrier IQ installed, an application that is capable of allowing wireless carriers to spy on their customers.
It is likely still too early to panic, however. Despite the extensive coverage this story has garnered across tech blogs and in the media, it remains unclear exactly what Carrier IQ and its clients are doing with this data. It isn’t even clear what data carriers have access to. Carrier IQ software on Android devices can log anything from usage data and location to key strokes and usage habits, but it has not been determined that this data is sent to carriers regularly or at all. Carrier IQ’s software can theoretically be used as a window through which carriers can spy on users in real-time if they so choose, but whether or not the software is used in this manner is also unclear.
But, as Assange rightly points out, the interception of this data will lead society to a “totalitarian surveillance state”, if the spying racket is really what it is about.
Presenting a snapshot of CIQ related statements issued by different handset makers and carriers.