This page has been archived and commenting is disabled.

As NSA Spreads Disinformation Wooing Hoi Polloi To Shun Innovation, Dead Beat Carriers Represent Biggest Security Threat

Reggie Middleton's picture




 

carrierIQ homepage carrierIQ homepageAbout a month and a half ago, I penned the piece NSA's Greatest Weapon In Surveillance? Outright Ignorance In Tech Consumers. The goal was to attempt to wake up the less than conscious in regards to where and with whom the true threats to privacy and security stem from. Those harping on innovative designs such as Glass as security threats are failing to see the forest due to the massive amount of tree bark in the way. This piece is another attempt at education from my perspective. 

I have been hard on the large US carriers, and for good reason. Barring the smallest (and not by coincidence, the most innovative) of the 4, these guys exemplify the monopolistic behavior that has caused America to fall behind the world on many levels. Basically, from an innovation and financial performance perspective, they're basically deadbeats! Hence, 

One other reason many should be down on the deadbeat carriers is also a very fundamental given, that really shouldn't be given - Privacy! Nearly all of the major carriers use the device that they sold you to snoop on you. US cellular carriers use an app that is basically one of the most widely dispersed spyware apps in this country. It can systematically syphon out location data, keystrokes and other aspects of e-mail and SMS conversations. Don't belive me, this is a quote directly from the vendor of the spyware itself:

Network Operators and device manufacturers determine whether and how they deploy the iQ Agent and what metrics will be gathered and forwarded to the Network Operators.  The iQ Agent receives instructions in the form of a profile, which activates the iQ Agent and defines what available metrics are to be collected and provides instructions on how to pre-process the data prior to uploading. The Embedded iQ Agent is not visible or discoverable by consumers.  Since it is deeply embedded inside the device software, it cannot be deleted by consumers.

In non-nerd, anti-dork English, this says carriers decide what the spyware app and Trojan Horse rips from your device and sends back to the carrier. This spyware/Trojan Horse is purposely hidden and concealed from the owner of the device. As per Wikipedia:

  • Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.
  • Trojan horse, or Trojan, is a hacking program that is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer.[1] These backdoors tend to be invisible to average users, but may cause the computer to run slowly.  

 Here's a YouTube video showing the carrier spyware capturing keystrokes, SMS messages, emails, direct browsing activity, user names and passwords (in clear text, unencrypted) and other types of personal information. It also shows how aggressively the spyware is hidden from the enduser, and if found it is virtually impossible to stop or remove without rooting the phone. First a little Wikipedia background on the video's author:

On November 12, 2011, researcher Trevor Eckhart stated in a post on androidsecuritytest.com[23] that Carrier IQ was logging information such as location without notifying users or allowing them to opt-out,[24] and that the information tracked included detailed keystroke logs,[25] potentially violating US federal law.[26] 

On November 16, 2011, Carrier IQ sent Eckhart a cease and desist letter claiming that he was in copyright infringement by posting Carrier IQ training documents on his website and also making "false allegations."[27][28]Eckhart sought and received the backing of user rights advocacy group Electronic Frontier Foundation (EFF).

On November 23, 2011, Carrier IQ backed down and apologized.[29] In the statement of apology, Carrier IQ denied allegations of keystroke logging and other forms of tracking, and offered to work with the EFF.[30]

On November 28, 2011, Eckhart published a YouTube video that demonstrates Carrier IQ software in the act of logging, as plain text, a variety of keystrokes. Included in the demonstration were clear-text captures of passwords to otherwise secure websites, and activities performed when the cellular network was disabled.[31] The video of the demonstration showed Carrier IQ's software processing keystrokes, browser data, and text messages' contents, but there was no indication that the information processed was recorded or transmitted. Carrier IQ responded with the statement, "The metrics and tools we derive are not designed to deliver such information, nor do we have any intention of developing such tools."[32][33] A datasheet for a product called Experience Manager on Carrier IQ's public website clearly states carriers can "Capture a vast array of experience data including screen transitions, button presses, service interactions and anomalies".[34]

If the claims by Eckhart are true, the process of sending usage data is in conflict with Carrier IQ's own privacy policy which states: "When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved."[35]

 

According to Wikipedia, IQ Agent (the spyware in question) was first shipped in 2006 on embedded feature phones and has since been implemented on numerous devices and operating systems, including smartphones (Android, RIM,[8] iPhone), USB modems and tablets. It is currently running on over 150 million devices, making it one of the most ubiquitous of spyware packages known to this author.

Here's some more interesting excerpts from said article:

 On December 1, 2011, Carrier IQ issued a "clarification" (reference 1 December 2011: Important Clarification About the Data Received from Mobile Devices) to its November 23 statements: "While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen... As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities... Carrier IQ acts as an agent for the operators. Each implementation is different and the diagnostic information actually gathered is determined by our customers – the mobile operators. Carrier IQ does not gather any other data from devices. Carrier IQ is the consumer advocate to the mobile operator, explaining what works and what does not work. Three of the main complaints we hear from mobile device users are (1) dropped calls, (2) poor customer service, and (3) having to constantly recharge the device. Our software allows operators to figure out why problems are occurring, why calls are dropped, and how to extend the life of the battery. When a user calls to complain about a problem, our software helps operators’ customer service to more quickly identify the specific issue with the phone."[39]

There has been debate whether Carrier IQ software actually sends the collected data in real time or if it is stored on the phone and only gets read out later. The company clearly states on its web page that its software is able to provide real-time data: "Carrier IQ’s Mobile Service Intelligence solution eliminates guesswork by automatically providing accurate, real-timedata direct from the source – your customers' handsets." (emphasis added).[40]

 

Of course, on the same page I got there clarification (1 December 2011: Important Clarification About the Data Received from Mobile Devicesfrom, you can also find this press release: 19 October 2011: Nielsen and Carrier IQ Form Global Alliance to Measure Mobile Service Quality. The authors at Wikipedia picked this up as well, to wit:

Although the phone manufacturers and carriers by and large say the software is strictly used to monitor its phone systems and not to be used by third parties, a press release on October 19, 2011 touted a partnership with Nielsen Company. The press release said, "Together, they will deliver critical insights into the consumer experience of mobile phone and tablet users worldwide, which adhere to Nielsen’s measurement science and privacy standards. This alliance will leverage Carrier IQ's technology platform to gather actionable intelligence on the performance of mobile devices and networks."[48]

Long story, short (as if it isn't already too late for that), instead of worrying about new Glasses taking a picture of you walking down the street (after 40 other cameras just did the same thing), you should be more focused on all of the info stored (against your will) and ripped from your cellular handset. Even if you were to give ALL of the carriers, and ALL of these spyware companies the benefit of the doubt, the way THIS Trojan horse is put together (client server relationship with complete push/pull capabilities), all the NSA has to do is flip a switch and the'll know what flavor 'snuff great grandma likes to chew! 

Consider yourself warned! I doubt very seriously if this revolution will be televised (or even streamed from Netflix!).

It took me nearly an hour to get this stuff off of my device, and even more time to lock it down. Those who are interested in having this institutional spyware removed from their phones for a fee should contact support [at] boombustblog [dot] com. My son is starting a service that will do it for you, but you will void your warranty as a result of seeking said privacy. Of course, anyone who purchased insurance should be covered anyway, but always read the fine print..

 Despite all of this I still believe Tech Is Far And Large The Biggest Thing This Millennium - Lehman, EU Crisis Included. I am actively looking to servce on the boards of tech companies.  Security companies in the mobile space currently have my eye, but I'm looking to advise and serve on the boards of any company in the mobile computing space. For those who don't know me, reference "Who is Reggie Middleton?".

 

Next up, small companies in the secutiry space looking for capital, investors in the ZIRP space looking to deploy - Is there a profitable fit? 

 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Thu, 10/24/2013 - 10:25 | 4086081 TradingTroll
TradingTroll's picture

Reggie, some friendly advice, dont sit on a tech Board. You will be liable forever for things that occurred in the tech company while you are Director. But its impossible to know every single application or hardware modification, and what it does. Some will be secret, the Board will never find out.

 

It could devastate you financially and end your career.

Thu, 10/24/2013 - 09:16 | 4085768 TradingTroll
TradingTroll's picture

Tech is for trendies. After the NSA spying revelations, I have lost interest in tech. The wireless waves cause brain damage, the government spies on you, and its just an expensive toy.  I called my caiier last month and took off all the bells and whistles, just a barebones 500 minute plan with caller ID for $75/mo, just for emergencies. I can do all my work on a desktop and landline.

I think, over time, the negative health effects of using a wireless device+cell tower radiation+gas meter and smart meter wireless radiation will have its effect. I dont want to get cancer too soon.

 

It willl be like that wonder drug Thalidomide.

Thu, 10/24/2013 - 10:21 | 4086065 czardas
czardas's picture

Due to technology you are living longer and FAR easier than previous generations.   Due to technology you have more free time, entertainment options and far better health care than just a decade ago.  Due to technology fossil fuel consumption is declining annually.  Due to technology you can easily bitch about technology in real time.  

Yes, any creation can be used for bad but hasn't that always been the case?  The problem here is not technology per se but the folks using it for nefarious reasons (like guns, knives, food, etc).  Technology will increasingly become a greater part of our lives unless they move to the middle of a forest and hibernate. 

Thu, 10/24/2013 - 09:22 | 4085802 freedogger
freedogger's picture

Thalidomide was fairly instant in its effects. IF there are any harmful effects of wireless, it won't be provable (in terms of convincing the masses). Like it or not, this stuff is going everywhere and into everything.

Thu, 10/24/2013 - 09:14 | 4085765 spanish inquisition
spanish inquisition's picture

Based on phone carrier releases of cooperation and shut down of secure emailing systems, it is not that hard to posit that Carrier IQ has been contacted by the US government and it is illegal for them to acknowledge the relationship and what information they are already providing. The relevations of NSA spying have little to do with terrorism as admitted by the NSA that they have stopped maybe 1 plot. What Snowdens leak did was show was the main point of the NSA spying is espianage against other governments, businesses and individual data collection. The NSA does not care what Grandma is eating, what they want is the transcript of your latest business meeting pulled off of your remote activated phone, along with the data files to see if there is anything their "friends of the NSA" can use. As a small business you have a good shot at securing your intellectual property, as you get bigger, not so much. As a backup goal, they will try to collect everything on everyone, just in case someone starts getting famous and needs to be sidelined in the interest of freedom and democracy, because they hate our freedoms.

Thu, 10/24/2013 - 10:50 | 4086022 Widowmaker
Widowmaker's picture

What are you talking about?  Fascism LOVES your freedoms.

It's BIG business, and people pay out their asses the whole way into the abyss.

As Widowmaker is sure Reggie knows, the NSA installs their infamous "black boxes" into all the domestic regional carrier aggregation points.  They are pervasive and a "secret."  The NSA uses bullying tactics and typically uses a proxy-organization, notably the FCC to muscle these devices into your lives.  This increased dramatically in the 2000's.

The carriers (all of them including the smallest of ISP's) are complacent to undermine privacy in the pursuit of profits.

Interestingly, Middleton is cherry-picking around his precious GOOGLE recommendations, which acquired Motorola.  Motorola smartphones pump every keystroke back to the mothership -- no spyware, THE PHONE!  This has been well documented in tech-blogs.  Encrypted website submissions come back in plaintext from the Motorola mothership.   C'mon Reggie, GOOG leads the Fascist charge!!

http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html

http://blogs.computerworld.com/smartphones/22435/motorola-secretly-spies...

http://boingboing.net/2013/07/03/motorola-droid-silently-insec.html

It is prudent to assume EVERY goog device does this in some manner (privacy monetized in the bullshit interest of homeland insecurity), including tablets, and their new computer.

Fascism doesn't like innovation, nor electronic progress because it threatens the survival of systemic incorporated corruption at the top.  It's the preservation of power at the root of all this bullshit.

WHERE THE FUCK IS KONGRESS??  ** Crickets **

Need a plank in the platform to run for office?  Use the vote from the 2011 Patriot Act extension to boot encumbants.  This is a dirty secret among "the encumbants" and most are petrified it gains steam from other contenders.

http://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm...

See which Kongressional Misrepresentatives are performing fellatio on Fascism.

 

Thu, 10/24/2013 - 09:11 | 4085752 Ungaro
Ungaro's picture

The more informed we get about what our .gov is doing to us, the more prepared we can be. The NSA and their bretheren agencies monitor all our electronic communications and have the ability to tap into our devices (computers, tablets, phones).

There is much we can do to ptotect ourselves and our fundamental right to privacy. Keep your personal data on an external device (SSD, HDD, flash or optical drive) and only connect it when not connected to any network. Encrypt sensitive data and communication  using an unbreakable, mutating key algorithm encryption tool, like Cryptogra.ph and by all means, stay under the radar.

Thu, 10/24/2013 - 09:52 | 4085921 Melin
Melin's picture

Still, while we can and should continue to outsmart and hide from the enormous predator in our midst, rightful, offensive action against it is required.

Thu, 10/24/2013 - 09:21 | 4085795 Hobbleknee
Hobbleknee's picture

You're on the radar for writing that.

Thu, 10/24/2013 - 08:50 | 4085693 bank guy in Brussels
bank guy in Brussels's picture

As befitting someone like Reggie Middleton who shills for the CIA's Google ...

Reggie makes an 'article' copying and pasting from the CIA's Wikipedia

Was proven years ago that thousands of 'edits' in Wikipedia are made from gov intel at known CIA - intel IP addresses (Wired magazine)

---

Links to Wikipedia, a CIA-Mossad website, support lies and hoaxes that kill innocent people. - Better to take a few seconds to find a more reliable link, than help such criminals.

Even if a Wiki link has some truth at the moment, 5 minutes later it can all be changed to sell CIA, NSA, or Mossad lies.

CIA and Mossad laugh when people link to Wikipedia - loving extra support for their crimes and Wiki-hoaxes.

---

The 'trick' of the CIA's Wikipedia is to have 90% of info appear 'neutral', content supplied by 'useful idiots' on topics the CIA finds unimportant -

So that giant enormous lies can be inserted on Wikimedia, whenever the CIA or Mossad want to deceive people, on targeted victims and 'special' topics, like US or Israeli dissidents.

The fraud 'founder' of Wikipedia, Israeli-Mossad and CIA asset Jimmy Wales, is so high up in Mossad, he goes to intimate birthday parties of the President of israel (documented by radical Israeli journalist Barry Chamish)

---

Jimmy Wales was originally a pornography pusher, where Wales' willingness to support any sick crime, to help violate children, to lie or help kill innocent people, led him to be the CIA's choice to run the CIA Wikipedia project, and become the biggest internet fraudster in the world.

Google Inc. - also a CIA contractor company, developed with CIA money - Google artificially pushes and pumps CIA partner Wikipedia, to make Wiki a dominant source of CIA and Mossad false information.

Lies on the CIA's Wikipedia are intentionally multiplied over and over, in search results via the CIA's Google, at the top of search results, to crush and erase the truth.

So with only two CIA websites - Google Inc. and Wikipedia - the USA and Israel have achieved massive internet dominance of false information.

Wales and his staff give Wikipedia support to US and Israeli figures involved in the sickest crimes, violating the bodies of children or spreading lies to smear and murder US or Israeli dissidents.

---

« Wikipedia, a fabrication of Israel’s intelligence services. They control Wikipedia and use it to provide cover for war crimes, smear campaigns and as cover for espionage operations ... Many Wikipedia “editors” are, in fact, terrorists, spies or highly disturbed persons » - Gordon Duff, Editor, Veterans Today

« Wikipedia is hailed by Zionist Israel as "…the major source of information in the world." They even advertise, with standard Zionist chutzpah, that Wikipedia is "…under constant, paid review of Zionist assets." »  - Veterans Today, citing the following article

http://www.ascertainthetruth.com/att/index.php/the-media/who-controls-th...

Wikipedia, the key Israel - US gov tool for planting disinfo on the web ... no serious journalist ever quotes that CIA shite-site like Reggie does above

Thu, 10/24/2013 - 10:21 | 4086066 TradingTroll
TradingTroll's picture

Wikipedia is probably as good a source as any for the 90% of mainstream content. Its when you get into areas like Israel, the history of Jews, that is gets crazy. I tried to edit the page on Wiki for Ashkenazi Jews, in the geneaology section, and posted new research showing that Jews came from the Caucasus-not Israel. After being called an anti-semite, and being banned from editing Wikipedia, it reallly opens your eyes. Every single editor of Wiki pages on Israel, Jews, is Jewish. Gee, no bias there, right?

Thu, 10/24/2013 - 09:33 | 4085832 gmrpeabody
gmrpeabody's picture

So, bank guy in Brussels, obviously you must have thousands and thousands of examples that you could have cut-n-pasted above for us to peruse. You know..., sort of backup the claims of lies and all...

Thu, 10/24/2013 - 10:09 | 4086002 Grosvenor Pkwy
Grosvenor Pkwy's picture

"thousands and thousands of examples"

I also would like to see some specific examples of false information on Wikipedia. Not politically controversial issues, but specific factual information.

Thu, 10/24/2013 - 10:58 | 4086264 Dr. Bonzo
Dr. Bonzo's picture

Do a Wiki search on a subject in which you are an expert. Any subject. Something you understand through and through. Go Wiki it. What you'll find is gross omissions, especially in the areas of contradictary, contrary or "fringe" theory or ideas; avoidance of demonstrable alternate theory, or a presentation of alternate theory as "controversial" (not "mainstream") and adherence to mainstream scholarship and / or ideology toeing the party line.

For bread and butter references Wiki is fine, but anything other than dipping your toe in the water requires other research. Let me put it this way. Wiki is to Information what MSNBC is to acquiring financial information on the markets. And why would you do that when you can flip through a ZH main page in 20 seconds and get an appraisal of the state of the markets? Where has MSNBC come out and presented demonstrable and meticulous proof the current market situation is an out and out fraud on a daily, no, hourly basis?

That's all there is to it.

Thu, 10/24/2013 - 12:29 | 4086738 yofish
yofish's picture

Maybe yes if what you are an 'expert' on can be controversial, like politics or economics. Not so much if you are interested the periodic scale and the additions to it over time. Of course, here @ ZH, even that more than likely has conspiratory implications.

Thu, 10/24/2013 - 10:29 | 4086100 czardas
czardas's picture

I've seen a few in the past (discussion over how many Russians were killed in WW2 - the "normal" claim of 13 million or the Russian of 21 million).  BUT, the article clearly stated that this was in dispute and more documentation was needed.   The vast majority - and all the technology and mathematical entries - come from regular folks.  My article on "Type Sets" clearly states that references are needed.

What the conspiracy hound is focusing on is subjective things - politics, historical interpretation not adhering to his particular ideas, etc. He will most likely not list a single "fact" present without any notes. 

Thu, 10/24/2013 - 09:35 | 4085798 Mercury
Mercury's picture

Thanks for the additional and clarifying details you have provided here about Carrier IQ and how IQ agents operate.

Your demonstrated technical expertise in this area has been a huge improvement to Reggie’s article.

 

 

Do NOT follow this link or you will be banned from the site!