Mobile ‘Rootkit’ Maker Tries to Silence CriticalAndroid Dev

  • Thread starter Thread starter Virus Guy
  • Start date Start date
V

Virus Guy

http://www.wired.com/threatlevel/2011/11/rootkit-brouhaha/

Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev
November 22, 2011

A data-logging software company is seeking to squash an Android
developer’s critical research into its software that is secretly
installed on millions of phones, but Trevor Eckhart is refusing to
publicly apologize for his research and remove the company’s training
manuals from his website.

Though the software is installed on millions of Android, BlackBerry and
Nokia phones, Carrier IQ was virtually unknown until the 25-year-old
Eckhart analyzed its workings, recently revealing that the software
secretly chronicles a user’s phone experience, from its apps, battery
life and texts. Some carriers prevent users who actually find the
software from controlling what information is sent.

http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

Eckhart called the software a “rootkit,” a security term that refers to
software installed at a low-level on a device, without a user’s consent
or knowledge in order to secretly intercept the device’s workings.
Malware such as keyloggers and trojans are two examples.

He also mirrored the Mountain View, Calif. company’s training manuals
he’d found on Carrier IQ’s publicly available website. The manuals
provide a limited roadmap for how Carrier IQ works, Eckhart said in a
telephone interview.

When Carrier IQ discovered Eckhart’s recent research and his posting of
those manuals, Carrier IQ sent him a cease-and-desist notice:

https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redacted.pdf

saying Eckhart was in breach of copyright law and could face damages of
as much as $150,000, the maximum allowed under U.S. copyright law per
violation. The company removed the manuals from its own website, as
well.

On Monday, the Electronic Frontier Foundation announced it had came to
the assistance of the 25-year-old Eckhart of Connecticut, whom Carrier
IQ claims has breached copyright law for reposting the manuals.

“I’m mirroring the stuff so other people are able to read this and
verify my research,” he said. “I’m just a little guy. I’m not doing
anything malicious.”

The company is demanding Eckhart retract (.pdf) his “rootkit”
characterization of the software, which is employed by most major
carriers, Eckhart said.

The EFF says Eckhart’s posting of the files is protected by fair use
under the Copyright Act for criticism, commentary, news reporting and
research, and that all of Carrier IQ’s claims and demands are
“baseless.”

https://www.eff.org/sites/default/files/eckhart_c&d_response.pdf

Andrew Coward, Carrier IQ’s marketing manager, said in a telephone
interview Tuesday that the company, not Eckhart, should be in “control”
of the manuals. “Whatever content we distribute we want to be in
control of that,” he said. “I think obviously, any company wants to be
responsible for the information that gets distributed.” He said “legal
matters” prohibited the 6-year-old company from discussing the Eckhart
flap further.

He said the company’s wares are for “gathering information off the
handset to understand the mobile-user experience, where phone calls are
dropped, where signal quality is poor, why applications crash and
battery life.”

“We’re not looking at texts. We’re counting things. How many texts did
you send and how many failed. That’s the level of metrics that are being
gathered,” he said.

He answered “probably yes” when asked whether the company could read the
text messages if it wanted.

Marcia Hofmann, an EFF senior staff attorney, said the civil rights
group has concluded that “Carrier IQ’s real goal is to suppress
Eckhart’s research and prevent others from verifying his findings.”

In a Monday letter to Carrier IQ, Hofmann said Eckhart’s speech was
protected by the First Amendment.

What’s more, the company is demanding that Eckhart inform Carrier IQ of
the names of all persons to which Eckhart has forwarded the training
material. The company also wants Eckhart to send “written retractions”
to everybody who has viewed his research in hard copy or on the web.

Among other things, Carrier IQ insists that Eckhart retract his “root
kit” characterization of the unremovable software, and other statements,
by issuing a press release to The Associated Press.

In 2005, Sony came under fire for installing a rootkit on music CDs.
Security expert Bruce Schneier wrote then that “The Sony code modifies
Windows so you can’t tell it’s there, a process called ‘cloaking’ in the
hacker world. It acts as spyware, surreptitiously sending information
about you to Sony. And it can’t be removed; trying to get rid of it
damages Windows.”

In a letter to Eckhart, Carrier IQ said, “If you do not comply with
these cease and desist demands within this time period, please be
advised the Carrier IQ, Inc. will pursue all available legal remedies,
including seeking monetary damages, injunctive relief, and an order that
you pay court costs and attorney’s fees.”

The deadline expired Nov. 18, but so far Carrier IQ has not made good on
its threats.
 
Virus Guy said:
http://www.wired.com/threatlevel/2011/11/rootkit-brouhaha/

Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev
November 22, 2011

A data-logging software company is seeking to squash an Android
developer’s critical research into its software that is secretly
installed on millions of phones, but Trevor Eckhart is refusing to
publicly apologize for his research and remove the company’s training
manuals from his website.

Though the software is installed on millions of Android, BlackBerry and
Nokia phones, Carrier IQ was virtually unknown until the 25-year-old
Eckhart analyzed its workings, recently revealing that the software
secretly chronicles a user’s phone experience, from its apps, battery
life and texts. Some carriers prevent users who actually find the
software from controlling what information is sent.

http://androidsecuritytest.com/features/logs-and-services/loggers/carrier
iq/

Eckhart called the software a “rootkit,” a security term that refers to
software installed at a low-level on a device, without a user’s consent
or knowledge in order to secretly intercept the device’s workings.
Malware such as keyloggers and trojans are two examples.

He also mirrored the Mountain View, Calif. company’s training manuals
he’d found on Carrier IQ’s publicly available website. The manuals
provide a limited roadmap for how Carrier IQ works, Eckhart said in a
telephone interview.

When Carrier IQ discovered Eckhart’s recent research and his posting of
those manuals, Carrier IQ sent him a cease-and-desist notice:

https://www.eff.org/sites/default/files/eckhart_cease_desist_demand_redac
ted.pdf

saying Eckhart was in breach of copyright law and could face damages of
as much as $150,000, the maximum allowed under U.S. copyright law per
violation. The company removed the manuals from its own website, as
well.

On Monday, the Electronic Frontier Foundation announced it had came to
the assistance of the 25-year-old Eckhart of Connecticut, whom Carrier
IQ claims has breached copyright law for reposting the manuals.

“I’m mirroring the stuff so other people are able to read this and
verify my research,” he said. “I’m just a little guy. I’m not doing
anything malicious.”

The company is demanding Eckhart retract (.pdf) his “rootkit”
characterization of the software, which is employed by most major
carriers, Eckhart said.

The EFF says Eckhart’s posting of the files is protected by fair use
under the Copyright Act for criticism, commentary, news reporting and
research, and that all of Carrier IQ’s claims and demands are
“baseless.”

https://www.eff.org/sites/default/files/eckhart_c&d_response.pdf

Andrew Coward, Carrier IQ’s marketing manager, said in a telephone
interview Tuesday that the company, not Eckhart, should be in “control”
of the manuals. “Whatever content we distribute we want to be in
control of that,” he said. “I think obviously, any company wants to be
responsible for the information that gets distributed.” He said “legal
matters” prohibited the 6-year-old company from discussing the Eckhart
flap further.

He said the company’s wares are for “gathering information off the
handset to understand the mobile-user experience, where phone calls are
dropped, where signal quality is poor, why applications crash and
battery life.”

“We’re not looking at texts. We’re counting things. How many texts did
you send and how many failed. That’s the level of metrics that are being
gathered,” he said.

He answered “probably yes” when asked whether the company could read the
text messages if it wanted.

Marcia Hofmann, an EFF senior staff attorney, said the civil rights
group has concluded that “Carrier IQ’s real goal is to suppress
Eckhart’s research and prevent others from verifying his findings.”

In a Monday letter to Carrier IQ, Hofmann said Eckhart’s speech was
protected by the First Amendment.

What’s more, the company is demanding that Eckhart inform Carrier IQ of
the names of all persons to which Eckhart has forwarded the training
material. The company also wants Eckhart to send “written retractions”
to everybody who has viewed his research in hard copy or on the web.

Among other things, Carrier IQ insists that Eckhart retract his “root
kit” characterization of the unremovable software, and other statements,
by issuing a press release to The Associated Press.

In 2005, Sony came under fire for installing a rootkit on music CDs.
Security expert Bruce Schneier wrote then that “The Sony code modifies
Windows so you can’t tell it’s there, a process called ‘cloaking’ in the
hacker world. It acts as spyware, surreptitiously sending information
about you to Sony. And it can’t be removed; trying to get rid of it
damages Windows.”

In a letter to Eckhart, Carrier IQ said, “If you do not comply with
these cease and desist demands within this time period, please be
advised the Carrier IQ, Inc. will pursue all available legal remedies,
including seeking monetary damages, injunctive relief, and an order that
you pay court costs and attorney’s fees.”

The deadline expired Nov. 18, but so far Carrier IQ has not made good on
its threats.

Hi Virus Guy..

Feel free to post any updates to this you find. I'm interested in what
happens as a result of his research.
 
FromTheRafters said:
~BD~ said:
On 08/12/2011 16:03, FromTheRafters wrote:
[....]

I read that a few days ago. I do admire folk who fight their corner! :-)

Mr. Eckhart did well - IMO!
They apologized to him. Still, I think his characterization might have
been a little over the top.

My Sprint HTC phone is infected with it. Those pricks unrooted it during
the last OTA update. Now I have to flash it back to pre-update,
re-root, and install a hacked ROM to get around the keylogger. I turned
the damn thing off.

They said I was in a 4-G area, and lied. Their engineers work super-hard
to disable tethering (a feature of 2.2+) and want an exta $30/mo. to
enable "hot spot". I told them I don't want to create a ****ing
"hot-spot", all I want is to have the features of Froyo that are
built-in. I just have not got myself worked up enough to goto the
Sprint store to let them "have it". Customer 'support' is useless.

--

"I don't like to discriminate against terrorists based on nationality.
If you declare war on the United States and you want to kill us,
We're going to kill you first, period."

October 19, 2011 - Ali Soufan (Colbert Report)
 
Back
Top