A few days ago, CarrierIQ published a 19-page report detailing their software and business. I read the 19 pages, and in case you were wondering, the statements of my previous blog post still stand, even more, they are confirmed so I have updated the FAQ with extra data. Some my comments on the report below. "The IQ Agent uploads diagnostic data once per day, at a time when the device is not being used" (page 4) This is hardly a defense to me. People do not like that their phone is being used without their consent, even if it is for good reasons. When... [Read More]
by RSS Axelle Apvrille  |  Dec 20, 2011  |  Filed in: Security Research
Q1- The basics. What is Carrier IQ? CarrierIQ is a controversial piece of code which was intentionally placed on several mobile phones by their vendors or carriers. It has the capability of monitoring and/or collecting various information - without user's consent. Q2- What is Carrier IQ exactly doing? Precisely, CarrierIQ (CIQ) has developed a series of hooks to monitor plenty of metrics such as: HT01: HTTP request URI AL15: browser's URL MG01: SMS recipient and SMS center MG03: SMS originator MG11: MMS version, sender, recipient and relay... [Read More]
by RSS Axelle Apvrille  |  Dec 13, 2011  |  Filed in: Security Research