View
221
Download
0
Tags:
Embed Size (px)
Citation preview
Hidden AppsCarrier IQ and Privacy in Mobile Devices
Hidden Apps
Your device: The expectation of privacy
Hidden Apps
Hidden Apps
Most people take the privacy of phone service for granted.
Regulations provide our phone calls with an expected level of security.
With the widespread use of smartphones, the level of privacy we have on mobile devices is changing.
Hidden Apps
While phone calls are protected, apps and the data stored on smartphones are not protected in the same way.o Carriers often use network monitoring software without
the user’s knowledgeo Carriers are not specific as to what data is gatheredo Regulations protect some user data but not all
Hidden Apps
The most common way to gather private user data is through hidden apps. These are programs:o Generally run without the user’s knowledgeo Can be installed by the carrier, the manufacturer or by
a user looking for other functionalityo Are often completely legal, protected by end-user
license agreements with obscure and difficult language
Return to Menu
Their service:How hidden apps can be a threat
Hidden Apps
Hidden Apps
Carriers and app developers use hidden apps to collect various kinds of data.
This data can have legitimate purposes:o Improving quality of serviceo Identifying common trouble spots on cellular networkso Troubleshooting common user issueso Identifying hardware malfunctions and failures
Hidden Apps
However, some apps are either not developed with security as a priorty.
Recently, this has come to the forefront with Carrier IQ, a company that develops a hidden app for many major carriers to monitor networks and provide a “better user experience.”
Hidden Apps
Carrier IQ, in most configurations, is completely hidden from the user and cannot be disabled.
It collects:o Network performance informationo Hardware fault informationo All user interface events (what the user taps on or
selects)o All keystroke information from phone, SMS or web
browser
Hidden Apps
Apparently, Carrier IQ does not transmit information other than network performance and other anonymous data.
However, other apps could read the data because it is logged in a completely unprotected way.
Hidden Apps
This is a video demonstration by a developer of the potential abuses of Carrier IQ software:
Hidden Apps
Carrier IQ may not be transmitting this data, but that doesn’t mean other apps can’t read logfiles it creates.
The potential for abuse in the logs generated by Carrier IQ is immense.o Carrier IQ can see all traffic, even encrypted web traffic.o Carrier IQ could be compromised to collect users’ credit
card data, contacts, location or anything they type into a keyboard or touchscreen.
o Carrier IQ could presumably be used to infiltrate corporate or public networks.
Hidden Apps
An important note: As of this writing, no evidence
exists that proves Carrier IQ has been abused in any way.
However, the publicity generated by this issue virtually guarantees that it will, given enough time.
Return to Menu
Who is affected?Hidden Apps
Hidden Apps
Carrier IQ is currently known to be in use by the following carriers:
• Sprint• AT&T• T-MobileOther carriers have not yet responded to inquiries
about their use of this software.
Hidden Apps
• Android and Blackberry phones are the most likely to use Carrier IQ and are the most susceptible to security threats.
• Carrier IQ is only implemented in a limited way on Apple’s iPhone and will soon be removed completely through an iOS upgrade.
• Carrier IQ’s future is uncertain. US Congress and the FCC have inquired into the exact nature of their data collection and software.
Hidden Apps
Carrier IQ is only a single app in a much larger world.
All users are affected by the privacy concerns these issues have raised. Some platforms may be safer than others; all of us should be wary of the drawbacks any technology presents.
Hidden Apps
Many carriers have denied using Carrier IQ but this does not mean they don’t use a similar type of tracking software. Every carrier tracks users on their networks.
What is being tracked and how will we know our data is protected?
Hidden Apps
To learn more about this issue and read stories as they develop, visit the following links:o The Verge – Carrier IQ Controversyo CNN Moneyo All Things Digital
Return to Menu