TPM continues the story of Carrier IQ and its little problem that’s affecting nearly 145 million handsets (estimate from a counter on Carrier IQ’s website) here, complete with lots of links.
On Monday, the company posted a document titled “Understanding Carrier IQ Technology” which states in its second paragraph:
We want to thank Trevor Eckhart for sharing his findings with us through a working session that helped us to identify some of the issues highlighted in this report. We also want to thank security researcher Dan Rosenberg for his thorough analysis and industry recommendations and the cooperation of Network Operators in assisting our investigations.
(I bet their lawyers made them say that.)
TPM adds further analysis of the report, including:
Carrier IQ admits that in some “unique circumstances” its software, called “IQ Agent,” contained “an unintended bug” that “unintentionally” captured and transmitted encoded SMS messages to its carrier customers, among whom are some of the nation’s largest wireless companies — Sprint, T-Mobile and AT&T.
A question for you geeks out there. Please explain “unintended bug” to me.
Separately, the FBI has responded to a Freedom of Information Act (FOIA) request by Michael Morisy of MuckRock thusly:
A recent FOIA request to the Federal Bureau of Investigation for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” was met with a telling denial. In it, the FBI stated it did have responsive documents – but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.
This raises a few questions like: Who, what, when, where and why?
Later in the day, TPM posted about what it termed “an enormously helpful” clarification by the Electronic Frontier Foundation:
The post, by EFF Technology Projects Director Peter Eckersley, clarifies that the conflicting reports that have come from the company and independent security researchers regarding the full range of Carrier IQ’s capabilities have arisen because everyone isn’t referring to the same thing when they are referring to “Carrier IQ.”
The Original Bug, the Moth in the Mainframe, was indeed unintentional.
How do they know what the moth’s intention was–did it leave a note?
I am personally of the conviction the moth was an illegal alien sent here on a suicide mission to computerize the world. If it hadn’t of sparked the system we wouldn’t be having this conversation.
He died so that we may tweet.
I’m a little confused by most of the outrage on this. “What?? It sends my SMS to my carrier! No wayz!” Uhm… All of your SMS already go to your carrier, which is how they’re transmitted and received by your device. They are sent/received by the towers as part of normal operation, and logged for billing purposes. In fact, most carriers provide an option to read the entire content of SMS on-line, or sometimes right on the paper billing statement they send in the mail. (Until about 10 years ago, all SMS were printed long form on my bills. Admittedly, that was when it was in less common use…)
I get that CIQ can/does log key presses and other things (contacts, etc) not normally sent to the carrier for most devices. But the outrage seems to always be over SMS, which they already have, and have been recording for decades.
If they provided hard copies now of SMS by 15 yo girls, they’d have to deliver it with a forklift. 🙂
I assume my SMS could become public. But yes, some of the others things they track, like key presses, are much more objectionable.
I assume everything i do, whither on a phone, MacIntosh or PC, “could become public”.
Fifteen odd years ago when I began my “professional” career, I did so with a prominent Montana law firm. One fine day we were instructed to provide all materials related to a particular case and being new at the game, not to mention the game being new, we/I neglected to send along the e-mails. I kid you not, the Montana State Supreme Court sent a Marshall to Missoula to handcuff my scrawny hindside and haul me to Helena in the back of a squad car to answer as to why I, as Network Administrator, didn’t include those e-mails.
I assume everything i do, whither on a phone, MacIntosh or PC, “could become public”.
Dubya didn’t use email for precisely that reason.