Feeds

BUSTED TWO: Carrier IQ monitor-ware on iPhones too?

Chpwn finds agent in /usr/bin

Internet Security Threat Report 2014

Blogger and iPhone hacker Chpwn believes that the controversial Carrier IQ software isn’t confined to Android devices.

In this blog post, he says a look at the /usr/bin folder reveals Carrier IQ’s agent software, identified as IQAgent in iOS 3, and either awd_ice2 or awd_ice3 on iOS 4 or iOS 5 devices.

At this point, Chpwn believes the daemon does not have access to the UI layer, which means it may not be able to capture the kind of data exposed in Android devices.

While Chpwn states that he is not certain the software is launched except when the phone is in diagnostic mode, the discovery is certain to add further momentum to the fury mounting at Carrier IQ’s surreptitious installation on consumer devices.

After denials by Carrier IQ that it was recording user behaviour in real time, Trevor Eckhart posted a video demonstrating that the company’s software was catching Eckhart’s taps, including searches sent to SSL (secure sockets layer) servers.

The row has Australian carriers putting as much distance between themselves and Carrier IQ as they can, as quickly as they can. Telstra’s Craig Middleton hit the Twittersphere today: “Telstra does not use it. We only use customer data for connecting calls and billing for services”.

The carrier’s New Zealand subsidiary Telstra Clear made a similar, but shorter statement.

Wrapping up the Australian carrier scene, both Optus and Vodafone told News.com.au that Carrier IQ’s software isn’t in use in this country; Vodafone has made the same statement for New Zealand, as has Telecom New Zealand. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.