Feeds

2011 Reg roundup: Hacking hacks, spying apps and an end to Einstein?

Smartphones, privacy and a year of tears

  • alert
  • submit to reddit

The essential guide to IT transformation

Who's that inside my phone?

Carrier IQ's code was confirmed to exist on devices from Apple, AT&T, Sprint, HTC, and Samsung. Verizon, Nokia and Research in Motion denied reports saying they use it.

Trevor Eckhart, the Android app developer who initially uncovered the presence of the spying app, posted his evidence to YouTube. Meanwhile, Carrier IQ vice-president of marketing Andrew Coward rejected claims that the software posed a privacy problem because it doesn't capture key presses and doesn't report back in real-time.

It seemed Carrier IQ was intended for diagnostics, hence the reporting aspect. Coward told The Reg that data is dumped out of a phone's internal memory almost as quickly as it goes in.

In a world where a single researcher can quickly broadcast his results via YouTube, the handset makers, carriers and the software company are left looking like they have something to hide.

Only in cases of a phone crash or a dropped call is information transferred to servers under the control of the cellular carrier so engineers can troubleshoot the problem. Not that this stopped Washington's politicians from jumping in: while the story was breaking, US senator Al Franken called on Carrier IQ to explain why its diagnostic software isn't a massive violation of US wiretap laws.

Privacy also became easy fodder in a low-scoring battle between tech's big names: Microsoft and Google.

Researchers this year discovered that Apple's iPhone and iPad were constantly tracking users' physical location and storing the data in unencrypted files that could be read by anyone with physical access to the device. Elsewhere, it was found Google's Android can store your Wi-Fi router's precise location and broadcast it for the world to see. Hacker Samy Kamkar said Google was compiling a publicly accessible database of router locations in its goal to build a service like Skyhook, which pinpoints the exact location of internet users who use its sites.

Apple and Google weren't alone, however. It emerged that Windows Phone 7 builds from Dell, HTC, LG, Nokia and Samsung were transmitting info to Microsoft that included unique device IDs, details about nearby Wi-Fi networks and the phone's GPS-derived exact latitude and longitude.

Caught out, Microsoft sent a lofty letter to members of the US Congress in May saying it would stop identifying specific mobile devices that use its location-tracking services. Andy Lees, then president of Microsoft's mobile communications business, wrote: "The location-based feature of a mobile operating system should function as a tool for the user and the applications he or she elects to use, and not as a means to generate a database of sensitive information that can enable a party to surreptitiously 'track' a user."

Google also contacted The Reg to say it's not accurate to say the company collects a "unique identifier" from every phone that informs the company of its location.

Clearly this was a touchy subject. It reminded us of the furore in the 1990s and more recently when Windows was caught "reporting" back to Redmond. In the event, it was information useful for improving security, producing software fixes and ruining software pirates' afternoons - but the fact that Microsoft hadn't been upfront poisoned the atmosphere as the company was entering a browser anti-trust bubble.

Carrier IQ, phone makers and network providers are also now suffering from the same lack of trust because we're now in a world where a single researcher can quickly broadcast his or her results via YouTube. What other hidden code could be lurking inside our smartphones and watching what we are doing?

Diagnostics is one thing, but knowing where you are and what you're doing happen to be two vital pieces of data. The ability to access this information would be a huge boon to those making and selling phones and related mobile services. Social networks such as Facebook and Foursquare rely on being able to monetise such data. Google and Microsoft want to refine context-sensitive ads around it. This means the issue of data privacy and smartphones is an onion that has plenty of layers left to peel.

Neutrinos, Phobos-Grunt and Neil Armstrong's embarrassment

Space and science saw earthly breakthroughs and extraterrestrial setbacks.

Nearly two years ago, the the largest and most powerful particle accelerator on the planet, the Large Hadron Collider, went live. LHC's mission has been to track down the Higgs boson: its existence could help explain why some particles have mass, helping explain the fabric of the universe.

Prof Brian Cox by Brian Lee

Cox: time-traveling neutrinos taking scientists back to basics

As the year wound down, boffins reckoned they were getting closer to pinning down the elusive boson but the LHC threw up one particular result that had atom-smashers scratching their domes and time-travel fans hunting eBay for DeLoreans.

Physicists working for CERN in September fired a beam of 15,000 neutrinos from Geneva, LHC's HQ, to Gran Sasso in Italy – only to find the particles completed the 730km journey 60 nanoseconds faster than light would have.

Translated: the neutrinos had traveled faster than light, but Albert Einstein in 1905 had said no object could be accelerated to the speed of light. His assertion underpins the theory of space-time and of relativity and it cements our understanding of cause and effect, of past and present – of time travel.

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE accused of silencing customer gripes on social media pages
Hello. HELLO. Can EVERYTHING EVERYWHERE HEAR ME?!
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.