A security researcher has posted a video detailing hidden software installed on smart phones that logs numerous details about users’ activities.
In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software – known as Carrier IQ – logs every text message, Google search and phone number typed on a wide variety of smart phones – including HTC, Blackberry, Nokia* and others – and reports them to the mobile phone carrier.
The application, which is labeled on Eckhart’s HTC smartphone as “HTC IQ Agent,” also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with “HTTPS,” Eckhart said.
The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video.
“Why is this not opt-in and why is it so hard to fully remove?” Eckhart wrote at the end of the video.
In a post about Carrier IQ on his website, Eckhart called the software a “rootkit,” a security term for software that runs in the background without a user’s knowledge and is commonly used in malicious software.
Eckhart’s video is the latest in a series of attacks between him and the company. Earlier this month, Carrier IQ sent a cease and desist letter to Eckhart claiming he violated copyright law by publishing Carrier IQ training manuals online. But after the Electronic Frontier Foundation, a digital rights group, came to Eckhart’s defense, the company backed off its legal threats.
The Electronic Frontier Foundation said the software that Eckhart has publicized “raises substantial privacy concerns” about software that “many consumers don’t know about.”
Carrier IQ could not immediately be reached for comment. But the company told Wired.com that its software is used for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
On its website, Carrier IQ, founded in 2005, describes itself as “the world’s leading provider of Mobile Service Intelligence solutions.”
Watch video of Eckhart explaining his findings:
*Update: A Nokia spokeswoman said CarrierIQ does not ship products for any Nokia devices
Update: Grant Paul, a well-known iPhone hacker who goes by the screenname “chpwn”,wrote on his blog that Apple has included Carrier IQ on the iPhone, but the software’s default is disabled.