Wednesday, 23 November 2011

Pre-installed rootkit spies on mobile users

Rootkit software is pre-installed on mobile handsets sold by major network operators.

The software allows a remote administrator to spy on an individual, checking their location, what software they are running on the phone and what keys they are pressing.

This news comes from Trevor Eckhart, who recently brought attention to a logging application that is pre-installed on HTC devices. That program opened up the possibility of an attack against a phone. His latest discovery is potentially more serious and sinister. Possibly that is why he has been threatened with legal action.

In an article posted on Android Security Test, Eckhart notes that:
"Carrier IQ (CIQ) sells rootkit software included on many US handsets sold on Sprint, Verizon and more. Devices supported include android phones, Blackberries, Nokias, Tablet devices and more."
The company says that its solutions have "revolutionized the way mobile operators and device vendors gather and manage information from end users." The question is, what is this information used for? CIQ claims that it's for troubleshooting and other diagnostic purposes.

Eckhart notes that the level of power the software provides to external administrators is high:
"...instead of seeing dropped calls in California, they now know 'Joe Anyone's' location at any given time, what he is running on his device, keys being pressed, applications being used."
This information was reported last week in various places, but today it seems that Eckhart is facing possible legal action over copyright infringement. CIQ apparently did not take kindly to the distribution of some training material, or Eckhart's characterisation of its software as a rootkit.

There seems to be a recent spate of legal threats against security researchers.