Greg's Bite: Mobile Device Insecurity
By Greg Mills
The location insecurity flap last summer really set the stage for the current public reaction to the Carrier IQ issue, which is going on right now. Frankly, when you fully understand the motives for the likes of AT&T, Sprint and other cellular networks in diagnosing and improving service, you can excuse them adding such software to the smartphones running on their systems. What is less forgivable is the lack of transparency in users knowing what software is lurking in the smartphones we pay a pretty penny for and trust with a growing amount of personal data.
While Apple responded within a day of the issue becoming a hot topic in the tech press, the Apple customization and use of Carrier IQ appears to have been more intrusive in the past. The major difference between Carrier IQ's function in Android phones and iPhone are strikingly different. Informed consent to diagnostic software being turned on and exactly what it does should be a fundamental right of the user.
Key logger software is really the worst of the worst intrusion into the privacy of the user. Passwords, personal messages and other information that by all standards of privacy ought to be kept secret are not only out of users' control, but they didn't even know the data was compromised. At a time when the tech world is seeing the "Cloud" become part of our mobile computer experience for syncing and accessing data anywhere, the potential for disastrous releases of that information are obvious.
If my system software on my smartphone is key logging every button I tap and sending it off to Mountain View, California, the next question is who has the access to see my data? Have Carrier IQ files been accessed by the government with or without a warrant? Could Carrier IQ's servers have been hacked? Would they admit it or even know it that had happened?
Can the Carrier IQ software be turned on remotely? Can it be reconfigured to be more intrusive and send key logger data to a third party? Couldn't Carrier IQ's software be the basis for malware that could infect smartphones without anyone knowing?
For all the above reasons, Carrier IQ, all the handset makers, Google's Android OS team, Apple's iOS team and the cellular networks have a lot of explaining to do and likely civil lawsuits to face alleging federal wire tapping charges and potentially criminal charges. Who is to blame and what part of this is criminal is sure to shake out over the next year or so.
In the meantime, with an iPhone you can turn off the diagnostic software, as far as anything I have read, by going to Settings>About>Diagnostics and Usage>select Automatically Send or Do Not Send. Think before you trust smartphones to keep anything private, you never know any more.
That is Greg's Bite.