 |
 |
|
Mobile phone users don't know what's going on in their devicesAdd to December 28, 2011 
After the news of Carrier IQ's numerous security and privacy issues that were recently discovered, it's now getting clearer than ever that most mobile phone users don't have a clue of what's going on inside their smartphones. Some anti-virus firms have already begun releasing Carrier IQ's detection apps for the Android operating system, but only after the controversial software became a talking point on Capitol Hill. Additionally, more than a month after a security researcher first discovered it while working on a HTC EVO smartphone, it now looks like this issue won't go away anytime soon. For its part, BitDefender has released Carrier IQ Finder, an app that identifies the presence of the controversial mobile diagnostic tool, following Lookout's earlier release of a similar tool called Carrier IQ Detector. And it gets worse. Users don't have any control over the situation and are totally at the mercy of Carrier IQ. Carrier IQ's sudden jump into the national spotlight ignited widespread confusion and anger. On Dec. 2nd, the U.S. Senate and former late-night funnyman Al Franken has called on Carrier IQ to explain why its diagnostic software, buried in the bowels of 141 million smartphones, isn't a massive violation of U.S. wiretap laws.  An Android mobile application developer has wrote about what he thinks could be a conclusive proof that millions of smartphones all over the globe are secretly monitoring key presses, geographic locations, and received messages of its users. If true, this is a serious security risk, and one that needs to be rapidly addressed and corrected by all phone makers. The whole thing started on November 30 after Android developer Trevor Eckhart released a 17-minute YouTube video indicating that the little-known application was sending everything you do on your phone back to your carrier, including what websites you visited, what your texts say and what keys you press at any time. Making matters worse, Carrier IQ and the various wireless operators that are involved actually increased the anxiety level by staying very quiet about the whole issue. They refuted the charges that they logged or tracked keystrokes, but couldn't immediately explain everything the software --intended to help carriers troubleshoot network problems-- was actually doing. "We're as surprised as anybody to see all that information flowing," said Andrew Coward, Carrier IQ's director of marketing, soon after Eckhart posted his YouTube video. Three weeks later, Carrier IQ and its customers have finally finished dissecting their products. We now mostly know how Carrier IQ works, how it got there, and what its purpose is. Well kinda, sorta that is. It turns out that those initial statements were mostly right (!) Carrier IQ sends innocuous data from your phone back to your wireless carrier like when and where you sent a text message, when and where a call is dropped, and what apps are draining your battery. That information helps carriers find problems. But 'what' problems, exactly? Here's what it doesn't do: It doesn't send your keystrokes, the content of your text messages or what websites you visit to your carrier. Huh? The log exposed on Eckhart's video, captured on an HTC EVO 3D from Sprint, turned out to be a specific, one-off issue. Carrier IQ and a security consultant, Dan Rosenberg of Virtual Security Research, determined that HTC had turned on a debug logger that should have been left off by default. As a result, the Carrier IQ app was temporarily storing everything a user did on the phone. The software maker said it is working with HTC to fix the issue. At any rate, Carrier IQ is installed on an estimated 155 million or more mobile devices, but the specific problem Eckhart uncovered appears to be limited to a small handful of devices, although he still can't be 100 percent sure of that for now. So was all the mayhem over nothing? Not really. "I want to make it clear that just because I do not see any evidence of evil intentions does not mean that what's happening here is necessarily right," said Rosenberg. "Consumers still need to be able to opt out of any sort of data collection," he said. "There needs to be more transparency here. Right now, there's almost none." One option would be to require government or third-party oversight. Even Carrier IQ suggested that some regulation would be necessary and the company hinted that it is all for it. Each wireless carrier it works with chooses to gather different information from their customers' phones, and the scope varies a lot, further compounding the problem. But cell phone owners have been largely left in the dark about what carriers are collecting, and that's another issue as well.  "The way I see it, Carrier IQ raises a lot of questions for the whole wireless industry and not only just for itself," said Andrew Coward, Carrier IQ's director of marketing. "It puts in doubt the trusted relationship between a consumer and his wireless carrier, among other things." And this is a story that is becoming all to familiar as well, and has been brewing for a while. Mobile handset makers and wireless carriers keep tripping over security holes and privacy bugs that leave customers' movements and communications more exposed than anyone had ever realized just a year or two ago. In April 2010, data researchers discovered that the iPhone appeared to be recording users' every move and sending the information back to Apple. IPhone users became furious. The question is: was Carrier IQ involved as well at that time? Nobody seems to know for sure, and at that time, Apple didn't comment for about a week, but finally posted an explanation on the company's website. The iPhone was not technically recording users' locations. Rather, it was logging nearby Wi-Fi network locations to assist with GPS tracking. Really? Wow! Still, the company admitted that it catalogued and stored a lot more data than it ever intended. Apple eventually fixed the problem with a software update in iOS. On any given day, Smartphones hold a boat load of information about their owners, and they're constantly transmitting some of that data to and from the handset's manufacturer, the wireless carrier and the companies that design the phones' software. Conclusion-- unless those so-called data transfers become more transparent to all mobile phone users, these blow-ups will likely keep happening, and we will hear and read a lot more about them. As always, Wireless Industry News will keep you posted on this and other news that affect you. In other mobile news In its role as official NFC (near-field communications) payment sponsor for the 2012 Summer Olympics in London, Visa has been promising the first contactless games. The concept is that neither athletes nor spectators will need to use cash anywhere on the Olympic site. Many credit card companies are betting that the London 2012 Olympics will give NFC technology a needed boost to promote the system, and rightly so. However, rather than wait around for other companies to bring NFC to the masses, Visa has decided to enter the mobile accessories market itself. To achieve that, Visa is releasing its new iCart mobile app to European customers earlier this year. "We have the iCart. It's just a small casing just a couple of millimeters thicker at the bottom of an iPhone or a BlackBerry where the payment application sits," said Sandra Alzetta, head of Visa's mobile payment unit. "And we're looking at putting the NFC payment application on the microSD chip and that will all be ready in time for the summer Olympics," she added. Companies note that the beauty of the microSD system - a small memory card commonly found in digital cameras - is that the card can be inserted into most currently-available mobile handsets, independent of mobile phone network operator. That could prove to be a great business advantage, according to Guillermo Escofet, a wireless industry analyst with Informa, a market research firm.  "The reason why companies like Visa and MasterCard are pursuing this-- one is simply because it gets over the problem of a lack of handset choice. The other reason is that you don't have other players trying to crowd into the value chain, and everything is nicely controlled by Visa and the banks." But, of course, not all phones have SD card slots - most notably, the iPhone - hence the new add-on case. Meanwhile, the new giants of the mobile phone market are also moving to secure their own slice of the NFC pie, including Google, which launched its NFC payments service in the United States, with a U.K. debut slated for early in 2012. Intriguingly, Apple just published a patent in the U.S. for their own NFC system, which could bring the whole payments process and even mobile network selection under the control of the iPhone user. There are also a number of plug-in devices – like the iZettle from Sweden, or the American company, Square - that convert a phone into a credit or debit card reader. The stakes are high in a market potentially worth many billions. But the winner isn't necessarily going to be the company with the best phone or payment system, however. But in the end, NFC may not only transform the mobile market, but banking as well, and credit card companies such as Visa and MasterCard already know that all too well. "It simply comes down to who do you trust with your money?" said David Snow, an NFC expert at Juniper research. "An older generation would say 'the bank looks after my money carefully,' but a younger generation might say 'I have more affinity with Google or Facebook than I have with my bank.'" 
In other mobile news Here's a quick question for you-- if a certified first responder emergency worker gets interference on his GPS receiver and that this greatly interferes in his or her job at saving lives since the GPS radio is being drowned out by a nearby cell phone transmitter, should a cell phone user still deserve access to a much less critical service? That's a very good question, but it’s also a question that should have been asked in 2001, when the Federal Communications Commission first licensed dual-mode communications next to GPS bands, just before millions of GPS receivers were built and sold across the United States and elsewhere. This is in direct relation to the several news stories that Wireless Industry News has been covering for the past several months regarding a wireless service provider called LightSquared. The whole issue stems from the fact that LightSquared's mobile network causes severe interference to ctitical GPS services used today to locate vehicles, help commercial airline pilots land their planes in bad weather and other such mission-critical applications. And you can read many of them here: 1) LightSquared admits its network places GPS nav systems at risk 2) LightSquared is grilled by Congress over GPS interference issues 3) LightSquared says it has a solution to its GPS interference issues? 4) LightSquared steps up its offensive against the GPS industry 5) Sprint and LightSquared make a deal, share network spectrum 6) LightSquared has found another solution to its ill-designed network? 7) LightSquared becomes a MVNE, doesn't care about the interference it causes to GPS 8) Is FCC's Chairman Julius Genachowski in bed with LightSquared? 9) The GPS Coalition forces LightSquared to be on its best behavior 10) LightSquared in the news again, claims it has fixed GPS interference issues 11) LightSquared is rapidly running out of cash, files petition with the FCC Those news stories will help you better comprehend the scope of the whole issue, and how critical it is to the public's overall safety. But now, according to a recent government report leaked to Bloomberg and then described in a very basic news release from the National Executive Committee for Space-Based Positioning, Navigation and Timing, extensive testing of the proposed LightSquared cellular network “found no significant interference with cellular phones.” A U.S. Commerce Department spokesman by the name of Bill Mosley was since contacted to determine whether this referred to cellphone voice communications, or the separate GPS function in many phones. Because if LightSquared doesn’t interfere with cellphone GPS chips, that would undermine a key argument of the GPS industry. Manufacturers of the popular navigation devices such as Garmin and others say that it is technically and economically impossible to shield them fully from GPS interference on LightSquared’s neighboring frequencies. If that’s correct, how can cellphone manufacturers claim that they fixed the interference issue when in fact it would appear that they didn't? Mosley declined to answer our question, so we tracked down an engineer with direct knowledge both of the government interference testing and the design of cellphone GPS chips to find out more. He confirmed that cellphone GPS chips were unaffected in the LightSquared tests. “The radio technology using RF frequencies inside cellphones is very different,” he told us, speaking on condition of anonymity mainly because he doesn’t want to get dragged into the contentious fight between Phil Falcone’s LightSquared and practically everybody else in the wireless industry. "The GPS technology in a typical cellphone has to deal with interference from the cellphone itself, so there is more filtering.” Add to Source: Carrier IQ. Advertise with us
Copyright © Wireless Industry News. All rights reserved. |
Digg this