Wednesday, December 21, 2011

Carrier IQ: The pre installed root-kit

Android developer Trevor Eckhart had released information (some pretty
bad info) about a widespread rootkit called Carrier IQ that can track
everything on your phone and even more worse is that it comes
preinstalled on a large number of smart phones including various
Androids, Nokia phones and BlackBerrys. Let us see how it works and
how to get rid of it.

Some time ago Eckhart discovered a hidden application on some phones
that have the ability to log everything on your device from your call
log, location, text messages, etc... This mysterious program is called
as Carrier IQ, and it’s different from the android malware, this
Carrier IQ comes preinstalled by the manufacturer of your phone. 

rootkit is a program with massive privileges and it hides it presence
from the user. It was originally designed to make a log of things like
dropped calls and bad network connections for troubleshooting and
rectification of problems. But manufacturers like HTC and Samsung have
modified it to run in background, completely undetectable.

It can slow down your phone and the big problem is that anyone on the
other side can read your text messages, see what you browse and a lot
of other things.
But phone manufacturers and wireless carriers claim that they aren't
doing anything wrong. And they cannot look at the content of messages,
photos or videos. But Eckhart claims different things. I recommend
reading the Eckhart’s article for a deeper look at how Carrier IQ
works.

Let us see how to detect it’s presence on your phone:
Right now only Android users are the only ones who are able to detect
and remove it.
First of all you need to root your device. Then using the Logging Test App v8 app( it can be downloaded from 
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=110).
You need to run the CIQ Checks task in this app on XDA will tell you
whether it’s running on your system.



If you are running an Android Open Source Project (AOSP) based ROM like Cyanogen Mod then you do not have Carrier IQ on your phone. If you are using a modded version of your manufacturer’s ROM you have chances of Carrier IQ installed. To avoid this either flash AOSP based ROMs or flash ROMs with Carrier IQ removed.

How to remove it from your device:
To remove Carrier IQ from your device you have two options. Either to flash a custom ROM that doesn’t contain Carrier IQ or use Eckhart’s Logging Test App to remove it. For both these things your phone needs to be rooted. The Logging Test App can be downloaded from the Android Market for 1$. Then open that app, select the Menu button and then tap “Remove CIQ”. This will completely remove it from your device.

No comments: