Mobile, Tech|December 1, 2011| Author: Kim LaCapria|Tags: , , ,

[CarrierIQ] Developer Finds Scary Hidden Functionality in Many Popular Smartphones

carrierIQ trevor eckhart

A 25-year-old Connecticut system administrator has discovered what appears to log every action users engage in using their smartphones, and is back with another muckracking video after rootkit maker CarrierIQ attempted to quash speculation about the functionality of their software.

Trevor Eckhart details how the logging software records sensitive data including passwords, private text messages and even information accessed when the devices are in airplane mode and thus not engaging the carrier’s network. The discovery raises some serious questions about such practices in relation to wiretapping laws, and legal experts say the allegations are almost certain to spark costly class action lawsuits should the videos prove to be accurate in how CarrierIQ’s products function on the devices- which include popular HTC and RIM BlackBerry handsets.

Former Justice Department prosecutor Paul Ohm spoke to Forbes about the implications of the discovery, and says that Eckhart’s videos most definitely fall afoul of federal laws:

“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap… And that gives the people wiretapped the right to sue and provides for significant monetary damages.”

Ohm cites changes made to the Wiretap Act under the Electronic Communications Privacy Act of 1986 and says that in during his Justice Department tenure, precedent was set to prosecute such actions:

“Because this happens with text messages as they’re being sent, a quintessentially streaming form of communication, it seems like exactly the kind of thing the wiretap act is meant to prevent,” he says.  ”When I was at the Justice Department, we definitely prosecuted people for installing software with these kinds of capabilities on personal computers.”

He adds:

“Even if they were collecting only anonymized usage metrics, it doesn’t mean they didn’t break the law. Then it becomes a hard, open question. And hard open questions take hundreds of thousands of dollars to make go away.”

You can watch Eckhart’s full walkthrough of the functions, below: