New Questions About Mobile Phone Privacy

Doug Bernard | Washington DC

Trevor Eckhart, by his own account, is a 25-year-old “average Joe.” A digital developer based in Connecticut, Eckhart’s been quietly exploring the privacy and security aspects of the Android mobile operating system.

This week, the quiet ended.

Screen-grab from Eckhardt's video documenting IQAgent keystroke logging

First posted on his website “Android Security Test” a while back, Eckhart began exploring what applications developed by the firm Carrier IQ were doing while he was on his Android phone. Carrier IQ, based in Mountain View, California, markets a variety of mobile applications, or apps, that monitor and track mobile phone use, and then provide that information back to service providers and developers. Carrier IQ says this information is limited and protected, and is only used to improve mobile service and use. “We are counting and summarizing performance, not recording keystrokes or providing tracking tools,” reads in part a statement on the company website.

But Eckhart says his research suggests that’s not the case, and in documents on his site – and visually in a 17 minute video – he lays out the case that Carrier IQ products are doing much more than they say, all out of sight of the average user.

Using his own HTC Evo mobile phone, Eckhart demonstrates how apps such as “HTC IQAgent” run in near-hidden mode on his phone; even once he finds them, he’s unable to turn them off. He then runs his phone through its paces – turning it on and off, dialing numbers, sending SMS text messages and browsing websites. Alarmingly, it appears that the IQAgent app logs and transmits every keystroke he makes, all hidden from view. Eckhart dials a number, and IQAgent duly records and transmits every digit. He sends a text, and it notes who, how, when, and of course what the message actually said. There’s even a complete log of every website he visits and what he does there, even while using the security-enhanced “https” format. Remember – this is all in addition to the actual functions his phone is performing with the actual service provider.

Eckhart called IQAgent a “rootkit”, which in tech terms is a bit of software that is considered critical to function, loads and runs automatically, and is largely (or entirely) outside of the user’s control. That, apparently, was fighting words for the Carrier IQ. They responded swiftly, denying the claim, demanding he remove information about the company and threatening Eckhart with legal action. Late last week, the Electronic Frontier Foundation, or EFF, stepped in to provide Eckhart assistance and legal help, and Carrier IQ pulled back.

The kerfuffle only drew more attention to Eckhart’s work, and to the largely un-noticed Carrier IQ firm.

Reporters started digging, and it quickly became clear how little was known about the company, its products and who uses them. How many apps are there, what are its clients, and just who are they transmitting all those keystrokes to?

Here’s what’s known. It’s estimated that Carrier IQ’s tracking apps run on 150 million hand-held devices, an astonishingly large number. This week AT&T, Apple, Sprint and T-Mobile all admitted to using Carrier IQ software on at least some of its devices. Sprint and AT&T also acknowledged they receive some transmitted data, but both firms insisted it was all anonymous, and for network diagnostics only.

For its part, Carrier IQ continues to state that its products don’t actually “record” all those keystrokes, meaning that its software may detect a large amount of keystrokes (or all of them) but that most of that information is not communicated back to the service providers. CNNMoney spoke with security analyst Dan Rosenberg, who said “People need to recognize that there’s a big difference between recording events like keystrokes … and actually collecting, storing, and transmitting this data to carriers, which doesn’t happen.”

But that’s cold comfort for digital privacy proponents, who note the firm originally denied even detecting all those keystrokes – a claim it has gingerly inched back  from since Eckhart posted his video. And the timing for Carrier IQ could hardly be worse, coming just a week after a flurry of reports – and Congressional denunciations – of mobile apps that track a shopper’s movements through stores and shopping centers. (The British firm, Path Intelligence, has backed off those plans, for now.)

For the moment, with a little help from the EFF, Trevor Eckhart says he’ll do what he can to continue his work. Only now, it’s likely he won’t be the only one.

Eckhart’s demonstration video:

Carrier IQ’s response:

Teleconferencing In the Hmong Diaspora

Anna Boiko-Weyrauch | Seattle, Washington

How do you interact with members of your community if they’re stretched across the world?

Many people rely on the Internet, email and social media to communicate across borders.  But for many Hmong people – far from their ancestral home in Asia – teleconferencing is the most popular way to share news and information.

Cher Vang stays connected with the far-flung Hmong community via teleconferencing programming. (Photo: VOA - A. Boiko-Weyrauch)

Call-in radio

Each day around the world, thousands of Hmong – one of several ethnic Southeast Asian ethnic groups – pick up their telephones to listen to the radio.

They tune in to one of at least 20 different teleconferences, which broadcast programming similar to traditional radio stations.  But instead of flipping a switch to pick up the signal, they make a call. Read the rest of this entry »

And Spreading Malware Hits Big and Small Alike

Periodically we like to share a few of the stories and posts from across the web that caught our eye.  There are no editorial threads implied connecting these items together, other than being interesting.

#1: LulzSec vs. NewsCorp: After very publicly disbanding just a few weeks ago, it seems the LulzSec hackers have come out of retirement and have a new target – Rupert Murdoch.

The “lulz” began early this week with a hack of The Sun, one of News Corporation’s many newspapers and sister publication to the recently shuttered News of the World.  “Media moguls body discovered” yelled the headline of a phony story, mocking Mr. Murdoch and the recent troubles of his News Corporation.

The bogus article was quickly erased, but the hackers warned of more serious problems to come.  Specifically, the LulzSec Twitter feed claimed the group has up to 4 gigabytes of private emails from the Sun’s servers – which they may, or may not, begin releasing, depending on which Twitter claim you believe.

@AnonymousSabu, thought to be one of LulzSec’s founders, tweeted that “We’re releasing something we found in The Sun’s mail server, shortly. Ouch. Ready for the media storm?”  But when that release failed to occur, @AnonymousIRC, associated with a hybrid LulzSec/Anonymous offshoot, tweeted this: “We think, actually we may not release emails from The Sun, simply because it may compromise the court case.”  That was quickly followed by this tweet from @LulzSec: “We’re currently working with certain media outlets who have been granted exclusive access to some of the News of the World emails we have.”

So far, no media organization has admitted to any partnerships with LulzSec, AnonOps, AntiSec or any of the other heads of the larger Anonymous hydra.  But  in an interview with British newspaper The Independent this weeek, Sabu warns that The Sun hack was “simply phase 1″ of a larger operation that hackers intend to launch against other News Corporation’s properties – and Murdoch himself.  Not content to stop there, Sabu then suggested additional targets, warning: “New York Times, Forbes, LA Times, we’re going in.” Read the rest of this entry »

Hacking, Blagging, and Why the Murdoch Hacking Scandal is Nothing New

AP Photo/Kirsty Wigglesworth

There’s an unofficial rule among British journalists: dog doesn’t bite dog.  In other words, reporters working at one Fleet Street tabloid should not expose the wrong doings of reporters at other Fleet Street tabloids, as there are plenty of wrong doings to go around.

That rule is just one of the many casualties of the burgeoning phone hacking scandal involving media mogul Rupert Murdoch and his now shuttered News of the World tabloid.  Murdoch may become another.

As CEO and founder of News Corporation, Rupert Murdoch spent decades building the world’s second largest media conglomerate, measured by revenue, behind only the Walt Disney Company.  He is not a man known for his modesty, nor are the newsrooms of his nearly 200 newspapers, radio stations and global TV networks.

For decades, politicians in Australia, Britain, the United States and other nations have sought the endorsements of Murdoch’s newspapers, and scorned the wrath of his broadcasters.  As the New York Times‘ David Carr recently wrote:  “The News Corporation has historically used its four newspapers — it also owns The Sun, the Times of London, and the Sunday Times — to shape and quash public debate, routinely helping to elect prime ministers with timely endorsements while punishing enemies at every turn.”

It’s also been an open secret for years that some of his English papers – notably The Sun and News of the World – along with other British tabloids, have engaged in a variety of questionable activities collectively known among journalists as the “Dark Arts.”  Those arts allegedly include, but aren’t limited to, bribing civil servants and police, wiretapping the phones of public officials, using private investigators to obtain personal information, hacking mobile phones and something the Brits call “blagging” – the art of obtaining powerful information.   At times those actions have lead to prosecutions, more rarely convictions, but nothing in the past has hit News Corp – or journalism more generally – than this summer’s hacking scandal.

Read the rest of this entry »

Mobile Devices Are Saving Lives and Money

Rosanne Skirble | Washington, D.C.

Photo: WHO Girish Babu Bommankanti

World Health officials have released the most comprehensive global survey to date of how mobile phones and other wireless communication technologies are improving health care delivery around the world.

The World Health Organization survey notes that there are more than five billion mobile phone subscribers in the world today. That means more than eight out of 10 people around the world make use of the mobile devices.

That’s more people than have access to paved roads, electricity or the Internet, says Misha Kay, head of the World Health Organization’s Global Observatory for eHealth, which produced the report. Mobile technology, Kay says, is about more than just wireless phone calls. Read the rest of this entry »

Fighting Hunger and Poverty with Mobile Technology

Steve Baragona | Washington, D.C.

Developing world farmers receive tips on improving crop yields by watching how-to videos on their mobile phones.

Mobile phones are the latest weapon in the fight against hunger and poverty.  The devices provide a new way to deliver information to developing world farmers in hard-to-reach places.

A group at the University of Illinois has produced several videos that demonstrate simple, low-cost ways to improve the lives of people in the developing world. One video shows farmers how to make a natural insecticide out of seeds from the neem tree.

Spreading the word

“There’s been a dramatic revolution in the way that we can share information,” says the University of Illinois’ Barry Pittendrigh. “And that’s come about both through the Internet and through the dramatic increase in the use of cell phones, especially in developing nations.”

Cell – or mobile – phones are everywhere in the developing world and they are becoming increasingly sophisticated. Read the rest of this entry »

…And Whom It Might Benefit Most

There’s been a certain amount of buzz following a series of stories on the development of what’s being termed a “cell phone panic button.”  At first view, it may seem like a sensible, even helpful idea for democracy advocates.  But there are growing worries that it may not just be the “good guys” who stand to benefit.

In essence it would work like this: imagine  pro-democracy activists are working in a repressive nation.  Their mobile phone is most likely a valued tool – serving as an address book, document library, camera, connection to the Internet and access to social networks.   In the right hands, a smart phone can be powerful – and in the wrong ones, it can be exquisitely vulnerable.

Say now this imaginary activist is arrested by security forces.  Before the police can get access to everything stored on the phone, the activist hits an app – a “panic button” – that sends out an alert to all his or her contacts before entirely wiping the phone’s memory clean. Read the rest of this entry »

How Mobile Phones are Increasingly Becoming a Threat in Jails

Andrew McIntyre is no school boy.  As the BBC reports, he had been convicted on numerous firearms and drug-related charges and was serving an eight-month sentence behind bars.

But that wasn’t enough to slow McIntyre’s burgeoning drug business.  From his jail cell he was able to direct his illegal operations by using smuggled mobile phones.

And use them he did: in one three month period McIntyre called or texted over six thousand times before being caught.

Earlier this month, also in Britain, prisoner Michael Long used a cell phone he illegally bought from a prison warden to record his life at Bullington Prison.  Worse, he emailed the images and videos to news agencies, which broadcast the images of lax security and other problems.

And today, showing the resourcefulness of those incarcerated, the New York Times is reporting that inmates in seven Georgia prisons…

“…have used contraband cellphones to coordinate a nonviolent strike this weekend, saying they want better living conditions and to be paid for work they do in the prisons.”

Correctional officers have known for years that as mobile phones become smaller, more powerful, and easier to connect to a variety of networks, they are also becoming one of the most highly-prized contraband items in prisons.  These phones have been used to threaten witnesses, direct payback ‘hits’ and even build illegal operations.

Now it seems the prisoners are getting smarter – not only communicating with the outside world, but among themselves.

As the adage goes, it seems information – like humans – wants to be free.

The rapid spread of cell phones in the Middle East over the past decade has created a new space for young people in closed societies to interact and express themselves while providing activists with more efficient ways to organize massive political campaigns.

In so doing, mobile technology is reshaping the region’s cultural landscape.  VOA’s Aida Akl has this look.