The Recent revelation that most of us are carrying around smartphones with embedded rootkits is both surprising and not so surprising. It's surprising because it makes you wonder, "How stupid can the carriers be?" It's not surprising because we already know the answer to that. Here's what the furor is all about: Back in March an Android software developer using the alias "kOnane" noticed something odd: His Sprint-supplied Samsung smartphone included some fairly well-hidden software which was always started when the device was booted and was always running. Moreover, it was hard to stop the code. A bit more sleuthing revealed that the software is called Carrier IQ (supplied by a company of the same name) and is intended to provide wireless service providers with data about the performance of smart-phones for planning and diagnostic purposes. Unfortunately, the depth of Carrier IQ's data collection isn't restricted to stuff that cell carriers could reasonably want to know. Oh no. The software can collect much more and relay it back to the Carrier IQ mothership. In other words, this software is an out-and-out rootkit, a hidden piece of code designed to be hidden and capable of monitoring everything that happens on a smartphone, including tracking which applications are run and for how long, as well as logging texts and email sent, numbers dialed, XML data read, Web pages loaded... you name it, Carrier IQ can detect and log it.
展开▼