Hardware 2.0 So, there's a rootkit hidden in millions of cellphones By Adrian Kingsley-Hughes | December 1, 2011, 6:20am PST Summary: Rootkit found in Android, Symbian, BlackBerry, webOS and even iOS handsets … but not Windows Phone handsets. [UPDATE: According to a statement from Apple, the company stopped supporting Carrier IQ with iOS 5.0.] iPhone owners: Here’s how to disable the collection of diagnostic information on your handset. So, it seems that there is a rootkit hidden in millions of Android, Symbian, BlackBerry, webOS and even iOS handset that logs everything we do. WHAT?!?!?! [UPDATE: According to Nokia, 'CarrierIQ does not ship products for any Nokia devices.'] The rootkit belongs to a company called Carrier IQ and it seems that it has low-level access to the system that allows it to spy on pretty much everything that you do with your handset. This, on the face of it, seems like an extremely serious breach of security, privacy and trust. The capabilities of the rootkit were first discovered by 25-year-old Trevor Eckhart. Here’s a video showing how everything, including text messages and encrypted web searches, are being logged. It’s truly horrifying. NOTE: At this point there is no evidence to suggest that keystroke data is being transmitted from the handset. According to Carrier IQ the company is ‘not recording keystrokes or providing tracking tools.’ The video above seems to suggest otherwise. When Eckhart initially labeled the software as a rootkit, Carrier IQ threatened him with legal action. Only when the Electronic Frontier Foundation stepped in did the company back off from this threat. “Every button you press in the dialer before you call,” Eckhart says on the video, “it already gets sent off to the IQ application.” Like I said earlier, there’s a version of Carrier IQ on Apple’s iOS, but it doesn’t seem to be quite the same and doesn’t seem to access as much information. Also, if you want to disable Carrier IQ on your iOS 5 device, turning off Diagnostics and Usage under Settings seems to be enough. You might have noticed that I didn’t list Windows Phone 7 OS earlier. That’s because it seems that Windows Phone handsets don’t have Carrier IQ installed. Here’s a video that explains some more about Carrier IQ. This video also contains a clip from a video by Carrier IQ’s vice president of marketing explaining how the company sees this as being completely legal. There are a LOT of unanswered questions. I’m expecting an avalanche of press releases from a lot of carriers and handset makers over the next few days. Here’s a video by Carrier IQ CEO Larry Lenhart describing the benefits of their technology. According to Lenhart, Carrier IQ doesn’t record keystrokes and doesn’t provide tracking tools: [UPDATE: Some carriers and makers are already coming out with details.] Poll Carrier IQ ... do you want it removed from your handset? Yes No Undecided VoteView Results Poll Do you believe that you opted-in or consented to Carrier IQ logging? Yes No VoteView Results What are your thoughts on this? Related: So, there’s a rootkit hidden in millions of cellphones How to disable the Carrier IQ ‘rootkit’ on your iPhone CarrierIQ: Follow the money and it is the carriers behind it Finding and cleaning out your smartphone’s Carrier IQ poison Senator demands answers over Carrier IQ mobile phone tracking