The Interwebs have been abuzz over the last 24 hours about Carrier IQ on Android smart phones, allegedly logging user activity including keystrokes. TUAW can confirm that Carrier IQ appears to be included on iOS 5, but that its purpose is most likely benign.
iOS virtuoso chpwn discovered Carrier IQ support in firmware as recent as iOS 3.x on Apple's devices. TUAW confirmed Carrier IQ references in iOS 5 after reading this post on the MacRumors forum and evaluating the /usr/bin/awd_ic3 file found in the installed OS.
The firmware contains references to Carrier IQ such as this URL included in the binary. We have included a full set of matching strings at the end of this post.
http://collector.sky.carrieriq.com:7001/collector/c?cm_sl=5
In TUAW's look through the binary calls, we found references to collecting carrier telemetry such as local cell tower, signal strength, and your phone number. We found no references to key logging. We did find remote diagnostic calls like CTServerConnectionEnableRemoteDiagnostics.
What's more, the service may need to be specifically enabled. A property list in the "mobile" user library looks like it has to be overridden to allow diagnostic logging.
iPhone # plutil com.apple.iqagent.plist
{
DiagnosticsAllowed = 0;
}
Further, the binary seems to be somewhat poorly maintained. The primary reference to the /var/wireless/Library/Logs/IQAgent/ folder has now been replaced by /var/wireless/Library/Logs/awd in actual use.
Apple's inclusion of Carrier IQ does not, in our first estimation, appear to be a root kit or threaten privacy. We reserve the right to re-evaluate our judgement on that in the future, but for now we don't see much that bothers us. Given what it records, this sounds like the "help maintain network performance" claim made by Jason Gertzen of Sprint when he was asked about Carrier IQ on Android. But even this is cautiously implemented on iOS.
If you want to stay on top of this story, follow chpwn's blog as he continues to investigate.
Update: The Verge reports that in terms of Android, the Google Nexus One, Nexus S, Galaxy Nexus and original Xoom tablet don't have Carrier IQ. So it appears to be OEMs and carriers who are putting this on the phone.
As for Apple and the iPhone, according to John Gruber you can basically opt-out of Carrier IQ by digging into Settings > General > About > Diagnostics & Usage and turn off the "Send Automatically" switch.
Update 2: Apple has made a statement indicating they quit supporting Carrier IQ with iOS 5, and it has never used Carrier IQ to record personal info like keystroke logging, etc. Apparently it will be removed entirely in a future update.
Carrier IQ references found in iOS 5, probably benign (updated with Apple statement) originally appeared on TUAW - The Unofficial Apple Weblog on Wed, 30 Nov 2011 23:58:00 EST. Please see our terms for use of feeds.
Carrier IQ references found in iOS 5, probably benign (updated with Apple statement) originally appeared on TUAW - The Unofficial Apple Weblog on Wed, 30 Nov 2011 23:58:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Source: http://www.tuaw.com/2011/11/30/carrier-iq-references-found-in-ios-5-probably-benign/
iPhone games reviews iPad games reviews iPhone apps reviews iPad apps reviews new iphone games
No comments:
Post a Comment