Tag Archives: security

Hello World… Ahem, Hello Carrier IQ

How would you feel if your every location, keystroke, button push, SMS, URL and Web search you made on your mobile was monitored, read and stored by a piece of factory pre-installed software that automatically sends it to a company you’ve never heard of, plus this software cannot be switched off or removed? AKA a *rootkit

You wouldn’t like it would you? Well, if you have a modern Android, BlackBerry or Nokia phone, then that’s exactly what’s been happening from the first time you switched it on.

And when I say every keystroke, I mean EVERY single keystroke! so yes every login and password you’ve made, even over HTTPS, has been recorded and is now stored by Carrier IQ

Don’t believe that’s possible, then check out this Wired article, plus the video below (although jump to 11 mins in for the good / scary stuff!)

Trevor Eckhart original post. The root kit creator Carrier IQ

* “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge, in order to secretly intercept the device’s workings. Malware such as keyloggers and trojans are two examples.

UPDATE: there’s a Twitter hashtag for this now #CIQ

The App Genome Project

At the Black Hat Security Conference, Lookout unveiled the App Genome Project, which is the largest mobile application dataset ever created. In an ongoing effort to map and study mobile applications, the App Genome Project was created to identify security threats in the wild and provide insight into how applications are accessing personal data, as well as other phone resources. Lookout founders John Hering and Kevin Mahaffey initiated the App Genome project to understand what mobile applications are doing and use that information to more quickly identify potential security threats.

With the prevalence of mobile devices, they have become inherent in our lives, the more we depend upon the information stored within them, the greater the risks posed when this information falls into the wrong hands. Is this something you should be concerned about? Your Identity Matters, but how much it matters is up to you.

similar post here

Fakebook: Koobface Virus

If you use Facebook, then you should read this article from the BBC about the Koobface virus that has been playing havoc on Facebook. Below is a snippet of the article, but follow the link to read it all on the BBC site.

‘Koobface’ spreads by sending a message to people’s inboxes, pretending to be from a Facebook friend.

It says “you look funny in this new video” or “you look just awesome in this new video”.

By clicking on the link provided they’re then asked to watch a “secret video by Tom”.

When users try and play the video they’re asked to download the latest version of Adobe Flash Player.

If they do, that’s when the virus takes hold and attacks the computer.

Interestingly this dovetails nicely with a post I made called “You don’t know Jack” back in August