Many Smartphones – especially those running the Android operating system – have a small software application installed from US software firm CarrierIQ. They provide diagnostic software to mobile phone network providers to enable them to analyse performance of their networks, and understand why calls might be dropped, SMS messages fail to arrive and other performance issues affecting networks.
However, US Security Researcher Tom Eckhart recently conducted tests which identify a particular issue with the way the CarrierIQ software has been implemented on some phones from some networks. He found, through rigorous testing, that the software can be configured to capture geo-location data, keys pressed, web-sites visited and just about anything else a user does on the phone. This research has now been reported on the BBC and other global media, after CarrierIQ withdrew legal action against Mr Eckhart. They had threatened to seek a “Cease & Desist” order to force Mr Eckhart to take all references to his research off his web-site, and to stop discussing the findings from his research.
The software can be deeply buried within the operating system on a telephone, and can be configured to send details of a users activity to the carrier without the knowledge or permission of the user. This research follows hotly on the heels of revelations about Apple and Google phone operating systems capturing geo-location information. Both of those firms have been summoned before a committee of the US Senate to explain their actions.
It will be interesting to watch developments in the UK, where the Regulation of Investigative Powers Act makes it an offence to capture communications data without legal authority. At present no UK carriers have confirmed that they use the CarrierIQ software. Watch this space.