Update December 13: Carrier IQ issued an updated statement, new concerns for an endless saga…
I am proud to post here the first known detection in Italy of the infamous Carrier IQ software!
As you will probably know, everything started on Nov. 28, on the other side of the Atlantic, when Trevor Eckhart, an Android developer posted a video on YouTube showing the hidden software Carrier IQ interacting oddly with his mobile phone activity. Eckhart subsequently alleged his keystrokes and data were being collected without his permission.
Easily Predictable, speculation and accusations have immediately begun, concerning the kind of data collected by Carrier IQ and presumably transmitted to Wireless Mobile Operators: as a matter of fact subsequent investigations have shown that the Carrier IQ software is embedded on nearly every mobile phone and operator, at least in the U.S where concerns of consumer privacy led Massachusetts congressman Rep. Edward Markey to ask the Federal Trade Commission to investigate the company over concerns of consumer privacy.
But although many believed the software was logging keystrokes and collecting sensitive data, a subsequent more reasonable analysis carried on reversing the code, has shown a different scenario: the software “only” collects anonymized metrics data, although there are hooks inside the code to events such as keystrokes, possibly suggesting the implementation of this kind of functionality for future versions. Essentially the analysis confirmed the content of a statement by the company which attempted to clarify how information was being collected:
We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.
Nevertheless, since the clarifications did not mitigate the fact that Carrier IQ is s a potential risk to user privacy, and users may not choose to to disable it, As a consequence a bunch of Class Actions lawsuits have been filed against the main handset manufacturers and carriers including, besides the obvious Carrier IQ, AT&T, Sprint Nextel, T-Mobile USA, HTC, Apple, Samsung, and Motorola Mobility.
Of course European regulators could not remain indifferent, and started immediately to investigate Carrier IQ. Germany’s Bavarian State Authority for Data Protection was the first to contact Apple, which publicly declared to have included Carrier IQ in earlier version of iOS, with support ceased with iOS 5 and completely removed for previous versions in future software updates. The German Example has immediately been followed not only by other regulators in the U.K., France, Ireland and Italy, but also from organizations like BEUC, the European Consumers’ Organisation that defend the users’ right to be told how their data is used.
I was wondering if Europe’s concerns were exaggerated (since so far the scandal seemed to be contained in the U.S.) until a friend of mine decided to test one of the available Carrier IQ detection tools on his Samsung Galaxy Tab, which was purchased from 3, an Italian Mobile Operator belonging to the H3G Giant.
Of course the results are shown above: the tool detected the Carrier IQ software in an inactive state. The bad thing is that, although apparently inactive, my friend told me he was not able to remove the software following the different procedures available on the web even if he did not spend so much time in its removal. So far I can only show the screenshot but he told me he will give me his device for a deep analaysis (with caution since it is his work device).
Thinking at this strange encounter, I admit I could not help but think to Samsung’s official statement concerning Carrier IQ (and reported by Engadget):
Some Samsung mobile phones do include Carrier IQ, but it’s very important to note that it’s up to the carrier to request that Samsung include that software on devices. One other important point is that Samsung does not receive any consumer user information from the phones that are equipped with Carrier IQ.
Since it is up to the carrier to request the software to be included on Samsung devices, I presume that 3 could have decided to install it on all the devices for the Italian Market. I tested the tool on My HTC Desire and Sensation XE (both belonging to Telecom Italia Mobile) with no result.
Francesco Pizzetti, Italy’s Protection of Personal Data Guarantor will have a lot to do… meanwhile he opened an investigation into how Carrier IQ works and is checking Italian mobile phones to verify where the software is in use.
Mobile devices are more and more becoming inseparable companions for our personal and professional life, and deadly enemies for our privacy…
- European regulators start investigating Carrier IQ (macworld.com)
- Carrier IQ: What You Should Know (mylookout.com)
- European Regulators Start Investigating Carrier IQ (pcworld.com)
Did you know that a smartphone might involve as many as 250,000 patent claims? You may easily understand why the $ 4.5 billion auction to buy 6,000 Nortel patents by the consortium formed by Apple, Microsoft, Research in Motion, Sony Ericsson and EMC was so cruel. You may also easily understand why Google, the loser of the Nortel auction, decided to react immediately acquiring Motorola and its patent portfolio made of more than 17,000 approved patents (and another 7,500 patents filed and pending approval) for the large sum of $ 12.5 billion.
Said in few words, the mobile arena is getting more and more agressive and cruel. For this reason, a litte bit for curosity, a little bit for fun, I decided to draw a chart (and a table) showing all the moves of the giant players in this mobile chessboard. Although deliberately incomplete (I did not show in the table the patent saga of NTP Inc. against the rest of the world and the settlement of Motorola vs RIM), it gives a good idea of the dangerous intersections involving partnership, fees, alliances and, most of all, lawsuits… With the strange paradox that some companies (read Apple and Samsung) are enemies before the court, but in the same time business partners.
While visualizing the idea I stumbled upon this similar graph showing the status of the mobile arena on 8 Oct 2010. I decided to use the same layout, omitting some informations, but updating it to the current date. The graph is a little bit confusing, but the confusion of the arrows reflects betten than a thousand words the real situation.
Anyway the war will not stop here: the next targets? Interdigital Inc. with its 8,800 patents which are attracting several bidders such as Apple, Nokia and Qualcomm; and, most of all, Kodak, whose survival depends on the auction of the 10% of its patent portfolio (1,100 patents), valued as high as $3 billion which are vital to compensate the losses estimated in $2.5 billion.
As far as the table is concerned, in order to avoid repetitions, it only shows the status of the lawsuits and alliances from the perspective of Google, Apple and Microsoft. Enjoy your read and the 250,000 patent claims on your smartphone!
|Company||Filed Suit Against||Has technological alliance with||Filed Suite From:|
|No one (at least so far!)||
Of course Google licensees his Mobile OS to HTC and Samsung (in rigorous alphabetical order), and it is the driver for the impressive market share growthof Samsung and HTC.
In an effort to defend Android’s Intellettual Property “to supercharge the Android ecosystem and will enhance competition in mobile computing”, on Aug 15 2011, Google announced the intention to acquire Motorola Mobility with a $12.5 billion deal. Motorola has nearly 17,000 patents.
Aug 12 2010: Oracle has filed suit against Google for infringing on copyrights and patents related to Java,. Oracle claimed Google “knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property”. Android uses a light proprietary Java Virtual Machine, Dalvik VM, which, according to Oracle infringes one or more claims of each of United States Patents Nos. 6,125,447; 6,192,476; 5,966,702; 7,426,720; RE38,104; 6,910,205; and 6,061,520.
The case is in U.S. District Court, Northern District of California, is Oracle America, Inc v. Google Inc, 10-3561.
The lawsuit is still pending and will likely take several months. The trial between Oracle and Google is expected to begin by November and Oracle is seeking damages “in the billions of dollars” from Google.
On Aug 1 2011, the judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google’s attempt to get a potentially damaging e-mail redacted.
Mar 2 2010: Apple sued HTC for infringing on ten patents, nine of which involve technologies which apply to the iPhone, while one involves the use of gestures, but only in a specific use case.
The suit has been filed in the U.S. District Court in Delaware , alleging twenty instances of patent infringement. The company also petitioned the US ITC to block the import of twelve phones designed and manufactured by HTC.
On Aug 8 2011 ITC announced to have dediced to review Apple’s patent infringement complaint against HTC.
Oct 31 2010: In response to Motorola lawsuit against Apple, Apple sued Motorola and Motorola Mobility for Infringment on several Multi-Touch patents infringments in the Wisconsin Western District Court with two distinct lawsuits. A total of six patents are involved in the two lawsuits.
On Nov 23, 2010: US International Trading Commission announced to review Apple patent case against Motorola.
Apr 18 2011: Apple filed suit against Samsung for copying the design of its iPad and iPhone with its smartphones and tablets.
Aug 10 2011: European customs officers have been ordered to seize shipments of Samsung’s Galaxy Tab computers after the ruling late on Tuesday by a German patents court.
In the last days Apple has been accused of presenting inaccurate evidence against Samsung.
Aug 24 2011: Samsung has been banned from selling some galaxy phones in the Netherlands. The ban is set to begin on October 13, but Samsung doesn’t seem to be taking it too hard.
On Jul 1 2011 the intellectual property of the Canada giant Nortel (in Bankrupt), involving 6,000 patents, was sold for $4.5 billion, in a dramatic auction, to a consortium formed by Apple, Microsoft, RIM, Sony, EMC and Ericsson. Google was the other competitor (and the big looser) for the deal. This event acted as a trigger for the acquisition of Motorola Mobility by Google.
On Aug 3 2011, In a post to the Official Google Blog, Google Senior Vice President and Chief Legal Officer David Drummond said that Apple, Microsoft, Oracle, and others have waged “a hostile, organized campaign against Android” by snapping up patents from Novell and Nortel and asking Google for high licensing fees for every Android device”, accusing them of Patent Bulying.
Curiously, Apple is one of the main technological partners of Samsung for displays and semi-conductors. Samsung produces Apple’s A4 systems-on-a-chip (SoC) and also the two companies collaborate for iPad displays (Apple is moving from LG to Samsung because oof quality issues of the former). Nevertheless the lawsuits between the two companies are compromising their relationships so that Apple is evaluating a new supplier (TSMC) for its A6 nexy generation chipset.
Oct 22 2009: Nokia sued Apple in Delaware court for infringing on ten patents related to GSM, UMTS, and WLAN standards that Nokia states they established after investing more than EUR 40 billion in R&D over the last 20 years.
On Jun 14 2011 Apple agreed to pay between $300m and $600m to cover the 111m iPhones sold since its launch in 2007. Although the exact number was not specified, additional yearly fees could be part of the agreement.
On Jan 2010 Kodak sued Apple and RIM claiming Apple is infringing its 2001 patent covering technology that enables a camera to preview low-resolution versions of a moving image while recording still images at higher resolutions. The cases were filed in U.S. District Court in Rochester, N.Y., as well as the U.S. ITC.
On Apr 2010 Apple argues that some Kodak still and video camera products violate two of its patents
On Jul 2011: While Kodak’s claim is pending, the commission rules on Apple’s complaint and says Kodak’s digital-camera technology doesn’t violate Apple’s patents.
Oct 6 2010: Motorola sued Apple for patent infringement in three separate complaints; in district courts in Illinois and Florida and a separate complaint filed with the U.S. International Trade Commission. The suits covered 18 different patents, infiringed by Apple’s iPhone, iPad, iPod touch, and certain Mac computers.
The Motorola patents include wireless communication technologies, such as WCDMA (3G), GPRS, 802.11 and antenna design, and key smartphone technologies including wireless e-mail, proximity sensing, software application management, location-based services and multi-device synchronization.
Jan 12 2011: Microsoft has motioned for a summary judgment to block Apple from trademarking the phrase “app store,” as it filed with the U.S. Patent and Trademark Office (USPTO) on July 17, 2008.
Mar 30 2011: Microsoft filed a second objection to Apple’s enduring pursuit to trademark the phrase “app store hiring a linguist, Dr. Ronald Butters, to go head-to-head against Apple’s own hired linguist, Robert A. Leonard.
On Jul 1 2011 US ITC said Apple has violated two S3 Graphics Co. patents in its Mac OS X operating system, but not in the iOS platform. Although not directly related to Mobile, this ruling is meaningful since S3 has been acquired by HTC on Jul 6 2011 for $300 million in order to use their patents in the fight against Apple.
On Aug 16 2011 HTC filed a new lawsuit against Apple in Delaware’s US District Court, in an escalation of the legal battle between the two smartphone giants. HTC accused Apple to have infringed three of HTC’s patents through its sale of devices including iPads, iPods, iPhones and Macintosh computers.
Oct 1 2010: Microsoft sued Motorola for patent infringement relating to the company’s Android-based smartphones. Microsoft filed its complaint with the International Trade Commission and in a Washington state district court. At issue are nine patents that deal with, among others, sending and receiving e-mail, managing and syncing calendars and contacts, and managing a phone’s memory.
Patent dispute will begin from Aug 21 2011, the hearing procedure can take up to 10 days, the judgment procedure is expected to reach the final verdict point only in March 2012.
Nov 9 2010: Microsoft sued again Motorola for charging excessive royalties on network technology used in Microsoft’s Xbox game system.
|Feb 11 2011: a deal with the Devil, Microsoft and Nokia announce their plansto form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem.
Besides the alliances with Apple and RIM (see the corresponding cell), on May 12 2011 Microsoft has teamed up with HTC, Nokia and Sony Ericsson in Europe, filing a challenge seeking to invalidate Apple’s trademarks on the phrases “App Store” and “Appstore.”
Nov 11 2010: Motorola Mobility sued Microsoft with the U.S. District Courts for the Southern District of Florida and the Western District of Wisconsin alleging infringement of sixteen patents by Microsoft’s PC and Server software, Windows mobile software and Xbox products.
Motorola Mobility asked for the infringing devices to be barred from importation into the United States.
On Dec 21 2010, ITC has agreed to hear the complaint.
- 718,326 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2013 Cyber Attacks Timeline Master Index
- August 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics
- 1-15 February 2014 Cyber Attacks Timeline
- 2012 Cyber Attacks Statistics
- May I Be Arrested For Using LOIC?
- A (Graphical) World of Botnets and Cyber Attacks
- 2013 Cyber Attacks Statistics (Summary)
- 2012 Cyber Attacks Timeline Master Index
- Web Security For Advanced Malware And Persistent Threats info.lastline.com/blog/web-secur… - 2 days ago
- @lazy_daemon @malm0u53 @unibirmingham @lastlineinc You can find it in the project main page together with the report: c2report.org - 2 days ago
- An Interesting #infographic from the same project promoted by @unibirmingham in collaboration with @lastlineinc http://t.co/OlrisuUkNZ - 2 days ago
- Command & Control, Understanding, Denying and Detecting: c2report.org/report.pdf - 3 days ago
- RT @lastlineinc: The New Age Of The Security Startup - @TechCrunch article featuring Lastline: hub.am/1dnTBGu http://t.co/9oOZUVgMH9 - 4 days ago
- 1-15 February 2014 Cyber Attacks Timeline wp.me/p14J6X-2xl - 6 days ago
- RT @lastlineinc: @RSAConference is far from over. Come meet our team at booth 2537 to talk everything security! http://t.co/mQNB8cbQtw - 1 week ago
- @lastlineinc named Best Security Startup at the Annual Info Security 2014 Global Excellence Industry Awards info.lastline.com/blog/lastline-… - 1 week ago
- RT @lastlineinc: Kicking off @RSAConference with 5 wins, including Best New Security Start-Up @infosecuritypg Excellence Awards: http://t.c… - 1 week ago
- @lastlineinc announces Interoperability with @hpsecurity TippingPoint lastline.com/company/press-… - 1 week ago