Anche io sarei interessato e mi piacerebbe coinvolgere anche le persone del jug
io sarei molto interessato...
On Tue, Dec 6, 2011 at 6:40 PM, Daniele Gobbetti <firstname.lastname@example.org> wrote:
> Bruno Cadonna <email@example.com> ha scritto:
>>Artikel dazu auf heise
>>On 12/6/11 11:33 AM, Pfeifer, Erwin wrote:
>>> I think it's worth readin' this.
>>> Taken from: http://www.wservernews.com/
>>> Your Smartphone -IS- Spying On You!
>>> There is a process installed on most recent smart phones called
>>> IQ. You cannot stop this process. It looks at what is happening on
>>> phone and sends every button you press to the IQ app. From there, the
>>> data — including the content of text messages — is sent to Carrier
>>> servers, in secret. I checked it out on my own HTC Android phone from
>>> Sprint and sure enough, it's there.
>>> It cannot be turned off without rooting the phone and then replacing
>>> whole OS. Moreover, even if you stop paying for service from your
>>> carrier and just use Wi-Fi, your phone still reports to Carrier IQ.
>>> Dang! Worse, if you use Google search, and type in a search term,
>>> is supposed to be https, so it should be encrypted. However, the
>>> IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.
>>> This particular software is installed on hundreds of millions of
>>> handsets, including modern BlackBerry and Nokia phones, and early
>>> versions of Apple's iOS, but no one knew about it until Android
>>> developer Trevor Eckhart analyzed how it works. Carrier IQ's software
>>> even running on every iOS version dating back to iOS 3, well-known
>>> iPhone hacker "Chpwn" said in a blog post. (Apple seem to have woken
>>> with iOS5 where you can turn off Diagnostics and Usage in Settings.)
>>> Link to Chpwn here: http://www.wservernews.com/go/1322990280328
>>> The software secretly logs pretty much anything that happens on a
>>> supposedly for the reason that carriers and phone manufacturers 'can
>>> quality control'. Yeah right, maybe so, but Carrier IQ can be served
>>> with subpoenas as well, and then all traffic is right there for Big
>>> Brother to be perused. Me no like. And think about compliance for a
>>> moment! This thing has a bunch of legal and ethical angles that the
>>> lawyers are just going to LOVE. I'm pretty sure the first class
>>> lawsuits are being filed are you read this.
>>> I would not be surprised if this will go all the way up to the
>>> Court, it is related to the the Fourth Amendment of the U.S.
>>> Constitution: "The right of the people to be secure in their persons,
>>> houses, papers, and effects, against unreasonable searches and
>>> shall not be violated, and no Warrants shall issue, but upon probable
>>> cause, supported by Oath or affirmation, and particularly describing
>>> place to be searched, and the persons or things to be seized."
>>> Wow, what a privacy and security hole, unbelievable. Below is the
>>> video where he clearly shows what is going on. Eckhart calls it a
>>> rootkit, but that is a bit much, though it clearly qualifies as a
>>> Backdoor Trojan in my book.
>>> Probably CIQ started out with the laudable idea to measure carrier
>>> handset performance. But that is where it went off the rails in a
>>> Using code that acts like a backdoor Trojan is totally the wrong way
>>> do that. I wonder if they heard of the Sony rootkit debacle of 2005?
>>> The carriers (and Carrier IQ) have access to Android source code, and
>>> apparently they do what they want with it, without Google being able
>>> object. Apple seems to have taken action, caused by user backlash.
>>> Google, I suggest you have a look into this... remember 'do no evil'?
>>> Ben Scott remarked: "A while ago some people said, "Glad I'm on
>>> Verizon!". Then the apparent Verizon reporting was discovered. Other
>>> people were saying, "Glad I don't use Android!". Then Symbian and RIM
>>> reporting was discovered. Other people said, "Hah hah! Apple would
>>> *never* let this happen!" Then the iOS reporting was discovered.
>>> appears to be a trend here." I wonder if the Carriers are in bed with
>>> the Feds,and that Law Enforcement is using this. Talk about privacy
>>> You can see the video where Eckhart demos what happens on Android.
>>> that I have anything to hide, but I'm going to root my phone now, or
>>> look for some app that rips out CIQ.
>>> Video on WIRED:
>>> Update: Looks like Eckhart -has- some code that checks for CIQ and
>>> disables it. Less time than rooting a phone. Start here:
> Questa di carrierIQ è davvero una brutta storia, che no fa che peggiorare col passare dei giorni.
> Vogliamo fare un piccolo workshop: "libera il tuo smarphone (android)" dove mostrare come si installa una versione free(compilata dai sorgenti) di android?
> Ci sarebbero persone interessate a partecipare?
> -- Inviato con un client di posta free ed open source