SecDroid – Pour sécuriser encore un petit peu plus votre téléphone Android Bonjour et bienvenue ! Si vous aimez cet article, n'hésitez pas à vous abonner au site via son flux RSS suivre Korben.info.
Un rootkit dans nos téléphones Android – C’est la fêêêête ! Au fond des couches basse de nos téléphones Android (Sur les version OEM des Samsung, HTC et probablement d'autres comme RIM et Nokia) se cache un soft développé par la société CarrierIQ, qui permet de remonter à l'insu de notre plein grès tout un tas d'infos aux constructeurs. Pratique pour détecter, reproduire et corriger les bugs, cet outil est quand même un peu sensible en ce qui concerne les données personnelles. En effet, d'après TrevE, un membre du célèbre forum XDA, ce soft qu'on peut sans avoir peur, qualifier de rootkit est capable de logger ce que vous tapez au clavier, à qui vous écrivez des SMS ou passez des appels, quelles applications vous avez lancé, le status du réseau sur lequel vous êtes connecté, la géolocalisation du terminal, si l'écran est allumé ou pas...etc
This information is written to the best of my knowledge using publicly available resources. No security was bypassed to obtain anything marked confidential, and Carrier IQ made no effort to protect said documents.You can take the Carrier IQ training yourself here – https://dis1.water.carrieriq.com/dis/training.jspI have made a mirror of all materials referenced here for download for the sole purpose of allowing others to understand and verify my security research on Carrier IQ.http://www.androidfilehost.com/main/.TrevE/CIQ/mirror1 – http://www.multiupload.com/BAAKNNSM3J Carrier IQ (CIQ) sells rootkit software included on many US handsets sold on Sprint, Verizon and more. Devices supported include android phones, Blackberries, Nokias, Tablet devices and more. CarrierIQ | Android Security Test
Abstract: Systems, apparatus, and methods for transmitting a data collection profile from a server in connection with a telecommunications network that includes multiple devices. The data collection profile controls which devices should collect data, the condition under which certain data is desired, and when the data is to be returned. The data collection profile is provided to devices which collect data in accordance with the data collection profile. Finally, the collected data is received by a service platform for further processing. Claims: Data collection associated with components and services of a wireless communication network - Patent application
An update from the whole XDA developer blowup yesterday, data-collection company Carrier IQ has apparently retracted their cease-and-desist letter as well publicized an apology to the security researcher and XDA developer Trevor Eckhart after he published his findings and details of a number of Android phones (the majority being Sprint’s) shipped with a nearly undetectable piece of software built by Carrier IQ that could evidently monitor every move from user keystrokes, to which mobile apps were downloaded and installed. Even though Carrier IQ says that the letter was "misguided" and that it's "deeply sorry", the company still maintains that it was being misrepresented, and that it doesn't monitor user data, capture keystrokes, or provide tracking information on a number of Android phones. Carrier IQ retracts cease-and-desist, claims they don’t track Android users
Carrier-IQ Tries To Sue TrevE Ok, gloves are off. If what CIQ wanted was a media storm, they got one. Yes, this is not my standard article where I try to start it up with a bit of a warm up to some regular story. This is a rather serious issue and one that will likely need your full support for your fellow community member and dev, XDA Recognized Developer TrevE. So, this is a petition to all of our readers, members, and followers to completely and absolutely blow this out of proportion. Retweet, cross post in social sites (reddit, digg, 4chan, slashdot, etc), post in your Facebook accounts.
Carrier IQ retracts cease-and-desist, claims they don’t track Android users