§. SecDroid – Pour sécuriser encore un petit peu plus votre téléphone Android. D'après l'auteur de SecDroid, cette application permet de sécuriser son téléphone Android en verrouillant la couche TCP et ainsi esquiver certaines attaques MITM (Man-In-The-Middle), DDOS et le spoofing.
Un rootkit dans nos téléphones Android – C’est la fêêêête ! Au fond des couches basse de nos téléphones Android (Sur les version OEM des Samsung, HTC et probablement d'autres comme RIM et Nokia) se cache un soft développé par la société CarrierIQ, qui permet de remonter à l'insu de notre plein grès tout un tas d'infos aux constructeurs.
Pratique pour détecter, reproduire et corriger les bugs, cet outil est quand même un peu sensible en ce qui concerne les données personnelles. En effet, d'après TrevE, un membre du célèbre forum XDA, ce soft qu'on peut sans avoir peur, qualifier de rootkit est capable de logger ce que vous tapez au clavier, à qui vous écrivez des SMS ou passez des appels, quelles applications vous avez lancé, le status du réseau sur lequel vous êtes connecté, la géolocalisation du terminal, si l'écran est allumé ou pas...etc Brrrr, pas cool. Alors bien sûr, TrevE a publié un article sur son blog, histoire d'expliquer le problème. Normal quoi... Dingue ! Comment vont se justifier les constructeurs qui ont intégré ce truc ? [Source] Android Security Test.
This information is written to the best of my knowledge using publicly available resources.
No security was bypassed to obtain anything marked confidential, and Carrier IQ made no effort to protect said documents.You can take the Carrier IQ training yourself here – have made a mirror of all materials referenced here for download for the sole purpose of allowing others to understand and verify my security research on Carrier IQ. – Carrier IQ (CIQ) sells rootkit software included on many US handsets sold on Sprint, Verizon and more. Devices supported include android phones, Blackberries, Nokias, Tablet devices and more.
From carrieriq.com: Carrier IQ is the market leader in Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users. From Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality. Great! Data collection associated with components and services of a wireless communication network. Abstract: Systems, apparatus, and methods for transmitting a data collection profile from a server in connection with a telecommunications network that includes multiple devices.
The data collection profile controls which devices should collect data, the condition under which certain data is desired, and when the data is to be returned. The data collection profile is provided to devices which collect data in accordance with the data collection profile. Finally, the collected data is received by a service platform for further processing. Claims: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Carrier IQ retracts cease-and-desist, claims they don’t track Android users. An update from the whole XDA developer blowup yesterday, data-collection company Carrier IQ has apparently retracted their cease-and-desist letter as well publicized an apology to the security researcher and XDA developer Trevor Eckhart after he published his findings and details of a number of Android phones (the majority being Sprint’s) shipped with a nearly undetectable piece of software built by Carrier IQ that could evidently monitor every move from user keystrokes, to which mobile apps were downloaded and installed.
Even though Carrier IQ says that the letter was "misguided" and that it's "deeply sorry", the company still maintains that it was being misrepresented, and that it doesn't monitor user data, capture keystrokes, or provide tracking information on a number of Android phones. From the Carrier IQ press release: As, of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. [via The Verge] Carrier-IQ Tries To Sue TrevE. Ok, gloves are off.
If what CIQ wanted was a media storm, they got one. Yes, this is not my standard article where I try to start it up with a bit of a warm up to some regular story. This is a rather serious issue and one that will likely need your full support for your fellow community member and dev, XDA Recognized Developer TrevE. So, this is a petition to all of our readers, members, and followers to completely and absolutely blow this out of proportion. Retweet, cross post in social sites (reddit, digg, 4chan, slashdot, etc), post in your Facebook accounts. This goes beyond just a matter of online security and issues with a piece of software that collects our data.
A few days ago, it seems that TrevE received a Cease and Desist letter from CIQ after the maelstrom that was caused by his findings which I spoke about in my previous article. The web exploded with comments and cross posts about this in a matter of a few days. Want even more? If (! Return SDIO_MAX_CHANNELS; } Carrier IQ retracts cease-and-desist, claims they don’t track Android users.