Security on Mobiles: Dirty tricks on both sides of the pond
By David Pledger Associate, Full House Hotel Software | January 22, 2012
July 2011: The Guardian newspaper reveals that murdered school girl Millie Dowler's mobile phone had been hacked by journalists. Result? International uproar. It was the moment that carried emotional weight for many people and changed the tenor of public opinion in Great Britain with regard to phone hacking. For three years prior to this celebrities had been claiming that their mobile phones had been tampered with and text and email messages intercepted but no one paid them much heed. In fact, a private detective and a royal reporter had already been sent to prison for attempting to intercept the royal family's emails but this was considered uninteresting and generally ignored by the public.
The crass, indefensible and insensitive behaviour of journalists hacking Millie Dowler's phone and the pain that caused her parents touched a nerve which opened the floodgates of public opinion. Matters became so serious and evidence of phone hacking so widespread that the government ordered an enquiry led by the UK's most senior judge, Lord Leveson and they are now hearing evidence which becomes more damming by the day. Management and journalists on Britain's most popular and long established newspaper, the News of the World, were central to the scandal and closure of the paper was forced on its owners, News International, by the weight of public opinion against it. It now seems likely that in excess of 10,000 phones were hacked but we may never know the real number.
Dec 2011: A lone developer discovers a secret program built into over 150 million smart phones. The programme, IQ Agent, is a key ingredient of Carrier IQ's data collection activity. "This agent collects data from a user's handset once per day and synthesizes these metrics into user profiles." said a spokesman. In fact we now know IQ Agent does much more. It exists in phones in three parts, the app itself, a configuration file and a database -- where all your keystrokes, SMS, email headers and coded metrics are logged, without your permission, before being sent to the company, in real time if required.
Carrier IQ also claimed it only installed the programme at the insistence of US network carriers. These same networks have been at best ambiguous in their response to these claims. What is absolutely clear is that end users were not aware that much of what they do on their mobile phone is not private nor were they asked if they agreed to the practice of logging their information. Not surprisingly all this is now under investigation by various US authorities, including the FBI. It is extremely unlikely that this practise is limited to the US and has been brought to the attention of the Leveson Enquiry in the UK. You can check if your phone has this device installed here.
The two incidents cited here have some common aspects. They have both come to widespread public attention recently but both have roots going back years. Carrier IQ has been in this field since 2005.Their programmes became steadily more "useful" as mobile phone technology evolved. In 2002 the Motorman Enquiry identified widespread illegal gathering of personal information in the UK but the report was subsequently suppressed. Fortunately a copy of the data used to compile the evidence has surfaced and been submitted to the Leveson Enquiry.