l*******s 发帖数: 26303 | 1 【 以下文字转载自 PDA 讨论区 】
发信人: digitalboy (数字男孩), 信区: PDA
标 题: 安猪手机被全面监控
发信站: BBS 未名空间站 (Wed Nov 30 13:29:27 2011, 美东)
All keypresses, SMS messages and even https communications are tracked and
sent up to servers that are run either by carriers or a Mt View company
called Carrier IQ!!!
http://www.forbes.com/sites/timworstall/2011/11/30/carrier-iq-t
http://www.wired.com/threatlevel/2011/11/secret-software-loggin
Carrier IQ: The Rootkit Keylogger on Most US Smartphones
But not it appears on Apple‘s iPhones.
Carrier IQ is a piece of software which certain US cellphone networks (
Sprint for example) load onto their contract phones before they are released
to consumers. The basic stated idea is quite simple: if there are problems
then the software generates logs which the network can then analyse to see
what the problems are.
However, this seems to have the rather undesirable side effect of working as
a keylogger for everything that the consumer does with the phone:
“An Android app developer has published what he says is conclusive proof
that millions of smartphones are secretly monitoring the key presses,
geographic locations, and received messages of its users.
In a YouTube video posted on Monday, Trevor Eckhart showed how software from
a Silicon Valley company known as Carrier IQ recorded in real time the keys
he pressed into a stock EVO handset, which he had reset to factory settings
just prior to the demonstration. Using a packet sniffer while his device
was in airplane mode, he demonstrated how each numeric tap and every
received text message is logged by the software.
There are several different ways of looking at this and the comments
sections of the various places where the story has been repeated over the
past few weeks contain their fair share of all of them.
One is that it’s simply a handy diagnostic tool and therefore so what? I
think that’s a slightly difficult position to maintain given that what the
software records and then transmits to the network makes it almost certainly
illegal under EU data protection and privacy laws (please note, it’s only
been seen on US phones so far and not on anything from Apple. But it has
been seen on Nokias, Blackberries from RIM and various devices running
Google‘s Android).
At the other end there are the security implications (not to say the damned
impertinence) of a network having access to absolutely everything that you
do with your smartphone. Absolutely everything, from search habits through
website visits to the text of any messages.
But to be honest I think the part that worries me the most is, well, how
hard is it to hack into this? To access that information if you’re not in
fact the network? If it is possible to access this information (and I’d be
absolutely astonished if it were not) then this means that absolutely every
smartphone running it is vulnerable, to put it mildly, to data theft.
For yes, if you online bank from your phone then the application will be
logging that data, pins, ID codes and all.
That’s really not something you want, is it? An application sitting on your
phone that records all of these things specifically and exactly so as to
broadcast them to someone else?
I have a feeling that we’ve not heard the last of this little story. | l*******s 发帖数: 26303 | | X***y 发帖数: 3947 | 3 谢谢。
【在 l*******s 的大作中提到】 : 后继报道发现iphone也难逃魔掌
|
|