A security expert has claimed that there is a secret key logging application installed in millions of Android, Nokia and Blackberry smartphone.
Trevor Eckhart, a systems administrator, has released a report in which he claimed that Carrier IQ, which makes performance monitoring software for phone makers and wireless carriers, secretly installed a logging software on millions of smartphones, dubbing it as a ‘root kit' reports Wired.
Carrier IQ did not take this lightly and slapped a seize and desist letter on Eckhart, threatening legal action if he did not take his report back and apologise publicly. It was after the Electronic Frontier Foundation showed interest in the matter that Carrier IQ took its words back and apologised to the researcher.
Eckhart claims that Carrier IQ's software is installed deep within smartphones, so deep that it does not even show up on the list of running apps on the phone.
When he connected his smartphone to the PC and did some snooping of his own, he discovered the software, IQRD, which was logging all the keystrokes he made on the device, including those done with an on-screen keypad. The rootkit is also capable of logging web searches and users' web activities.
"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code. This is only possible for a user with advanced skills and a fully unlocked device. Even where a device is out of contract, there is no off switch to stop the application from gathering data." Eckhart said.
Carrier IQ has said in a post [PDF] on its website that it collects only "operational information" from the handsets for its carrier customers.