1 2 Previous Next 18 Replies Latest reply: Dec 13, 2011 7:21 PM by retiredleo RSS

    How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

      How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

       

      I have detected its presence and know for a fact it is currently logging call, location, and keystroke data on my phone.

       

      I don't want this application on my device!

        • 1. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
          panzer06

          How do you know it's there (other than T-Mobile acknowledging they use it) and what proof do you have they are collecting such data?

           

          Cheers,

          • 2. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
            philyew

            The simple answer is you can only do it by rooting your phone and following the online advice for either installing an uncompromised custom ROM, or deleting the offending files.

             

            I would be interested to know how you can tell "for a fact" that it is logging your keystrokes...

            • 3. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

              First of all, it is highly amusing to have you ask me how I know it is there while at the same time acknowledging that Tmobile has admitted to using it. You answered your own question my friend! TMobile has said as much!

               

              Beyond that, there are commonly available applications that can detect the program such as Lookout Carrier IQ Detector.

               

              The same person that produced that application produced this video. http://www.youtube.com/watch?v=T17XQI_AYNo. If you follow the same steps as in this video you can see for yourself what Carrier IQ does. It includes logging every key you press including the numbers you dial, your text messages, and even URLs visited over an encrypted connection like https. Whether or not and to what degree TMobile is collecting this data is irrelevant to me and impossible to know.

               

              Please, don't bother replying if you are just trying to shill for (or even worse an employee of) Tmobile trying to cover up this fiasco. The truth has gotten out.

              • 4. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
                panzer06

                Just because T-Mobile issued a blanket statement does not mean you or anyone else has determine it is installed on your particular device. Also, detecting the application's presense alone does not prove it is capturing the debug log info displayed on the HTC handset in the video.  Until someone conclusiving proves the same result is possible on every phone this is loaded on I will not beleive it is an issue on any device other than that one HTC device. 

                 

                One video using an HTC device does not represent conclusive evidence of a problem across all carriers and platforms as this software is customizable on a carrier by carrier basis.  AT&T, Sprint & T-Mobile all are looking as how this software is working on their networks and devices.  Until that testing is complete and they come up with a plan to remove or modify the program you have no choice but to root and potentially open yourself up to greater theats and warranty/support issues or move to Verizon where the software in question does not exist. 

                 

                Cheers,

                • 6. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

                  SO according to panzer06, Taking into account that TMobile has openly admitted to using this rootkit as cptcrackers kindly pointed out above; and even though Tmobile offers business customers the ability to opt-out (implying there is something to opt-out of); and even though the rootkit has been detected on my phone by what is essentially anti-virus software; and even though security researchers have investigated the rootkit's function and publicly documented their work; and even though there are now multiple lawsuits over this rootkit working their way through various courts,  it is too early to say whether this rootkit exists, let alone whether it exists on any particular device.

                   

                  Why am I not convinced by your argument?

                   

                  The fact is, it is there and whether or not they are capturing any particular part of the data the rootkit is logging is irrelevant. Rooting the device is not an option due to the penalities you incur doing so. TMobile chose to integrate this rootkit into their product for some percieved marginal benefit to their network without informing us as customers. TMobile needs to rethink the value of this rootkit now that it's internal operations are public knowledge and offer an opt-out or removal option to all affected users immediately.

                  • 7. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
                    philyew

                    If CIQ is as bad as is suggested, I want it off devices just as much as you, but I watched the video and the problem that I have is that, apart from showing how he enters USB debugging mode, we don't see any detail of how he sets up to do the real-time display of the log file. In fact, he discretely blocks the view of everything at the critical moment when the monitoring is kicked off, on the grounds that he doesn't want private data to be broadcast. Fair enough, but the result is that we don't see how he does this, what that log file is or where it is located.

                     

                    Considering his phone is supposed to be unrooted, I'm amazed that he can see anything that is so revealing and I am wondering how anyone could emulate what he is doing based purely on watching the video, as you recommend?

                     

                    Fortunately (or unfortunately, depending on whether curiosity is a stronger instinct than the desire for privacy), I run a rooted device with a custom ROM which is clean. Thus I couldn't explore this any further if I wanted to, but I would like to see this investigative process being just as transparent as the behavior we would expect from our carriers, and right now it doesn't appear to be so.

                    • 8. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
                      panzer06

                      While I don't want this software on my device any more than you I'm not convinced it is the major threat people make it out to be.

                       

                      I also don't see how someone posting "get this off my phone" on the carrier website will make it so. You either must root, wait or move to Verizon.

                       

                       

                       

                      • 9. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

                        panzer06 wrote:

                         

                        While I don't want this software on my device any more than you I'm not convinced it is the major threat people make it out to be.

                         

                        I also don't see how someone posting "get this off my phone" on the carrier website will make it so. You either must root, wait or move to Verizon.

                         

                         

                         

                        What about your friends, your family, your business associates...?  Did they agree to have their data somehow monitored, and if not monitored, at least accessible, to those unknown?

                         

                        I don't see a nefarious plot to steal my passwords, but my clients didn't agree to allow T-Mo, in whatever capacity, to have access to privileged communication.  This is a major issue for those using the phone for buiness.

                        • 10. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
                          panzer06

                          The point I'm trying to make is that no one has conclusively proved that anyone's privacy has been violated.  That video, while suspicious does not reflect how every phone and version of Android is configured to use Carrier IQ. No independent lab has come out to say any private information has been transmitted or stored.  Showing a single HTC phone (which no one can independantly confirm was setup in the default factory manner) using debug logging to demostrate a potential problem does not make it an actual problem that exists across all phones and carriers where the product is installed. 

                           

                          Additionally, unless all my family, friends and business co-workers and clients are on the Verizon network or some other foriegn carrier that does not use Carrier IQ their phones already have the software loaded and whatever it does on my T-Mobile handset it may potentially do on theirs.  Unless we all move to Verizon to immediately resolve this issue we're all in it together until the full impact of this issue is determined and a comprehensive remediation plan is announced and implemented.

                           

                          I'm just saying creating a million new threads demanding something any reasonable person should know won't happen is a pointless exercise that serves no purpose.

                           

                          Cheers,

                          • 11. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

                            I didn't watch the video.

                             

                            If your friends, family, and clients send you an email with privileged information, that has nothing to do with Verizon, Sprint, or AT&T.  I wasn't (EDIT:  wasn't) talking about phone-to-phone communications.  If I use my phone for business, and use the default email app or Touchdown for exhange mail, and a customer or client sends me an email, I can assure you they don't want anyone to have access to it.

                             

                            I would say the original author of the investigation and report is as independent as you can get.  Who do you want to investigate this?

                             

                            Again I say while I don't believe there is anything nefarious going on, but in the industry in which I work, it could be considered a breach of privilege and confidentiality to access client email from my Android device, especially now that this has been brought to light.

                             

                            I am a fan of T-Mo, of their support, these devices, and Android.  I am not a fan of surreptitious software, whatever its intended purpose, being able to capture information without my knowledge. 

                             

                            If this issue doesn't worry you, go ahead and post your email address, password, banking info and passwords right here in this forum.  I promise you I won't capture it, but I have no idea about the hundreds or thousands of others who might see your information.

                            • 12. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?
                              panzer06

                              carrucan_of_kurrajong wrote:

                               

                               

                              If your friends, family, and clients send you an email with privileged information, that has nothing to do with Verizon, Sprint, or AT&T.  I was talking about phone-to-phone communications.  If I use my phone for business, and use the default email app or Touchdown for exhange mail, and a customer or client sends me an email, I can assure you they don't want anyone to have access to it.

                               

                               

                               

                              I am also talking about phone to phone communications.  Since AT&T, T-Mobile & Sprint use Carrier IQ any privacy issue that may exist could exist with any communication utilizing handset from these carriers.

                               

                              I do agree that if this problem is real and private commications are not secure on these carriers and a client, friend or family member sends or receives a message from any of the above carriers (NOT Verizon since they do NOT use Carrier IQ) from a PC or Mac then the assumption of privacy held while using the computer would be made moot by communicating with a handset on any of the three affected carriers. 

                               

                              Either way, the problem will be resolved, everyone will be notified and if people can't wait they will need to use an older handset w/o the offending code or change carriers. 

                               

                              Now that the concern over this issue is widely disseminated, creating a post here or on AT&T's or Sprint's support websites or berating customer support reps who can do nothing to resolve this perceived issue serves no real purpose and accomplishes nothing.

                               

                              Cheers,

                              • 13. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

                                I edited my response...I meant I wasn't talking about phone-to-phone communications.

                                 

                                I agree that these posts berating T-Mo and support are not warranted in this forum. 

                                • 14. Re: How can I remove the Carrier IQ rootkit from my Samsung Galaxy S II device?

                                  This issue definitely warrants berating "T-Mo" because they need to hear from their customers about this.

                                   

                                  Do you really think that people should just sit down and be quiet? They aren't going to fix a problem they intentionally created if they aren't forced to by public opinion.

                                   

                                  Just because some support operator can't flip a switch and make it so does not make it futile to talk about whats going on. This post does serve a valid purpose.

                                   

                                  Trying to dismiss people for bringing up a real "T-Mo" issue on the "T-Mo" support forum is just silly.

                                  1 2 Previous Next