Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Carrier IQ Drops Threat of Legal Action Against Security Researcher

Carrier IQ, a provider of software that helps mobile carriers monitor handset performance, has backed off its threat to sue a security researcher for saying its software secretly tracked mobile phone users.

Carrier IQ, a provider of software that helps mobile carriers monitor handset performance, has backed off its threat to sue a security researcher for saying its software secretly tracked mobile phone users.

The situation began earlier this month, when researcher Trevor Eckhart published his findings online. According to Eckart, Carrier IQ’s software is a “rootkit” and collects data from mobile phones without the user’s knowledge. In response the company sent him a cease and desist letter that alleged copyright violations after he copied Carrier IQ training manuals and made them available online. The letter also demanded Eckhart retract his criticisms of the company.

Soon after receiving the letter, Eckhart contacted the Electronic Frontier Foundation (EFF) for assistance. The group responded to Carrier IQ with a letter of its own Nov. 21. In it, the EFF called the company’s claims “baseless.”

On Nov. 23, Carrier IQ changed its tune.

“We are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart, and in retrospect we realize that we would have been better served by reaching out to Mr. Eckhart to establish a dialogue in the first instance,” the company said in a letter to the EFF.

According to Eckhart’s findings, Carrier IQ’s software covertly monitors millions of U.S. handsets, and supports devices including BlackBerry, Android phones and more.

Carrier IQ says that its solutions deliver Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers.

Additional details are shown in the video below and more can be found on Eckhart’s blog.

Advertisement. Scroll to continue reading.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.