Carrier IQ bug did allow some SMS recording

Carrier IQ, the mobile analytics company that has lately been in the midst of a battle to prove that their CarrierIQ software didn’t log private information, has admitted that in certain circumstances the software had, indeed, recorded some text messages – but in encoded form.

This exception was discovered last week, and is brought about by a bug in a diagnostic profile to measure radio-network-to-mobile device signaling.

“Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent. These messages were encoded and embedded in layer 3 signaling traffic and are not human readable,” it said, and added that the company does not decode or process these messages.

“For Network Operators to view the specific content of SMS messages, Carrier IQ would need to write additional software, which has never been done,” the company claims, adding that the software also cannot read or copy the content of a website, and cannot capture keystrokes.

The claims in the report should still be verified by independent experts, even though a US senator has asked the company for answers regarding the legality of their operation.

Given the fact that the FBI refused to hand over any “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” because it might interfere with an ongoing investigation, there is always the possibility that the US government or some of its agencies might not be adverse to making this whole incident blow over as soon as possible and (keep?) using the software for their own purposes.




Share this