An American researcher in computer security discovered on his phone a tool to trace the communications, the sending of messages and the pages visited.
• The discovery. An American researcher in computer security, Trevor Eckhart, found on HTC's smartphone a hidden agenda, Carrier IQ. In a blog post published in mid-November and then in a video posted Monday (and for more than a million times since), he showed how this software could save all the text entered on the keyboard, the keys pressed, the addresses of websites visited, dialed and content of the SMS received. And transfer them to remote servers, without his knowledge.
• Where does this Carrier IQ? Trevor Carrier IQ Eckhart accused of being a "cookie" spyware. The company which develops and has the same name describes it as an "analytical tool". Carrier IQ is designed to telecom operators. It allows them to measure the reliability of their services, giving them a range of information on the uses of their customers. Problem: The tool detected by Trevor Eckhart is deployed without the user ever being aware. It touches on sensitive data and can not simply be turned off.
• Which phones are affected? On its website, Carrier IQ boasts over 140 million installations of its software in the world. These are the operators that require installation, it defends itself. Two of them in the U.S., AT & T and Sprint have agreed to use Carrier IQ. In Europe, all operators who have spoken so far, including Orange and SFR in France, said they did not install Carrier IQ on smartphones.
Terminal side, the "informer" was notably implemented on HTC and Samsung smartphones, running on Android and sold in the United States. A program of Carrier IQ has also been embedded in a light version and must be manually activated on most iPhone before updating iOS 5 in October, Apple acknowledged. Research In Motion, however, said he was not authorized on his BlackBerry. Microsoft and Nokia they do not resorted. On Android, an application can check if their phone is affected.
• What happens to this information? In a statement released Thursday, Carrier IQ has sought to downplay the significance of the data. "Our software only records, stores and transmits content of any SMS, emails, photographs, audio and video," he said. The observation of the keyboard would only serve to identify key combinations in conversations with customer service. As for the data collected, they would be sent to operators in encrypted form and usually deleted after thirty days.
These explanations, however, did not reassure all libertarians on the Internet. Trevor Eckhart has shown that the transfers were not so protected, which could pave the way for espionage by other sources. In addition, the software can actually save the text entered on the keyboard. In short, there are still many gray areas surrounding this program.
• What will be the action taken on these findings? A U.S. senator, Democrat Al Franken, asked Thursday explanations Carrier IQ society. Also in the United States, an action group has been launched against Samsung and HTC for concealment. At the same time, a German regulator wants Apple decides again on the subject. When contacted, the National Commission on Informatics and Liberties (CNIL) had not yet responded Friday night.
Aucun commentaire:
Enregistrer un commentaire