Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev

Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev By David Kravets  11,22, 11
Carrier IQ data-logging software company wants to harrass developer’s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to  remove the company’s training manuals from his website.

Though the software is installed on millions of Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent.
Eckhart called the software a “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge in order to secretly intercept the device’s workings. Malware such as keyloggers and trojans are two examples.
When Carrier IQ discovered Eckhart’s recent research and his posting of those manuals, Carrier IQ sent him a cease-and-desist notice, saying Eckhart was in breach of copyright law and could face damages of as much as $150,000, the maximum allowed under U.S. copyright law per violation. The company removed the manuals from its own website, as well.
The company is demanding Eckhart retract (.pdf) his “rootkit” characterization of the software, which is employed by most major carriers, Eckhart said.The EFF says Eckhart’s posting of the files is protected by fair use under the Copyright Act for criticism, commentary, news reporting and research, and that all of Carrier IQ’s claims and demands are “baseless.” (.pdf)
roadmap for how Carrier IQ works
Andrew Coward, Carrier IQ’s marketing manager, said in a telephone interview Tuesday that the company, not Eckhart, should be in “control” of the manuals.
Marcia Hofmann, an EFF senior staff attorney, said the civil rights group has concluded that “Carrier IQ’s real goal is to suppress Eckhart’s research and prevent others from verifying his findings.”
In a Monday letter to Carrier IQ, Hofmann said Eckhart’s speech was protected by the First Amendment.
What’s more, the company is demanding that Eckhart inform Carrier IQ of the names of
Among other things, Carrier IQ insists that Eckhart retract his “root kit” characterization of the unremovable software, and other statements, by issuing a press release to The Associated Press.
Detecting Kernal Rootkits
How Sony BMG lost its mind and rootkitted its CDs
PC Magazine describes a rootkit
A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have “root” access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder).
Legitimate Rootkits?
Rootkits can also be used for what some vendors consider valid purposes. For example, if digital rights management (DRM) software is installed and kept hidden, it can control the use of licensed, copyrighted material and also prevent the user from removing the hidden enforcement program. However, such usage is no more welcomed than a rootkit that does damage or allows spyware to thrive without detection.
In 2005, Sony came under fire for installing a rootkit on music CDs. Security expert Bruce Schneier wrote then that “The Sony code modifies Windows so you can’t tell it’s there, a process called ‘cloaking’ in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can’t be removed; trying to get rid of it damages Windows.”
The U.S. Department of Justice
10th & Constitution Ave., NW
Criminal Division,
(Computer Crime & Intellectual Property Section)
John C. Keeney Building, Suite 600
Washington, DC 20530
Main (202) 514-1026  *  Fax  (202) 514-6113
Media Inquiries: Office of Public Affairs * (202) 514-2007
Company Name: US Dept of Justice.
Location: Maryland, USA –
NetName: USDOJ
NetHandle: NET-149-101-0-0-1
Parent: NET-149-0-0-0-0
NetType: Direct Assignment
NameServer: NS22.USDOJ.GOV
RegDate: 1994-12-02
Updated: 2002-06-05
RTechHandle: ZU85-ARIN
RTechName: U.S. Department of Justice
RTechPhone: +1-202-307-6846

3 thoughts on “Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev”

  1. My brother suggested I would possibly like this blog. He was once entirely right. This post actually made my day. You can not consider simply how much time I had spent for this info! Thanks!

  2. Very great post. I simply stumbled upon your blog and wished to mention that I have truly loved surfing around your blog posts. After all I will be subscribing in your feed and I’m hoping you write again soon!

Leave a Reply

Your email address will not be published. Required fields are marked *