

The Rootkit Of All Evil – CIQ - maqr
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/

======
JonnieCache
Ah, and just as I read this, I find that cyanogenmod for the galaxy s has
recently become stable. I now have a hot date with an exploitable bootloader.

I've been running some sort of dodgy leaked nightly build from samsung that
doesn't have any carrier shite on it since I got the thing, so maybe it hasn't
been there all along. Either way it's high time for some new firmware.

As others have said here, you can remove this stuff all you want, all you're
doing is shutting off the simplistic application layer backdoors. There is
absolutely nothing you can do about the backdoors built into the baseband
firmware itself, which is what law enforcement agencies use.

Well, absolutely nothing except flashing your own open source baseband
firmware from the fine folks at the OsmocomBB project. Unfortunately that
project only targets a very small set of simple featurephones, which won't do
much to excite HN types. What may whet your appetite however, is the
possibility to inject arbitrary packets straight into the GSM network! The
possibilites for fun, learning, and prison time are endless.

<http://bb.osmocom.org/trac/>

<http://www.youtube.com/watch?v=_0LCgxe24Po> [27C3: Running your own GSM stack
on a phone]

~~~
ajross
You don't need an exploit to install ROMs on Galaxy S variants (and in general
most/all Samsung smartphones). The first stage bootloader supports partition
rewrite over USB using a leaked "Odin" tool (or the open source "Heimdall"
tool built through reverse engineering).

~~~
JonnieCache
I used to use the Odin thing, but it makes me nervous. Heimdall doubly so.
There's now that "ROM Manager" app in the market, which manages to flash
firmware starting from userspace. I haven't looked into how it works, but I
assume there's an exploit involved somewhere.

~~~
wx77
I believe ROM manager works after you have successfully gained root on your
device and not before. It may have changed since I no longer have an android
phone but when I had my droid the process was install a rooted version of your
current OS then you upgrade from there. ROM Manager just made the installing
other OS's and extras and keeping cyanogenmod up to date easier.

------
blub
Where is the proof that this software is installed onto phones other than
Android? I would like to know what made them say that it's installed on Nokias
for instance...

Also, is this something that is US-only?

------
JoachimSchipper
You Americans need some privacy laws. Badly. (Yes, the EU has issues. But the
privacy stuff is a step in the right direction.)

~~~
shareme
are we sure yet that EU carriers are not also using this?

~~~
wladimir
It probably differs between carriers, but here in the Netherlands it's not
very common for Android phones to be customized by the carrier. At least my
phone (Samsung Galaxy S2) was not changed in any way.

Though if you're paranoid it's probably best to buy a simlock-free phone
instead of choose from the carrier. It can even be cheaper overall if you take
a sim-only carrier subscription.

------
martingordon
Is CIQ put on phones at the behest of manufacturers or carriers?

Is the data sent by CIQ charged to the user?

Regardless of the answers, this is bad, bad stuff. Given where we are with
something as basic as SOPA, I doubt we'll ever see anything done to protect
consumers against this type of privacy invasion.

------
JoshTriplett
Yet another reason to never buy a phone from a carrier, or a phone running a
proprietary OS.

~~~
throwaway64
there is not a phone on the market that does not have a locked down and 100%
proprietary baseband firmware (basically the part of the phone that does the
actual celltower signalling/interactions).

<http://en.wikipedia.org/wiki/Baseband_processor>

There is strong indications this is used to essentially pre-empt/backdoor the
main OS for monitoring and surveylance purposes, and many models suffer from
serious security weaknesses.

[http://www.zdnet.com/news/fbi-taps-cell-phone-mic-as-
eavesdr...](http://www.zdnet.com/news/fbi-taps-cell-phone-mic-as-
eavesdropping-tool/150467)

[http://en.wikipedia.org/wiki/Covert_listening_device#Remotel...](http://en.wikipedia.org/wiki/Covert_listening_device#Remotely_activated_mobile_phone_microphones)

[http://threatpost.com/en_us/blogs/mobile-attacks-reign-
black...](http://threatpost.com/en_us/blogs/mobile-attacks-reign-black-hat-
dc-012011)

~~~
JoshTriplett
Currently in the process of getting fixed. For general efforts in this area
for the entire family of GSM technologies, see <http://osmocom.org/> ; for the
specific project to produce Open Source GSM baseband firmware, see
<http://bb.osmocom.org/> .

------
16s
This is why corporations _give_ smart phones away at no cost. People pay for
the phone many times over by giving away most all of their data and privacy to
the corporation that gave them the phone. Most people just don't realize this.

~~~
nickand
And here I thought it was the guaranteed monthly payments for 2 years at over
100 dollars a month well after the phone's values is gone.

------
rvenugopal
I don't see reasons for such dramatic headlines.

Isn't this similar to your syslog (on linux atleast)?

There is no indication that this logging is being used for anything but
debugging purposes in case of failure or crash.

~~~
jgeorge
syslog never leaves your local system unless you specifically do something
with it.

This data is collected and sent off-device without your consent or knowledge.

Also syslog collects information on events, not specific keystrokes or
commands issued and so on.

