The video didn't show any evidence of data being transferred off of the phone, besides being logged to the USB logger.
Is it possible that this is simply a tool to allow for USB debugging of the UI? Otherwise, are there details (how often, what) is getting sent back to the carriers or to this company?
That was my question after watching the video as well... I was surprised he didn't try doing a tcpdump or something to see what (if anything) was actually being transmitted off the phone with each of those debug messages, though I don't know if that's possible to do without rooting it. Maybe it would be possible to get the Carrier IQ apps running on a rooted device to test this?
You don't need to do tcpdump on the device itself, associating it with your wifi access point and running tcpdump there filtering on client ip would yield the same result.
I'm surprised he didn't do that too, would love to try it myself, can't for a week or so though, someone will have done it by then.
Hah, that's a better idea. Unless it only transfers the data through a cell data connection (I don't really see any good reason why that would be the case but it's a remote possibility).
It's not mentioned in the article but the whole reason this was picked up by the researcher is on that particular Sprint/HTC ROM, they left the debugging messages in the rootkit enabled by accident. I do wish he had at least shown the TCP/IP packets with the full sms content and the https google search query in plain text.
Is it possible that this is simply a tool to allow for USB debugging of the UI? Otherwise, are there details (how often, what) is getting sent back to the carriers or to this company?