FWIW, I discussed this exact issue with my attorney some days ago, and while a discussion of the legality of this is beyond the scope of this missive, I can say what his responses were regarding a couple of MY biggest questions...And what might/should become important questions to others in any professional/technical field which has legal compliance requirements; in short:

1) "Would an attorney using (Insert Pre-Trojaned CIQ Phone Here), if discussing case/client/court details over it with (say), their client, another Officer of the Court, etcetera, be leaving themselves open to breakage of Attorney/Client Privilege, violation of client confidentiality, and All That Jazz?”
2) “Would a Doctor using the phone to communicate with their patients, their colleagues, etcetera be in violation of patient confidentiality laws (HIPAA and/or State-specific statutes)?"

My initial thoughts, based upon the Reasonable Man Doctrine, would logically dictate *NONE* of the above activities would be in violation in any case above, provided the professional was unaware of the issue; contrariwise, once they ARE aware of the issue, any/all of the above could be construed as violation(s) of confidentiality (attorney/client, HIPAA etcetera respectively).


He concurred.


Would that it were. To paraphrase a Great Philosopher (Meatwad): "It ain't."

Well, about the only people who would or could have reasonably known about this earlier would be either those who worked in the Telephony/CTI SW industry (e.g., developers at CIQ; personnel working for the carriers), or those with the wit and wherewithal -- to say nothing of the knowledge of cellular telephony, some *NIX knowledge, and the desire to dig into the guts of the 'smart' phones of today -- so I don't think one can reasonably blame the masses for not knowing about something which is, in point of fact, very arcane to the average non-technophile/non-hyper-literate phone user.

No: Caveat Emptor is all well & good, though it runs out of runway mighty quick when marketing technological devices to those who have no reasonable need to know everything about their operation; therefore, this is something which those hawking the warez (SIC intentional) to the unsuspecting masses SHOULD have been up-front about from the drop. They were not. Imagine my utter lack of surprise.

In summary, I would recommend that those people who are in the field of law, medicine or even those entrusted with safeguarding IP and/or proprietary/trade secrets of organizations, MAKE YOURSELF AWARE OF THE IMPLICATIONS. If possible, help educate those in the Medical/Legal fields as much as possible, as once they are AWARE of the issue, well...Kinda self explanatory, eh...?

Please note that none of what is said in this post should be taken to represent my endorsement of, legitimization of, or questioning of the appalling breaches of privacy CIQ et al give rise to and that the major carriers (e.g., AT&T, Verizon, Sprint, et al here in the States) have undoubtedly been exploiting for longer than most people are even aware. My point was to respond and share some (informal) legal information that might, hopefully, be of use to others.

Not to my knowledge, however, I'm not precisely Mister Current Affairs these days, and I believe there is already a Java-based anti-malware application for Android which does detect it (no idea if it truly, fully disables it, though – haven't checked). And CIQ isn't precisely the sort of thing RKHunter will flag, so, huh. With Java running on my N900, I wonder if it would be worth attempting to port whatever anti-malware stuff has been done on the Droid end, or if it'd be easier to start from scratch? I'll leave that to those more capable than myself.

~J

IIRC, there is at least one (1) Nokia phone is compatible with CIQ/already has it embedded...S60, perhaps...? Again, memory fades, so take that with an appropriate quantity of NaCl.

As an aside, I do not believe there was quite as much development work put out for Nokia phones by CIQ...Given Nokia's previous position among cellphone manufacturers, kinda stupid, IMNSHO...But whatever.

HTH,


~J

looks like its alot worse than the original article in this post. According to the following article it is recording everything in real time even information sent to a https site over personal wifi

http://www.theregister.co.uk/2011/11...ne_spying_app/

Maybe we should try to repeat his testing on the N9/950 (or even the N900). Hopefully it hasn't made its way on these devices.

According the Dutch site tweakers.net the malware is being detected primarily in the land of the brave and the free.

"Verizon Wireless" denies but domain names contradicting this have been found.
"Sprint" acknowledges saying the tool is absolutely required for network optimization.

Dutch phones, even the most suspected HTC models reportedly don't feature the tool.

http://tweakers.net/nieuws/78458/ned...r-spyware.html

Nokia Benelux' Jurgen Thysmans denies https://twitter.com/jurthys/statuses...56513542205440

Better get a Benelux N9 firmware from Navifirm?

Wow.. WTF??

No wonder I hated Android... I wonder if Apple is all caught up with this as well.. Seems like it's Droid mostly.
Apple just steals your info without the need of an outside company. They even tell you! haha..

I wonder if this is in nitroid

Not in cyanogenMod, so even if it is, it can be removed. I'm still in the dark thou. If this spyware collects and records everything does it mean it has an access to my SMS and numbers and whatever, or does it upload my infos somewhere too? Can it be remote-controlled by the carrier to search for patterns (like SMS about going to a demonstration?), can it remote-activate phone features (like turn on the GPS to everyone who said will be on said demonstration and has nice list of people that was there)? This sounds like a very dangerous tool in some less-than-democratic nations around the world... Maybe it is high time to start the mass-migration to TOR on mobiles too...

its a keylogger recording all button presses on the phone and sends those logs back to the carrier on regular intervals ...so far they there isnt anything showing that it is remote controllable. The carriers do have the ability to turn on gps, i know for a fact sprint does have this ability. Tor would be no help at all because the logging is done on the root level of the software.

This wouldn't be in actual community builds of Android, or straight-from-google Android source - so no, it won't be in NitDroid. Phones that do have it had it manually and at least in the case of HTC phones very intricately inserted by the manufacturer into the software. For example, HTC has tiny aspects of this software compiled into their version of the kernel, some part plugs in to the browser, etc. It's not built into Android OS itself.

At any rate, it's stuff like this that led me to making the Monitor Clock for the Advanced Clock Plugin. It reports outbound and inbound traffic as color-coded bars for the interfaces of wlan0, mon0, usb0, upnlink0, gprs0, phonet0, and bnetp0 (as well as the 'lo' interface, though that's not very useful in most cases) - I wished to use raw data from the actual hardware, but lack the knowhow to figure out how to detect that information, so instead I went with the interface packet counts.

Now if some program was spontaneously phoning home in the background I'd have at least some indication something was up, unless it managed to do so only during moments when I'm actively sending or receiving other data over the same interface. I really need to get around to packaging that up and stick it in the repos for the few people who'd want it.