The EFF Partners with XDA Forum to Reverse Engineer Carrier IQ

Until this point, we have had some people pointing fingers at Carrier IQ, while some others defended it hoping it was not as bad as it was portrayed to be. Either way, the whole Carrier IQ fiasco was turning into a big drama with everyone blaming Carrier IQ without substantial proof.

Finally, someone has put together all the pieces in this puzzle and the picture is nasty, indeed! EFF’s deeplink blog has reported about their ongoing work with Carrier IQ and has posted about its architecture. They have also unraveled how Carrier IQ interacts across layers on a phone. Trevor Eckhart was the first to raise the alarm on Carrier IQ, and it grabbed everyone’s attention.

Apparently, what Carrier IQ is doing on your cellphone, might differ from what it is doing on your neighbor’s cellphone. It depends on a nifty “Profile”, that is set through the Carrier IQ command and control infrastructure remotely. However, if you have rooted or jailbroken your phone, these “Profiles” are exposed and they can be retrieved. This thread on the xda forum tells you how to go about it (only if you have a rooted or jailbroken phone).

The EFF claims progress in this matter, saying,

On casual inspection, Carrier IQ Profiles are a mixture of binary data and legible code (example). EFF volunteer Jered Wierzbicki reverse engineered the file format and has written a program for parsing it called IQIQ, which we are presenting for the first time here. The binary file format is WBXML with a custom DTD. The code in the Profiles is written in Forth (if you would like a quick reference on the language, this one is good).

Users of CyanogenMod will be particularly delighted at this point, because it does not have a place for rootkits like Carrier IQ.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at You can connect with him on Twitter @ckandroid.