backtop


Print 17 comment(s) - last by commonsense123.. on Dec 18 at 8:48 PM


  (Source: twobeatsapart.com)
Intergis makes GPS tracking/telemetry products

We've wondered why amateur Android devoloper Trevor Eckhart's commentary on his "discovery" of Carrier IQ was so seemingly one side and exagerrated.  Now we've found out something interesting -- he works for a tracking firm that is a potential rival to Carrier IQ.

Carrier IQ -- installed on over 140 million phones -- even in the worst case is hardly as bad as Mr. Eckhart, along with some members of the public and the media, made it out to be in their rush to lynch the telemetry firm.  In fact my own analysis of Carrier IQ -- which included both debug logging (as in Mr. Eckhart's research) and decompilation of the Carrier IQ Android applications on an HTC Corp. (TPE:2498) device (something Mr. Eckhart did not do) -- indicated that the worst things Carrier IQ distributions were doing were largely the result of poor coding and pratices from its carrier and OEM partners.

So what led Mr. Eckhart to fail to qualify that Carrier IQ was only keylogging inside one proprietary app on a handful of HTC phones, leading many members of the media and public to mistakenly think it was keylogging passwords inside web forms and third party applications?

Mr. Eckhart, by his own accounting, works as a "Systems Administor" at a Torrington, Connecticut firm called Intergis LLC.  He describes the work as "Computer Software Industry" functions:


Intergis makes tracking and telemetry products, remarkably similar to Carrier IQ, although currently targeting corporate users.  The company's product gives businesses a way to GPS tracking to secure their mobile device fleet or coordinate employee travel.
 
At the heart of Carrier IQ's application is the same functionality -- phone GPS tracking -- that allows carriers to assess and improve their network.  Thus while Mr. Eckhart's firm markets its app to business customers only, at this point, it would be almost trivial for it to add wireless signal and battery life gathering and create a Carrier IQ competitor for the consumer market.  And if his firm does that, they likely now realize how to escape observation -- by avoiding obviously named apps and egregious prints to the debugging screen.
 
The interesting thing is that if Carrier IQ gets the boot or gets sued out of existence, it will create a vacuum in terms of telemetry gathering in the consumer space.  As a company already deeply invested in tracking and telemetry solutions, that's just the kind of thing that could allow Intergis to get its talons on the consumer market.

We'll likely never know what the true motives are, but file this under "very interesting" in the ongoing Carrier IQ saga.

Sources: Trevor Eckhart, GISCafe



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I agree
By kleinma on 12/13/2011 3:51:56 PM , Rating: 5
I do agree that this whole thing has been a bit overblown, but when they asked the CEO at CIQ "Could you at CIQ read the information in someones SMS if you wanted to?" and his answer was "probably, yes".

So it still is a security concern for those who security/privacy matters to. Not saying they ARE reading messages and misuing information, but they certainly have the capabilities to. I don't see any reason why the contents of data transmissions would ever need to be packaged up and sent to them for telemetry data.




RE: I agree
By JasonMick (blog) on 12/13/2011 4:00:18 PM , Rating: 2
quote:
I do agree that this whole thing has been a bit overblown, but when they asked the CEO at CIQ "Could you at CIQ read the information in someones SMS if you wanted to?" and his answer was "probably, yes".

So it still is a security concern for those who security/privacy matters to. Not saying they ARE reading messages and misuing information, but they certainly have the capabilities to. I don't see any reason why the contents of data transmissions would ever need to be packaged up and sent to them for telemetry data.

Oh absolutely, but your carrier already has access to this info, be aware. I seem to recall being able to go on Verizon back in the day and retrieve/view text messages I sent from my mobile device somehow. Not sure how that worked, but it was there.

Anyhow, I agree privacy matters.

I also agree with you that there's a lot of interesting points here and discussion to be had regarding Carrier IQ and all parties involved.

I think the question of the potential conflict of interest on Mr. Eckhart's part is a compelling one that needs to be examined. I'm surprised none of the big media outlets who covered this vetted Mr. Eckhart's background while publishing his claims.

I only found one site even mentioning where he worked, and they didn't clarify it was a smartphone tracking company who targeted corporate users. They just mentioned it in passing with no context.


RE: I agree
By Cheesew1z69 on 12/13/2011 4:30:54 PM , Rating: 2
RE: I agree
By 91TTZ on 12/13/2011 4:59:45 PM , Rating: 1
Why would someone put the fact that they're an Eagle Scout on an IT resume?


RE: I agree
By tlbj6142 on 12/13/2011 5:43:10 PM , Rating: 2
I see this on resumes all the time. What's the deal? How is it any different than listing "semi-professional baseball player" on your resume? It is a talking point for the interviewer to ask non-work questions....


Classic "Shoot The Messenger"
By flash2011 on 12/13/2011 4:49:14 PM , Rating: 1
This is truly a new journalistic low.

As I said in another thread, first you attack Trevor by calling him a "novice" thus implying he didn't know what he was doing. Now he knows too much?

Your theory of competitive sabotage is "out there". No one else has picked up the story because your theory is just plain stupid. You have no evidence that Telogis has their own consumer phone spyware (corporations specifically want telemetry apps for their mobile devices). And even if they did have their own consumer spyware, by tarnishing Carrier IQ they would be shooting themselves in the foot. The whole mobile metrics industry will be tarnished by the Carrier IQ saga.

I don't understand your motivation here...other than to keep lowering journalistic standards in the quest for page views.




RE: Classic "Shoot The Messenger"
By JasonMick (blog) on 12/13/2011 5:32:55 PM , Rating: 1
quote:
As I said in another thread, first you attack Trevor by calling him a "novice" thus implying he didn't know what he was doing. Now he knows too much?

Trevor called himself a "beginning" developer in his early posts to the XDA forum and early articles. How is that an insult?

I'm a beginning developer too...
quote:
Your theory of competitive sabotage is "out there". No one else has picked up the story because your theory is just plain stupid. You have no evidence that Telogis has their own consumer phone spyware (corporations specifically want telemetry apps for their mobile devices). And even if they did have their own consumer spyware, by tarnishing Carrier IQ they would be shooting themselves in the foot. The whole mobile metrics industry will be tarnished by the Carrier IQ saga.

Did you not read the article? Intergis CURRENTLY MARKETS a smartphone tracking product could be trivially modified to act in a similar fashion to Carrier IQ. If you can get as far as Intergis has, it's not exactly rocket science to make these slight modifications to your Android app.

Your willful ignorance here is astounding.

Also -- Carrier IQ is not spyware. Get that through your head. It's a poorly implemented code installed by your device's administrator, which is the carrier and/or device maker. If you don't like it root your device to become the administrator. Then you can delete it and do whatever you want.


RE: Classic "Shoot The Messenger"
By ghost.image on 12/14/2011 9:00:38 PM , Rating: 2
I have to defend Jason here and Flash. Everyone is entitled to an opinion. What Jason states is fact. Conspiracy theories aside it is of interest and given the large number of class action law suites it will also be of interest to the courts and authorities if any action is taken.
Trevor may have been working as a developer on his own time and separate from his job, however the fact that he does work for a competing firm in the same space does raise questions. Like Jason stated it is putting it under the "very interesting" category.
I have also heard the phrase used where there is smoke there is fire by a lot of folks so take from it what you will.
I would also suggest checking out the latest release from Carrier IQ: http://www.carrieriq.com/company/PR.20111212.pdf
It is a nineteen page release with an in depth look on their software designed to answer much of the questions which have been raised. It is an interesting read. There are credits given to Trevor and Dan Rosenberg in the article.


By ghost.image on 12/14/2011 10:09:13 PM , Rating: 2
You will also note to Jason's comment on root software that in fact those questions are addressed in the document.
The fact the Google's CEO called it a keylogger is untrue.
To that end Carrier IQ met with the FCC and FTC today along with congressmen to address questions raised. They went on their own the the Feds to start their own inquiry! If you had something to hide you don't show up on the Fed's doorstep and request a meeting..
It is pretty unfounded.
I think we will see changes in the future, and my hope is that questions regarding carrier control over devices on their network is answered definitively.


RE: Classic "Shoot The Messenger"
By Jalek on 12/15/2011 7:14:10 PM , Rating: 2
All I need to know about Carrier IQ and their credibility is on their website. "When Carrier IQ's products are deployed, data gathering is done in a way where the end user is informed or involved."

Neither is true, why expect everything else to be?


Much Ado About Nothing
By rs1 on 12/13/2011 5:09:47 PM , Rating: 3
If I recall correctly, the original article made mention of this Trevor Eckhart person once, and off-handedly at that. There was nothing in there suggesting that he had much relevance to the story, not that he would be worth calling out over a conflict of interest.




RE: Much Ado About Nothing
By rs1 on 12/13/2011 5:31:14 PM , Rating: 2
That "not" should be a "nor". How is it possible there there is no "Edit" button here?


Overthinking it, Jason?
By Subzero0000 on 12/14/2011 2:03:00 AM , Rating: 2
Would you even consider the possibility that Trevor spot the CIQ issue simply because he is working in a "GPS tracking" company.
There could be nothing fishy about it, he just find it because it's his specialty.
If a person doesn't involve in that field, then it's unlikely to discover CIQ.
Just because he is working on a similar project, doesn't mean he cannot talk about what he found.

Anyway, look forward to see you show any doubt and lengthy investigation when "Apple" is in question.




RE: Overthinking it, Jason?
By ghost.image on 12/14/2011 10:04:53 PM , Rating: 2
It is entirely possible. His work might have nothing to do with where he works, however it is something that would be brought into court if it ever gets that far.
A court judge, or a federal investigation would bring Trevor under a micro scope out of due diligence. What the findings are is speculation of course.


Not buying this
By timmy42 on 12/15/2011 11:56:25 AM , Rating: 2
With all due respect, let me see if I follow your logic here, Daily Tech:

Trevor finds a hidden rootkit that has been running undetected on 150 million smartphones without end users' (or even some manufacturers like RIM) knowledge for years and, instead of keeping it quiet and allowing his company's product to sneak in undetected as well, he exposes it with the entire goal of pissing off the masses. He asks the people who watch his videos to donate to the EFF so that a well-funded legal team can take action to prevent such practices in the future since mobile device user rights have been the wild west for years, thereby allowing product manufacturers and carriers to log whatever end user data they want without legal precedent to prevent them from doing so. Ultimately an FBI investigation ensues, multiple lawsuits are filed, countless users are furious, and high-level United States Senators and Congressman (including Kennedy and Chaffetz) are now currently investigating and drafting legislation to prevent such practices from even occurring again - all a direct result from Trevor's expose.

- and your conclusion to all this is that Trevor must be involved in some secret corporate conspiracy and creating all this so that HIS company can swoop in a replicate the same very same practice that law firms, congress, the FBI, and end users are demanding go away forever?? Please...

I agree with the other user above: The reason nobody else has picked up your story is because it makes no sense. Also, do better homework next time. Integris no longer even exists, it is now owned by Telogis, a company that helps route shipping and deliveries - hardly the same thing as a rootkit that logs my phonepad keypresses every time I call my bank and am asked to enter my 16-digit account/card number at the prompt.

Occam's Razor applies here. Which is the more likely explanation: This is all some big conspiracy created by a company whose business has nothing to do with data mining users, or some computer nerd caught a secret app that illegally wiretaps and wants it removed from his phone.




RE: Not buying this
By ghost.image on 12/16/2011 1:00:07 AM , Rating: 2
Actually to set the record straight, the execs from Carrier IQ have met personally with Congressmen and the Feds. There is no official investigation although the execs requested an inquiry in order to clear the companies name and requested such meetings and transparency.
The main document released from a few days ago pretty much shoots holes all through Trevor's work. He did a shoddy job of QA if you ask me, and published his findings without any of it being substantiated from the XDA community.
It took a week for the security experts to de-compile the program and basically the consciousness from everyone is that Trevor was wrong. Not a little off but way off. None the less the damage has been done and no body cares what the truth is.


By commonsense1234 on 12/18/2011 8:48:28 PM , Rating: 2
you guys are silly. i used to work at intergis with trevor (until of course all of its assets were assumed by telogis a year ago).

telogis and intergis were competitors in the market we call MRM (mobile resource management). this is just software that helps business that deliver things (like soda, or medical supplies, or furniture) efficiently, to help save gas and hours etc.

they did have handheld software that utilizes gps tracking (as ALL MRM companies do - see UPS's MobileCast addon for their RoadNet software) but this is entirely different from carrier IQ's application. gps software for MRM is designed to acquire a gps fix on a standard interval, and plot it on a map so that dispatchers back at homebase can make sure their drivers aren't goofing off. another thing the software applications do is send the drivers a list of workorders so that the companies can "go green" and eliminate paper and whatnot.

MRM Software:
-tracks drivers' locations
-allows workorder transmitting
-the company that OWNS the truck/phone/employee PURPOSEFULLY installs it, understanding its capabilities

Carrier IQ:
-tracks and stores most user input
-harvests data from peripherals (gps points)
-is installed on our phones without us knowing, and without us understanding its capabilities.

as said above by another user, the only reason why trev found it is because he has worked with mobile device software. this is the only way these two situations are related.

i for one want it removed because it wastes a collosal amount of resources on my phone, and drains my battery. and even if it isn't outright transmitting the data it collects, i dont want someone else to figure out how to exploit it.

its basically the situation of why we don't leave dangerous objects of any kind laying around. they wont hurt you if no one touches them, but they can if they get into the wrong hands.




"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki